Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations wOOdy-Soft on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

cannot re-establish trust relationiship on w2k server

Status
Not open for further replies.
Bearf

Bearf

MIS
Mar 2, 2004
3
CA
Hi All,
I'll apologize first for this Long description.....I'm running w2k server sp4 on a single DC with DNS & DHCP. (ABC.com). Unfortunately the system hard drive failed (and of course I didn't have a backup....hmmm..... guess who just learned a valuable lesson?). I've since re-installed the O/S on a replacement drive but I'm having a heck of a time trying to re-establish the "Trust Relationship" between the server and 5 wrkstns (3 x "win2k and 2 x "xp pro").
I managed to get one trust back but I had to change it to a workgroup (on the workstation) reboot and then re-join the domain...but that was no fun cause I had to re-create all of my profiles on that wkstn.

I've tried the following according to Microsoft and numerous threads:
Netdom reset "bear-station" /domain:abc.com etc.
(comes up with "There are currently no logon servers available to service the logon request.")

nltest /sc_reset:abc.com
(comes up with "I_NetLogonControl failed: Status = 1311 0x51f ERROR_NO_LOGON_SERVERS"

I typed in "set" from a cmd prompt on a wkstn and noticed that the LOGONSERVER="\\bear-station" instead of the name of the DC (\\server).

I can ping the server from the workstation and vice versa and nslookup resolves to the correct ip addresses.

I "think" my DNS is set up fine.
I have the server pointing to itself 192.168.2.10 and the forwarders within the DNS properties are pointing to 2 x outside DNS IP's.
I have an outside company hosting my domain webpage so my primary zone has an "A" record "www" pointing directly to the IP address. (atleast I think it's the primary... it's the only zone under the "forward lookup zone")

my zones are "AD integrated" and they are set for "yes" on "dynamic updates".

The workstation DNS's are all pointing to my DNS server (192.168.2.10)

Netdiag produced the following error.
Trust relationship test. . . . . . : Failed
Your DomainSid is not the DomainSid of the domain 'ABC'.
Leave the domain and rejoin it.

and this error:

LDAP test. . . . . . . . . . . . . : Failed
[WARNING] The default SPN registration for 'HOST/bear-station.abc.com' is missing on DC 'server.abc.com'.
[WARNING] The default SPN registration for 'HOST/BEAR-STATION' is missing on
DC 'server.abc.com'.
[FATAL] The default SPNs are not properly registered on any DCs.

I don't pretend to understand these errors so I'm hoping that someone could guide me through the mess I've created.

thanks in advance,
Bear
 
Sort by date Sort by votes
On the workstation, before you join to the new domain, login as administrator and rename the user profile. Ex. Randy -> Randy1. Now change to workgroup, reboot and join to new domain, reboot then ask the Randy to login then logoff then you login. Now copy the profile Randy1 to Randy, logoff then ask Randy to login.
 
Upvote 0 Downvote
Thanks for the reply Ricpinto!

I'll give this a whirl...
Do you know what's up with the errors with the "domainsid" not resetting?

I know it's some sort of special security number... any ideas as to why the commands "netdom" or "nltest" won't reset the sid?

The workstation that I already dis-joined and joined seems to work fine when I do the netdom command....
 
Upvote 0 Downvote
I give it a try, if I'm in that situation I'll disjoin to old domain(ABC.COM) first to free up the old domain security ID - SID(SID1). Next is to join the new domain using the GUI or netdom, doing this I will be issued a new SID(SID2) for new ABC.COM.

The old profile is Randy(SID1) and the new profile is Randy(SID2) that's the reason you've lost all your previous setting because Randy(SID1) is history and it will never be used anymore. To retreived the old settings is to copy the contents of Randy(SID1) to Randy(SID2).

I don't know if there's a 3rd party software to take out SID1 and put in SID2.


 
Upvote 0 Downvote
Well I gave it a try and it worked (sort of)...
Copying the profiles using explorer/ copy / paste definately copies the data over but it seems to miss out on some of things that I do not know of (maybe some security settings?).
Anywho..... I basically ran each program up to see if it would start and if it didn't, I re-installed it again.
So I got the end result that I wanted but I just didn't have the "1 key command that would cure all my problems" solution. (nothing like learning a good lesson about backups !). Atleast the computer is now on the domain.

Thanks Ricpinto for you suggestions !

 
Upvote 0 Downvote
Glad you're done, me I'm in the process finishing a disaster recovery. Know why, some crazy guy never extend the contract for this piece of junk server to 24x7x4. It takes forever to complete a parts replacement. 1 RAID controller/2 HDD gone on a RAID 5 and a flaky full back up tape. No sleep for more than 24 hours. Anyway 2 to 3 hours more I could have my precious sleep. Goodday.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

herestone
  • Locked
  • Question
Core Switch DHCP Server Management 1
Replies
2
Views
11K
herestone
herestone
dl12345
  • Locked
  • Question
IPV6 related issue on bind 9.16.1 on Ubuntu 20.04
Replies
1
Views
11K
dl12345
dl12345
Blind Faith
  • Locked
  • Question
Bind9 master insisting on checking NS at root
Replies
5
Views
11K
YoBo7
YoBo7
Richard Carter
  • Locked
  • Question
Set up BIND on DNS server for local home server
Replies
0
Views
10K
Richard Carter
Richard Carter
alpha76
  • Locked
  • Question
Advice on DNS setup/configuration
Replies
3
Views
11K
technome
technome

Part and Inventory Search

Sponsor

Back
Top