Solved

can not log on as domain administrator on DC (2008r2) or any other user

Posted on 2015-01-20
9
103 Views
Last Modified: 2016-11-23
Hello all

i have a Dell T610 that is playing up, over the Christmas break, the server was restarted but hung at a screen prompt (drac card had failed - this has since been replace by dell)

when the machine came back online, i have been unable to log onto it both through an RDP (no available rdp license servers available supposedly...) an trying log on direct as domain administrator, it states

"The security database on the server does no have a computer account for this workstation trust relationship"

any ideas???

i need the data off the server, but then it can be flattened!

thanks







an attempt was made to logon but the network service was not started
0
Comment
Question by:mudcow007
9 Comments
 
LVL 3

Expert Comment

by:kola12
ID: 40559385
Can You log in safe mode on lacal admin account?
0
 

Author Comment

by:mudcow007
ID: 40559430
I just tried safe mode with networking, as the windows log on screen came up, i pressed ctrl alt delete an the machine restarted...grr

i will try just "normal" safe mode an come back to you
0
 

Author Comment

by:mudcow007
ID: 40559437
selected safe mode, machine started to load all the files, screen goes blank an it restarts

not looking good
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
LVL 24

Expert Comment

by:VB ITS
ID: 40559684
Do you know your DSRM password? If so, I'd log in and check if your DC has a duplicate SPN as this is a known cause of the error message:

- Reboot the server in Directory Services Restore Mode by tapping your F8 key at startup and choosing Directory Services Restore Mode from the list
- Log in with your DSRM password
- Open an elevated Command Prompt
- Type in setspn -x to list any duplicate
- If you find a duplicate entry in the list, use setspn -d command to get rid of it

See this article for more info: http://support.microsoft.com/kb/2015518
0
 

Author Comment

by:mudcow007
ID: 40561626
right, looking a bit more positive!

tried VB ITS's comment

pressed F8 to Directory Restore Mode, get a windows login, logged in as local admin (which hasnt worked up til this point)

right clicked cmd "run as administrator" typed setspn -x and got

Ldap Error(0x51 --Server Down): ladap _connect
failed to retrieve DN for domain "" : 0x00000051
Warning: No valid targets specified, reverting to current domain.
Ldap Error(0x51 -- Server Down) : ldap_connect

Open in new window

0
 
LVL 24

Expert Comment

by:VB ITS
ID: 40561740
Check the Event Logs - any errors/warnings in there related to AD? If you do find any errors/warnings, please post them here.
0
 
LVL 26

Expert Comment

by:DrDave242
ID: 40563453
i need the data off the server, but then it can be flattened!
If you're just looking to copy data off of the server before wiping it, this would be a great time to do so. I'm not sure I'd even worry about recovering it; just wipe, do a metadata cleanup, and reload.
0
 
LVL 24

Accepted Solution

by:
VB ITS earned 500 total points
ID: 40563619
Good point DrDave242, didn't see that bit in the original question.

@mudcow007: now that you can get into Windows, it may be easier to copy the files you need to an external USB drive then blow away the server.

You can follow the steps in this guide if you want go to down this path: http://www.chaseoriginal.com/techcell/technotes/clean-up-active-directory-domain-controller-manually/
0
 

Author Closing Comment

by:mudcow007
ID: 40672993
link was great cheers VB
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question