Domain rename for server 2003, the procedure entry point cryptunprotectmemory error


I am trying to rename a domain in a single domain controller environment running server 2003. I have run all the commands with no errors until I get to fixing the GPO links:

gpfixup / /newdns:spurs.local /oldnb:tottenham /newnb:spurs /dc:dc01.spurs.local /user:administrator /pwd:password 2>1 > gpfixup.log

At that point from the control station, I get a cryptunprotectmemory.dll error

Everything looks fine in dns. The only issue I see is with group policy. It does not see the domain controller for the forest.

Any ideas?

Erik McfrazierOwner - TechnicianAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Are you using Server 2003 for the control station?
I notice in the gpfixup command that you are referencing dc01.spurs.local (i.e. the domain controller with the new domain name) - did you rename the domain controller by changing it's primary DNS suffix?  That doesn't happen automatically with the rendom commands.
Erik McfrazierOwner - TechnicianAuthor Commented:
No. I don't have another 2003 server in the domain. I had to use an xp machine. I changed the primary suffix with netdom command.
Pretty sure it's a requirement to have the control station running the Server OS.  DLLs aren't always the same between workstation and server OSes.

From the documentation:
•      Control station: The computer to be used as the control station for the domain rename operation must be a member computer (not a domain controller) running Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, or Windows Server 2003 Datacenter Edition.

If you can't get your hands on a Server 2003, you could probably download an evaluation of Server 2008 R2.  I don't think you have to match up generations between the DCs and control station (though I always figured it was safest to do so).  When I renamed a domain which had 2008 R2 DCs, I used a 2008 R2 control station.  You have to install the remote administration feature for AD DS to get the rendom files installed (don't use the ones downloaded for 2003).  I can't remember clearly if gpfixup comes with it (fairly sure it does) or if you use the downloaded tool.  Just type gpfixup /? at a command prompt to see if it is available (it will be in the system path) before trying to use the downloaded version.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Erik McfrazierOwner - TechnicianAuthor Commented:
I did see that in the documentation, but I also saw an example that just said it just needed to be a domain member. I do have a 2008 server, but didn't see any instructions to do it from a 2008 server. So, do you think I can just continue the process from the 2008 server?
I would think so.  I've actually finished up a domain rename started with 2003 servers with a 2008 R2 server (just running the rendom /clean command).  However, beyond that I don't have any evidence to point to.
Erik McfrazierOwner - TechnicianAuthor Commented:
So, installed AD DS feature, ran gpfix up successfully! All is good. Thanks for your help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.