Solved

Domain rename for server 2003, the procedure entry point cryptunprotectmemory error

Posted on 2014-11-01
6
359 Views
Last Modified: 2014-11-02
Hi,

I am trying to rename a domain in a single domain controller environment running server 2003. I have run all the commands with no errors until I get to fixing the GPO links:

gpfixup /olddns:tottenham.int /newdns:spurs.local /oldnb:tottenham /newnb:spurs /dc:dc01.spurs.local /user:administrator /pwd:password 2>1 > gpfixup.log

At that point from the control station, I get a cryptunprotectmemory.dll error

Everything looks fine in dns. The only issue I see is with group policy. It does not see the domain controller for the forest.

Any ideas?

Thanks.
0
Comment
Question by:Erik Mcfrazier
  • 3
  • 3
6 Comments
 
LVL 39

Expert Comment

by:footech
ID: 40418606
Are you using Server 2003 for the control station?
I notice in the gpfixup command that you are referencing dc01.spurs.local (i.e. the domain controller with the new domain name) - did you rename the domain controller by changing it's primary DNS suffix?  That doesn't happen automatically with the rendom commands.
0
 

Author Comment

by:Erik Mcfrazier
ID: 40418687
No. I don't have another 2003 server in the domain. I had to use an xp machine. I changed the primary suffix with netdom command.
0
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 40418702
Pretty sure it's a requirement to have the control station running the Server OS.  DLLs aren't always the same between workstation and server OSes.

From the documentation:
•      Control station: The computer to be used as the control station for the domain rename operation must be a member computer (not a domain controller) running Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, or Windows Server 2003 Datacenter Edition.

If you can't get your hands on a Server 2003, you could probably download an evaluation of Server 2008 R2.  I don't think you have to match up generations between the DCs and control station (though I always figured it was safest to do so).  When I renamed a domain which had 2008 R2 DCs, I used a 2008 R2 control station.  You have to install the remote administration feature for AD DS to get the rendom files installed (don't use the ones downloaded for 2003).  I can't remember clearly if gpfixup comes with it (fairly sure it does) or if you use the downloaded tool.  Just type gpfixup /? at a command prompt to see if it is available (it will be in the system path) before trying to use the downloaded version.
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 

Author Comment

by:Erik Mcfrazier
ID: 40418729
I did see that in the documentation, but I also saw an example that just said it just needed to be a domain member. I do have a 2008 server, but didn't see any instructions to do it from a 2008 server. So, do you think I can just continue the process from the 2008 server?
0
 
LVL 39

Expert Comment

by:footech
ID: 40418772
I would think so.  I've actually finished up a domain rename started with 2003 servers with a 2008 R2 server (just running the rendom /clean command).  However, beyond that I don't have any evidence to point to.
0
 

Author Comment

by:Erik Mcfrazier
ID: 40418783
So, installed AD DS feature, ran gpfix up successfully! All is good. Thanks for your help.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article explains the protocols and technology which is involved when two computers on different TCP/IP networks communicate with each other. In the diagram, a router is used to segregate two networks. The networks are 192.168.1.0/24 and 192…
Creating an OSPF network that automatically (dynamically) reroutes network traffic over other connections to prevent network downtime.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

919 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now