Domain rename for server 2003, the procedure entry point cryptunprotectmemory error

Posted on 2014-11-01
Last Modified: 2014-11-02

I am trying to rename a domain in a single domain controller environment running server 2003. I have run all the commands with no errors until I get to fixing the GPO links:

gpfixup / /newdns:spurs.local /oldnb:tottenham /newnb:spurs /dc:dc01.spurs.local /user:administrator /pwd:password 2>1 > gpfixup.log

At that point from the control station, I get a cryptunprotectmemory.dll error

Everything looks fine in dns. The only issue I see is with group policy. It does not see the domain controller for the forest.

Any ideas?

Question by:Erik Mcfrazier
  • 3
  • 3
LVL 39

Expert Comment

ID: 40418606
Are you using Server 2003 for the control station?
I notice in the gpfixup command that you are referencing dc01.spurs.local (i.e. the domain controller with the new domain name) - did you rename the domain controller by changing it's primary DNS suffix?  That doesn't happen automatically with the rendom commands.

Author Comment

by:Erik Mcfrazier
ID: 40418687
No. I don't have another 2003 server in the domain. I had to use an xp machine. I changed the primary suffix with netdom command.
LVL 39

Accepted Solution

footech earned 500 total points
ID: 40418702
Pretty sure it's a requirement to have the control station running the Server OS.  DLLs aren't always the same between workstation and server OSes.

From the documentation:
•      Control station: The computer to be used as the control station for the domain rename operation must be a member computer (not a domain controller) running Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, or Windows Server 2003 Datacenter Edition.

If you can't get your hands on a Server 2003, you could probably download an evaluation of Server 2008 R2.  I don't think you have to match up generations between the DCs and control station (though I always figured it was safest to do so).  When I renamed a domain which had 2008 R2 DCs, I used a 2008 R2 control station.  You have to install the remote administration feature for AD DS to get the rendom files installed (don't use the ones downloaded for 2003).  I can't remember clearly if gpfixup comes with it (fairly sure it does) or if you use the downloaded tool.  Just type gpfixup /? at a command prompt to see if it is available (it will be in the system path) before trying to use the downloaded version.
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  


Author Comment

by:Erik Mcfrazier
ID: 40418729
I did see that in the documentation, but I also saw an example that just said it just needed to be a domain member. I do have a 2008 server, but didn't see any instructions to do it from a 2008 server. So, do you think I can just continue the process from the 2008 server?
LVL 39

Expert Comment

ID: 40418772
I would think so.  I've actually finished up a domain rename started with 2003 servers with a 2008 R2 server (just running the rendom /clean command).  However, beyond that I don't have any evidence to point to.

Author Comment

by:Erik Mcfrazier
ID: 40418783
So, installed AD DS feature, ran gpfix up successfully! All is good. Thanks for your help.

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DHCP DNS Set up 4 75
SBS Server 2011 does not recognize a PC as being Online 8 50
DNS Server 7 26
This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question