J
Jay Shi
Problem:
--------
Serve5 (one of DCs) cannot synch/replic with
Server2 (primary DC). Server5 does have
connection to network and can be accessed
from computers.
Advice needed:
--------------
- How to fix the problem ?
- Can we disconnect Server5 from network and
forcibly delete its information in AD of
Server2 and Server1, then completely rebuild
Server5 with same name ?
Network info:
---------------------
Total 3 DCs (Server1, Server2, Server5),
Server2 is primary
Server1: W2k Server, DC, upgraded from NT4.0 BDC
Server2: W2k Server, DC, upgraded from NT4.0 PDC
Server4: W2k Server, memb, upgraded from NT4.0 Server
Server5: W2k Server, DC, upgraded from NT4.0 member
Server, then promoted to DC
Server6: W2k Server, memb, newly built W2k member Server
NetBEUI domain name: ATR
DNS domain name: atr1.com
Comment:
We tried to use netdom2.exe to find the cause
and reset computer acct, but it seems no success.
-------------------------------------------------
A:\>netdom2 query /d:ATR pdc /verify
Primary domain controller for the domain:
Server2
The command completed successfully.
Command used on SERVER2 (primary DC)
-------------------------------------
A:\>netdom2 query /d:ATR Server /verify
Verifying secure channel setup for domain members:
Machine Status/Domain Domain Controller
======= ============= =================
....
\\Server4 ATR \\Server2
\\Server6 ATR \\Server2.atr1.com
\\Server5 ERROR! (The security database on the
Server does not have a computer account for this
workstation trust relationship.)
The command completed successfully
Command used on SERVER5
-----------------------
A:\>netdom2 query /d:workgroup Server /verify
Verifying secure channel setup for domain members:
Machine Status/Domain Domain Controller
======= ============= =================
....
\\Server4 ERROR! (Logon Failure: The target account
name is incorrect.)
\\Server6 ATR \\Server2.atr1.com
\\Server5 ERROR! (The security database on the
Server does not have a computer account for this
workstation trust relationship.)
The command completed successfully.
Command used on SERVER2 (primary DC)
-------------------------------------
A:\>netdom2 query /d:atr1.com fsmo
Schema owner Server2.atr1.com
Domain role owner Server2.atr1.com
PDC role Server2.atr1.com
Infrastructure owner Server2.atr1.com
The command completed successfully
Comment: Above are correct/current setting.
Command used on SERVER5
----------------------------------
A:\>netdom2 query /d:atr1.com fsmo
Schema owner Server2.atr1.com
Domain role owner Server2.atr1.com
PDC role Server2.atr1.com
Infrastructure owner Server5.atr1.com
The command completed successfully
Comment: Infrastructure owner is incorrect,
it has been transferred to Server2, comparing
the result of same command on Server2.
A:\>netdom2 verify /d:atr1.com Server5
The secure channel from Server5 to atr1.com is invalid.
The security database on the Server does not have a
computer account for this workstation trust relationship.
The command FAILED to complete successfully.
Thanks for any idea.
--------
Serve5 (one of DCs) cannot synch/replic with
Server2 (primary DC). Server5 does have
connection to network and can be accessed
from computers.
Advice needed:
--------------
- How to fix the problem ?
- Can we disconnect Server5 from network and
forcibly delete its information in AD of
Server2 and Server1, then completely rebuild
Server5 with same name ?
Network info:
---------------------
Total 3 DCs (Server1, Server2, Server5),
Server2 is primary
Server1: W2k Server, DC, upgraded from NT4.0 BDC
Server2: W2k Server, DC, upgraded from NT4.0 PDC
Server4: W2k Server, memb, upgraded from NT4.0 Server
Server5: W2k Server, DC, upgraded from NT4.0 member
Server, then promoted to DC
Server6: W2k Server, memb, newly built W2k member Server
NetBEUI domain name: ATR
DNS domain name: atr1.com
Comment:
We tried to use netdom2.exe to find the cause
and reset computer acct, but it seems no success.
-------------------------------------------------
A:\>netdom2 query /d:ATR pdc /verify
Primary domain controller for the domain:
Server2
The command completed successfully.
Command used on SERVER2 (primary DC)
-------------------------------------
A:\>netdom2 query /d:ATR Server /verify
Verifying secure channel setup for domain members:
Machine Status/Domain Domain Controller
======= ============= =================
....
\\Server4 ATR \\Server2
\\Server6 ATR \\Server2.atr1.com
\\Server5 ERROR! (The security database on the
Server does not have a computer account for this
workstation trust relationship.)
The command completed successfully
Command used on SERVER5
-----------------------
A:\>netdom2 query /d:workgroup Server /verify
Verifying secure channel setup for domain members:
Machine Status/Domain Domain Controller
======= ============= =================
....
\\Server4 ERROR! (Logon Failure: The target account
name is incorrect.)
\\Server6 ATR \\Server2.atr1.com
\\Server5 ERROR! (The security database on the
Server does not have a computer account for this
workstation trust relationship.)
The command completed successfully.
Command used on SERVER2 (primary DC)
-------------------------------------
A:\>netdom2 query /d:atr1.com fsmo
Schema owner Server2.atr1.com
Domain role owner Server2.atr1.com
PDC role Server2.atr1.com
Infrastructure owner Server2.atr1.com
The command completed successfully
Comment: Above are correct/current setting.
Command used on SERVER5
----------------------------------
A:\>netdom2 query /d:atr1.com fsmo
Schema owner Server2.atr1.com
Domain role owner Server2.atr1.com
PDC role Server2.atr1.com
Infrastructure owner Server5.atr1.com
The command completed successfully
Comment: Infrastructure owner is incorrect,
it has been transferred to Server2, comparing
the result of same command on Server2.
A:\>netdom2 verify /d:atr1.com Server5
The secure channel from Server5 to atr1.com is invalid.
The security database on the Server does not have a
computer account for this workstation trust relationship.
The command FAILED to complete successfully.
Thanks for any idea.