system state recover did not help!!

[victor]

Hello!!

I had a hardware related problem on my domain controller. So, I had to
reinstall the operating system & is trying to restore the active directory.
Environment is mixed. Domain controller is Windows 2000 advanced server &
the member server(running DNS, Webserver & exchange 5.5) is on Windows NT
operating system. I had a good 'system state' back up of Windows 2000 domain
controller. I restored the system state & everything seemed fine. Now, here
is the problem. Though the computer accounts for DNS, Webserver & exchange
5.5 server machine got created successfully from the system state restore,
when i tried to login from DNS, Webserver or exchange 5.5 server, a message
gets displayed, saying 'can not find the machine account for this computer
in primary domain controller'. Following error machine gets logged in the
event log of Windows NT member servers.
"Failed to autenticate with \\domain controller , a Windows NT domain
controller for domain mydomain.com" Event ID # 3210.

Following error machine gets logged in the event log of the domain
controller.

"The system setup from the computer xx failed to authenticate. The name of
the account referenced in the security database is xx$. The following error
occured.

Access is denied

Event ID # 5722

I tried using resetting the account & using NETDOM as menetioned on
Microsoft knowledge base. But did not help. I do not want to recreate these
machine accounts in active directory since i will have reinstall exchange
5.5 & recover the mailboxes...

Please help

 

[Tom Ausburne]

The Netdom command resets the secure channel password but reseting
the machine account in Active Directory Users and Computers actually
resets the machine account. Resetting a computer account breaks that
computer's connection to the domain and requires it to rejoin the
domain.

NOTE: This will prevent an established computer from connecting to
the domain and should only be used for a computer that has just been
rebuilt.

So if you have reset the machine account using Active Directory Users
and Computers you have no choice but to rejoin them to the domain.


Tom Ausburne (MSFT)
Windows 2000 Directory Services
This posting is provided "AS IS" with no warranties, and confers no
rights.

 

[news.microsft.com]

Tom,

Thanks for the reply. I have a good system state backup, but it seems to be
useless now since none of the member servers can login to the domain. I can
see all the computer accounts in domain controller's active directory after
the system state restore. But if all accounts needs to be reset, then what
is the use of system state back up? I tried using the netdom command, but
did not help. I am mainly concerned about Exchange 5.5 server on the
network. Since its restored account in domain controller is not valid, the
mail server is not functioning... If I reset its account, the exchange
database will not recognize the new account, & I will have to reinstall
Exchnage 5.5 with no other option. What shall i do, so that the restored
computer account in domain controller (through system state restore)
recognizes these computer accounts?

Thanks
Victor

 

[Tom Ausburne]

You can try to do the System State restore one more time and see if
you can then use Netdom to reset the secure channel password.
Normally if nothing else has been changed, a System State restore
will put the domain back to where it was when the backup was done.
Some machines may have renewed their secure channel passwords but
using Netdom should fix that. If this does not work then there may
be something else going on.


Tom Ausburne (MSFT)
Windows 2000 Directory Services
This posting is provided "AS IS" with no warranties, and confers no
rights.

 

[news.microsft.com]

Thanks. Should I have to run the Netdom command on the domain controller or
on the memeber server? I have Windows 2000 advanced server as the domain
controller & all the Member servers are Windows NT...

 

[Diana Smith [MSFT]]

Hello Victor,

The 3210, means that the secure channel has been broken. Please walk
through the steps in this article to reset the machine account.

260575 HOW TO: Use Netdom.exe to Reset Machine Account Passwords of a
Windows
http://support.microsoft.com/?id=260575

PS. If you get an error, please let me know what the exact error is.

Thanks, Victor.

Diana.