Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Messed up Admin Login

Status
Not open for further replies.
moolie

moolie

Programmer
May 7, 2002
193
CA
Help.

I got into the office today and my 2000 advanced server hosting terminal services will not respond to the admin login. I can login and I get the Admin profile loaded, desktop icons etc. If I open event viewer and hit properties on an event, event viewer closes. I open AD and try to view a user configuration and I get a "Insufficient priveledges" error message and AD closes. I can't even see my network connections.
I tried to download the IIS fix released friday and it won't download.

I ran virus check - clean
I ran ad-aware - clean

Any suggestions?

I rebooted and logged in using administrator login and same thing. My terminal server users are unaffected by this it seems. I can't administrate the machine using the administrator login.
 
Sort by date Sort by votes
I think I have seen this before.... before I speak too soon, what Anti-Virus are you running? If wouldn't happen to be CA (computer associates) would it??

Let me know
NETWIZ
 
Upvote 0 Downvote
Alas no. I ran Trend Micro web scan on the system using their remote scanner. I couldn't get the installed anti-virus to run a scan (Mcafee).
 
Upvote 0 Downvote
I say this issue with a 2kServer box that had CA running on it. There was a configuration within the CA anti-virus that some how got activated. It was the quarantine. At first thought you would think that "quarantine" was to hinder the suspected virus from contaminating the server. What that feature did was quarantine the user account, in this case the "administrator" account. When it did that I started to receive the exact same errors like you are now; insuffuciant privledges, unable to log on, and all the items that only the admin account can get to are disabled. Check to see if your version of McAfee has the same feature as CA. What version of McAfee?
 
Upvote 0 Downvote
Mcafee corporate edition. I can't get access to the info on specific version numbers - it's about 2 years old and up to date.
 
Upvote 0 Downvote
THis morning I managed to create a new user as member of the Enterprise Admins group and also join to to the Administrators group. Still failing.
 
Upvote 0 Downvote
Managed to regain some control over the server using another member machine running Admin tools on it. I'm still not able to access active directory though. When I try to get access to Active Directory I get a "Server is not operational" error and it cannot connect. ODD.

Looks like a AD corruption problem - any suggestions on how to recover from this? I also am having trouble getting access to the backups that I've been running to try and restore a system state backup.- Veritas Backup Exec.
 
Upvote 0 Downvote
doesnt veritas provide you with an option to restore data using bootdisk?
 
Upvote 0 Downvote
Yes and no.

I managed to discover the root cause of the AD corruption. VERITAS - SYSTEM STATE BACKUP!!!

Saturday evening the log show the veritas try to start running the system state backup. The backup log shows

-delete existing system state backup
-attempt to authenticate to the AD before halting services and beginning the backup.
This step repeats for 20 or so pages as it is unable to connect to the server for authentication.

So, good system state backup is gone. Current live system state is corrupted. EIther AD or GPO are corrupted.

I'm looking for a means to recover the AD without having to kill it. Is there a rollback on AD like regular databases? If so, How?
 
Upvote 0 Downvote
I sadly have a similar problem. I have no administrative control over my computer.. and whenever I want to go to system restore it says I dont have the right privilages. This makes me pissed since I fear I have to buy another computer.. for me having the mistake of getting SQLEVAL which I didnt need at all.
 
Upvote 0 Downvote
I found a reference online from Compaq regarding Active directory disaster recovery. Unfortunately, all other documentation I can find says I have two options.
1. Recover from a system state backup (not available)
2. Recover using AD replication (not available since this machine has no other DC to replicate from.)

The third option suggests using NTDSUtil utility.
Start in Directoy services restore mode.
Cmd c:\ntsdutil
ntdsutil: files
ntdsutil: repair

WARNING: attached to this instruction is: This should be used as a last resort. If a valid backup is available use it. If another DC is available use it. There is no guarantee this utility will repair active directory, and it may result in further data loss and corruption. It is also very time consuming depending on the size of the AD.

Read page 19 and 20 of the following document:
 
Upvote 0 Downvote
Update

I'm building another 2000 advanced server on the same domain as the hurting one. I'll activate AD as a secondary DC and let the AD replicate across to the new server (if it will go). If this works I should be able to get full access to the AD on the new server without corruption. If its all good, I'll reverse the roles on the two servers and let the AD replicate back. If I still have corruption on the existing server then there is more going on here than I think and I'll have to try again.

Attempt 2 will mean building a fresh AD from scratch on the second server and letting it replicate back to the bad server. If that works good. If not...

Attempt 3 will mean building out a new 2000 server from scratch. Rebuild the AD on the new server with the intent of replacing the existing server with the new one and then rolling over to the new one.
 
Upvote 0 Downvote
Okay - build up second 2000 server and trying to enable active directory on it as a member of existing Domain. Machine is a member computer and I'm trying to promote it to secondary DC within existing domain.

I can connect enough to find the domain using the AD wizard but when it comes time to actually create and configure AD i get the:
"The specified doamin either does not exist or could not be contacted"

I am able to ping the server by IP and domain name.
 
Upvote 0 Downvote
lookin at the error, first thing comes in to my mind is the DNS. just make sure you have your primary DNS server pointing to the right server.
 
Upvote 0 Downvote
also try these KB articles
Q283133, Q250545 and Q257338
 
Upvote 0 Downvote
Your absolutely correct. DNS is not running on this server. It dawned on me this morning that this server has a long and sorted history. Without being rebuilt it has changed roles, survived critical hardware and network failures, even a complete disaster recovery of the primary domain controller and this server just keeps on going. Until very recently this server was not the primary domain controller. SInce it is hosting terminal services DNS services was not required and therefore was removed ages ago.
 
Upvote 0 Downvote
Have now got DNS installed on this computer. Still some other operational problems:

Looking for global catalog on a server that no longer exists.
Trying to replicate AD from server that no longer exists.
DNS was not installed. Is now.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
134
ADB100
ADB100
goombawaho
  • Locked
  • Question
Microsoft Azure Active Directory - Backup Admin Account 1
Replies
2
Views
316
goombawaho
goombawaho
Scparks
  • Locked
  • Question
Trouble with setting up a SMTP Relay to Office 365
Replies
0
Views
93
Scparks
Scparks
Till
  • Locked
  • Question
Domain Admin Login Mail Notification
Replies
1
Views
74
technome
technome
shmoes
  • Locked
  • Question
Delegating file admin permission
Replies
3
Views
103
SamBones
SamBones

Part and Inventory Search

Sponsor

Back
Top