Domain rename for server 2003, the procedure entry point cryptunprotectmemory error

Posted on 2014-11-01
Last Modified: 2014-11-02

I am trying to rename a domain in a single domain controller environment running server 2003. I have run all the commands with no errors until I get to fixing the GPO links:

gpfixup / /newdns:spurs.local /oldnb:tottenham /newnb:spurs /dc:dc01.spurs.local /user:administrator /pwd:password 2>1 > gpfixup.log

At that point from the control station, I get a cryptunprotectmemory.dll error

Everything looks fine in dns. The only issue I see is with group policy. It does not see the domain controller for the forest.

Any ideas?

Question by:Erik Mcfrazier
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
LVL 40

Expert Comment

ID: 40418606
Are you using Server 2003 for the control station?
I notice in the gpfixup command that you are referencing dc01.spurs.local (i.e. the domain controller with the new domain name) - did you rename the domain controller by changing it's primary DNS suffix?  That doesn't happen automatically with the rendom commands.

Author Comment

by:Erik Mcfrazier
ID: 40418687
No. I don't have another 2003 server in the domain. I had to use an xp machine. I changed the primary suffix with netdom command.
LVL 40

Accepted Solution

footech earned 500 total points
ID: 40418702
Pretty sure it's a requirement to have the control station running the Server OS.  DLLs aren't always the same between workstation and server OSes.

From the documentation:
•      Control station: The computer to be used as the control station for the domain rename operation must be a member computer (not a domain controller) running Windows Server 2003 Standard Edition, Windows Server 2003 Enterprise Edition, or Windows Server 2003 Datacenter Edition.

If you can't get your hands on a Server 2003, you could probably download an evaluation of Server 2008 R2.  I don't think you have to match up generations between the DCs and control station (though I always figured it was safest to do so).  When I renamed a domain which had 2008 R2 DCs, I used a 2008 R2 control station.  You have to install the remote administration feature for AD DS to get the rendom files installed (don't use the ones downloaded for 2003).  I can't remember clearly if gpfixup comes with it (fairly sure it does) or if you use the downloaded tool.  Just type gpfixup /? at a command prompt to see if it is available (it will be in the system path) before trying to use the downloaded version.
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.


Author Comment

by:Erik Mcfrazier
ID: 40418729
I did see that in the documentation, but I also saw an example that just said it just needed to be a domain member. I do have a 2008 server, but didn't see any instructions to do it from a 2008 server. So, do you think I can just continue the process from the 2008 server?
LVL 40

Expert Comment

ID: 40418772
I would think so.  I've actually finished up a domain rename started with 2003 servers with a 2008 R2 server (just running the rendom /clean command).  However, beyond that I don't have any evidence to point to.

Author Comment

by:Erik Mcfrazier
ID: 40418783
So, installed AD DS feature, ran gpfix up successfully! All is good. Thanks for your help.

Featured Post

Creating Instructional Tutorials  

For Any Use & On Any Platform

Contextual Guidance at the moment of need helps your employees/users adopt software o& achieve even the most complex tasks instantly. Boost knowledge retention, software adoption & employee engagement with easy solution.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Viewers will learn how to properly install and use Secure Shell (SSH) to work on projects or homework remotely. Download Secure Shell: Follow basic installation instructions: Open Secure Shell and use "Quick Connect" to enter credentials includi…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

695 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question