Robert Kittleberger
asked on
SBS 2011 - Can't Access DNS - Errors 4000 and 4015 - Lost trust with Active Directory
On SBS 2011, I'm not able to connect to the DNS Server and getting the "Access was denied. Would you like to add it anyway?" message. I'm also seeing errors 4000 and (mostly) 4015 in the DNS event logs.
I've already tried running netdom pswreset, which executed successfully but have didn't solve the issue.
I've also tried seizing FSMO roles (which also completely successfully) but to no avail. It looks as though DNS and Active Directory have lost trust with one another, but I'm running out of troubleshooting ideas. Let me know if there's additional information that I can provide.
I've already tried running netdom pswreset, which executed successfully but have didn't solve the issue.
I've also tried seizing FSMO roles (which also completely successfully) but to no avail. It looks as though DNS and Active Directory have lost trust with one another, but I'm running out of troubleshooting ideas. Let me know if there's additional information that I can provide.
DrDave242
What are the exact steps that you followed when you ran the netdom command? This sounds an awful lot like a broken secure channel.
ASKER
Thanks for answering, Dave.
In an elevated command prompt I typed the following:
NETDOM RESETPWD /Server: (DC's ip address)
/UserD:user /PasswordD:[password | *]
[/SecurePasswordPrompt]
I used the IP address since we only have one DC. The command executed successfully and then I rebooted. Same results.
In an elevated command prompt I typed the following:
NETDOM RESETPWD /Server: (DC's ip address)
/UserD:user /PasswordD:[password | *]
[/SecurePasswordPrompt]
I used the IP address since we only have one DC. The command executed successfully and then I rebooted. Same results.
See if you can stop the Kerberos Key Distribution Service on that server, then run the klist purge command to get rid of existing Kerberos tickets. If that completes with no trouble, run the netdom resetpwd command again. Assuming it also completes successfully, reboot the server and check its status when it comes back up.
ASKER
I forgot to mention, I did disable the KDS service before running netdom resetpwd. But I didn't run klist purge. I'll go ahead and try that after hours and let you know how it goes.
ASKER
Now when I run netdom resetpwd again it's saying the command failed to complete successfully.
Can you post a screenshot of the command prompt showing the command and the error?
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.