Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 124
  • Last Modified:

can not log on as domain administrator on DC (2008r2) or any other user

Hello all

i have a Dell T610 that is playing up, over the Christmas break, the server was restarted but hung at a screen prompt (drac card had failed - this has since been replace by dell)

when the machine came back online, i have been unable to log onto it both through an RDP (no available rdp license servers available supposedly...) an trying log on direct as domain administrator, it states

"The security database on the server does no have a computer account for this workstation trust relationship"

any ideas???

i need the data off the server, but then it can be flattened!

thanks







an attempt was made to logon but the network service was not started
0
mudcow007
Asked:
mudcow007
1 Solution
 
kola12Commented:
Can You log in safe mode on lacal admin account?
0
 
mudcow007Author Commented:
I just tried safe mode with networking, as the windows log on screen came up, i pressed ctrl alt delete an the machine restarted...grr

i will try just "normal" safe mode an come back to you
0
 
mudcow007Author Commented:
selected safe mode, machine started to load all the files, screen goes blank an it restarts

not looking good
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
VB ITSSpecialist ConsultantCommented:
Do you know your DSRM password? If so, I'd log in and check if your DC has a duplicate SPN as this is a known cause of the error message:

- Reboot the server in Directory Services Restore Mode by tapping your F8 key at startup and choosing Directory Services Restore Mode from the list
- Log in with your DSRM password
- Open an elevated Command Prompt
- Type in setspn -x to list any duplicate
- If you find a duplicate entry in the list, use setspn -d command to get rid of it

See this article for more info: http://support.microsoft.com/kb/2015518
0
 
mudcow007Author Commented:
right, looking a bit more positive!

tried VB ITS's comment

pressed F8 to Directory Restore Mode, get a windows login, logged in as local admin (which hasnt worked up til this point)

right clicked cmd "run as administrator" typed setspn -x and got

Ldap Error(0x51 --Server Down): ladap _connect
failed to retrieve DN for domain "" : 0x00000051
Warning: No valid targets specified, reverting to current domain.
Ldap Error(0x51 -- Server Down) : ldap_connect

Open in new window

0
 
VB ITSSpecialist ConsultantCommented:
Check the Event Logs - any errors/warnings in there related to AD? If you do find any errors/warnings, please post them here.
0
 
DrDave242Commented:
i need the data off the server, but then it can be flattened!
If you're just looking to copy data off of the server before wiping it, this would be a great time to do so. I'm not sure I'd even worry about recovering it; just wipe, do a metadata cleanup, and reload.
0
 
VB ITSSpecialist ConsultantCommented:
Good point DrDave242, didn't see that bit in the original question.

@mudcow007: now that you can get into Windows, it may be easier to copy the files you need to an external USB drive then blow away the server.

You can follow the steps in this guide if you want go to down this path: http://www.chaseoriginal.com/techcell/technotes/clean-up-active-directory-domain-controller-manually/
0
 
mudcow007Author Commented:
link was great cheers VB
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now