Re: oops there goes my Domain controller

Tech-Archive recommends: Fix windows errors by optimizing your registry

"flyfishing" <flyfishing@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:83C3DD8B-A17C-4995-80B3-7FF4408B8F51@xxxxxxxxxxxxxxxx
! the following error occured during the attemp to syncronize naming
context
wc.com from domain controller wespac to domain controller wddc01: logon
failure: the target account name is incorrect.

this operation will not continue.

do i need to run dcpromo again?

No, it's already a DC. The only option if you run dcpromo is to demote it,
but that may not even work considering the message you are receiving.

The message indicate the security channel is broken. How did it break? Good
question, numerous things can contribute to this from DNS being
misconfigured on the DCs, to firewalls, the DHCP CLient (not Server) Service
being disabled, using your ISP's DNS, your router as a DNS server, the DC
being multihomed, etc. That was why I asked for an ipconfig /all, but I
understand if you are reluctant to post it. It would have been helpful for
us, and besides, the IPs are private, and you can change the internal domain
name (company.com to domain.com), so an attacker can't get into it anyway.

Well, since the security channel is busted, let's try to reset it with
netdom -

How to use Netdom.exe to reset machine account passwords of a Windows Server
2003 domain controller
http://support.microsoft.com/kb/325850/en-us

To reset the account secure channel password for Windows 2000:
Description of Netdom.exe Syntax and Versions
http://support.microsoft.com/?id=329721

If that doesn't work, then you will need to run dcpromo /forceremoval
switch, and possibly a Metadata Cleanup of AD before you can repromote it
back in.

But the ipconfigs would have been helpful.

Ace









.

Relevant Pages

  • Re: I hate IIS - "Server Application Unavailable" error message
    ... this is on a Win2003 Server. ... complaints or warnings installing IIS for me. ... as the SYSTEM account on a domain controller, although I would encrypt the section. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Unable To Add DC
    ... I have reloaded it with 2003 server again and given ... I have gone into active directory users and computers then ... it still had the old domain controller in there, ... account SERVERNAME$ to a domain controller ...
    (microsoft.public.windows.server.active_directory)
  • Re: I hate IIS - "Server Application Unavailable" error message
    ... Open the IIS Manager and, in the properties for the "Default Web Site" ... How To: Create a Service Account for an ASP.NET 2.0 Application: ... This is a server that sits in the basement. ... problem is you now leave a big hole into your domain controller. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: AD
    ... to run dcpromo to make it a member server, ... since the Domain Controller was not ... >> reset it's account but I was unable to it. ...
    (microsoft.public.win2000.active_directory)
  • Re: oops there goes my Domain controller
    ... There is no need to know the "local" admin password, on a DC it is the administrator password for "Active directory restore mode" which can be reset with "Setpwd" in 2000: ... wc.com from domain controller wespac to domain controller wddc01: ... numerous things can contribute to this from DNS ... Server) Service being disabled, using your ISP's DNS, your router as ...
    (microsoft.public.windows.server.active_directory)