?
Solved

Domain rename for server 2003, the procedure entry point cryptunprotectmemory error

Posted on 2014-11-01
6
Medium Priority
?
379 Views
Last Modified: 2014-11-02
Hi,

I am trying to rename a domain in a single domain controller environment running server 2003. I have run all the commands with no errors until I get to fixing the GPO links:

gpfixup /olddns:tottenham.int /newdns:spurs.local /oldnb:tottenham /newnb:spurs /dc:dc01.spurs.local /user:administrator /pwd:password 2>1 > gpfixup.log

At that point from the control station, I get a cryptunprotectmemory.dll error

Everything looks fine in dns. The only issue I see is with group policy. It does not see the domain controller for the forest.

Any ideas?

Thanks.
0
Comment
Question by:Erik Mcfrazier
  • 3
  • 3
6 Comments
 
LVL 41

Expert Comment

by:footech
ID: 40418606
Are you using Server 2003 for the control station?
I notice in the gpfixup command that you are referencing dc01.spurs.local (i.e. the domain controller with the new domain name) - did you rename the domain controller by changing it's primary DNS suffix?  That doesn't happen automatically with the rendom commands.
0
 

Author Comment

by:Erik Mcfrazier
ID: 40418687
No. I don't have another 2003 server in the domain. I had to use an xp machine. I changed the primary suffix with netdom command.
0
 
LVL 41

Accepted Solution

by:
footech earned 2000 total points
ID: 40418702
Pretty sure it's a requirement to have the control station running the Server OS.  DLLs aren't always the same between workstation and server OSes.

From the documentation:
•      Control station: The computer to be used as the control station for the domain rename operation must be a member computer (not a domain controller) running Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, or Windows Server 2003 Datacenter Edition.

If you can't get your hands on a Server 2003, you could probably download an evaluation of Server 2008 R2.  I don't think you have to match up generations between the DCs and control station (though I always figured it was safest to do so).  When I renamed a domain which had 2008 R2 DCs, I used a 2008 R2 control station.  You have to install the remote administration feature for AD DS to get the rendom files installed (don't use the ones downloaded for 2003).  I can't remember clearly if gpfixup comes with it (fairly sure it does) or if you use the downloaded tool.  Just type gpfixup /? at a command prompt to see if it is available (it will be in the system path) before trying to use the downloaded version.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 

Author Comment

by:Erik Mcfrazier
ID: 40418729
I did see that in the documentation, but I also saw an example that just said it just needed to be a domain member. I do have a 2008 server, but didn't see any instructions to do it from a 2008 server. So, do you think I can just continue the process from the 2008 server?
0
 
LVL 41

Expert Comment

by:footech
ID: 40418772
I would think so.  I've actually finished up a domain rename started with 2003 servers with a 2008 R2 server (just running the rendom /clean command).  However, beyond that I don't have any evidence to point to.
0
 

Author Comment

by:Erik Mcfrazier
ID: 40418783
So, installed AD DS feature, ran gpfix up successfully! All is good. Thanks for your help.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Suggested Courses
Course of the Month12 days, 17 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question