Jump to content

Recommended Posts

  • ExTS Admin
Posted

Dear All,

 

I came across an unusual situation and count on your help since I cannot resolve it.

 

Scenario: Domain network with W2012R2 server as a DC, a spare DC and several other servers both virtual and physical. Several dozen workstations.

 

One of the workstations (W7pro-64) got a failure with cyclic BSOD. Disks C:,D: and SYSTEM_DRV were restored from the 24-hour-old backup. "Preserve domain trust token on target drive" option is checked, though I do not know if it's correct. Anyway

I see no way change this.

 

After that the trust relationship was with the domain was broken with the following symptoms:

 

1. Login not possible with network cable plugged. The system refused to recognize any domain users.

 

2. RDP connections to the workstation fail.

 

3. Impossible to connect to MS Exchange.

 

Additional information:

 

Domain Member

 

PolicySettingWinning GPODomain member: Maximum machine account password age 999 days Default Domain Policy

 

What I tried:

 

1. Nltest query

 

C:\>nltest /query

 

Flags: 0

 

Connection Status = 1786 0x6fa ERROR_NO_TRUST_LSA_SECRET

 

The command completed successfully

 

2. Nltest reset

 

C:\>nltest /sc_reset:

 

I_NetLogonControl failed: Status = 1786 0x6fa ERROR_NO_TRUST_LSA_SECRET

 

3. Netdom reset

 

Also no luck - access denied.

 

4. Netsh

 

netsh winsock reset

 

netsh int ip reset

 

and attempt to join the domain with the wizard. No luck.

 

5. Multiple attempts to unjoin the domain.

 

Every possible combination. Under domain users with administrative rights, under enabled local admin account. With network cable plugged and unplugged. The result is the same - ACCESS DENIED.

 

6. wmic

 

start /B /W wmic.exe /interactiveSmiley Surprisedff ComputerSystem Where "Name='%computername%'" Call UnJoinDomainOrWorkgroup FUnjoinOptions=0

 

No result at all.

 

7. POwershell cmdlet

 

Reset-ComputerMachinePassword

 

Reset-ComputerMachinePassword -Server "DC01" -Credential Domain01\Admin01

 

Also leads to access denied error

 

 

 

 

 

All the methods I tried have one symptom in common - access is denied.

 

I think that there is some fundamental problem in recovery.

 

Please, advise how to resolve the problem.

 

 

More...

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...