No domain trust relationship after recovery from SSR backup

BSchwarz

Administrator
Joined
Sep 26, 2003
Messages
1,918
Location
Florida U.S.A.
Dear All,

I came across an unusual situation and count on your help since I cannot resolve it.

Scenario: Domain network with W2012R2 server as a DC, a spare DC and several other servers both virtual and physical. Several dozen workstations.

One of the workstations (W7pro-64) got a failure with cyclic BSOD. Disks C:,D: and SYSTEM_DRV were restored from the 24-hour-old backup. "Preserve domain trust token on target drive" option is checked, though I do not know if it's correct. Anyway
I see no way change this.

After that the trust relationship was with the domain was broken with the following symptoms:

1. Login not possible with network cable plugged. The system refused to recognize any domain users.

2. RDP connections to the workstation fail.

3. Impossible to connect to MS Exchange.

Additional information:

Domain Member

PolicySettingWinning GPODomain member: Maximum machine account password age 999 days Default Domain Policy

What I tried:

1. Nltest query

C:\>nltest /query

Flags: 0

Connection Status = 1786 0x6fa ERROR_NO_TRUST_LSA_SECRET

The command completed successfully

2. Nltest reset

C:\>nltest /sc_reset:

I_NetLogonControl failed: Status = 1786 0x6fa ERROR_NO_TRUST_LSA_SECRET

3. Netdom reset

Also no luck - access denied.

4. Netsh

netsh winsock reset

netsh int ip reset

and attempt to join the domain with the wizard. No luck.

5. Multiple attempts to unjoin the domain.

Every possible combination. Under domain users with administrative rights, under enabled local admin account. With network cable plugged and unplugged. The result is the same - ACCESS DENIED.

6. wmic

start /B /W wmic.exe /interactiveSmiley Surprisedff ComputerSystem Where "Name='%computername%'" Call UnJoinDomainOrWorkgroup FUnjoinOptions=0

No result at all.

7. POwershell cmdlet

Reset-ComputerMachinePassword

Reset-ComputerMachinePassword -Server "DC01" -Credential Domain01\Admin01

Also leads to access denied error





All the methods I tried have one symptom in common - access is denied.

I think that there is some fundamental problem in recovery.

Please, advise how to resolve the problem.


More...
 
Back
Top