Administrator Password problems

[Sid]

Two DC's Running W2k server with SP4

Recently changed the administrator password on the server
which seemed to cause no end of problems. Domain
syncronisation was lost. And after a day I would have to
log out of the server and log in with a different username
to reset the Administrator password, because I was unable
to view any of the AD tools. And I would get the Event
ID:1000 UserEnv error in the event logs. At was as if the
two servers became seperate.

Have since reset the password back to the origional one
and all is working fine again. Hope this all makes sense
never very good at explaining thing like this.

Question: Is there anywhere else i.e "Services" I have to
change the Administrator password as well as in AD.


Thanks.

 

[diasmith [MSFT]]

Hello,

No, you should only have to change the password in one location.

It appears that you are having replication issues.

What is the exact text of the userenv 1000 error?

Thank You.

Diana.

(e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Sid]

Message is as follows:

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1000
Date: 03/11/2003
Time: 22:50:20
User: NT AUTHORITY\SYSTEM
Computer: <servername>
Description:
Windows cannot determine the user or computer name. Return
value (1326).

I have looked up this error and it only mentions solutions
for PC's, not for servers which really worries me. I just
don't understand why this haopoens when I change the
password and why it fixes it's self when I change it back.

Makes me think I have done something wrong far back down
the line when I brought in the second server. I am
thinking of just starting over, but I like my weekends too
much to go there yet.

Thank you for your help.

 

[diasmith [MSFT]]

Good Morning Sid,

It appears that the secure channel on this machine is broken, that's why
the passwords are not getting updated on this machine.

Please follow the steps in this article to reset the secure channel to see
if your problem go away:
288167 Error Message ("Target Principal Name is Incorrect") When Manually
http://support.microsoft.com/?id=288167

On domain controller that is experiencing this issue, disable the Kerberos
Key Distribution Center service (KDC). To do so:


1. Click Start, point to Programs, click Administrative Tools, and then
click Services.

2. Double-click KDC, set the startup type to Disabled, and then restart the
computer.

After the computer restarts, use the Netdom utility to reset the secure
channels between these domain controllers and the PDC Emulator operations
master role holder. To do so, run the following command from the domain
controllers other than the PDC Emulator operations master role holder:

"netdom resetpwd /server:<server_name> /userd:<domain_name>\administrator
/passwordd:<administrator_password>" (without the quotation marks)

Where <server_name> is the name of the server that is the PDC Emulator
operations master role holder.

NOTE: If the server with the problem is the PDC, than select the other
server.

Thank You.

Diana.

(e-mail address removed)

This posting is provided "AS IS" with no warranties, and confers no rights.

 

[Guest]

Many thanks for the reply. I will give that a try over
the weekend and let you know the out come.


Kind Regards,

Sid.