Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

netdom resetpwd or nltest /SC_RESET on a Certificate Authority Server? 1

Status
Not open for further replies.
ADB100

ADB100

Technical User
Mar 25, 2003
2,399
GB
I had a disk issue on a MS Virtual Server and had to restore some backups. One of the VM disk images is the Enterprise Root CA for the domain - it's a Member Server. The backup was a few days old so the secure channel to the domain is broken. Normally this is easily fixed with the 'netdom.exe' or 'nltest.exe' resource kit tools, however this fails to work on the CA - the error is:
Code: 
The machine account password for the local machine could not be reset
The specified domain either does not exist or could not be contacted
Name resolution is working perfectly and I can see a conversation with a DC when I attempt the reset, however it fails every time. I have searched and searched and can't find an answer to this. I assume as it's a CA it either won't work full stop or there are some additional steps I need to do?

Andy
 
Sort by date Sort by votes
Reset the account in AD before running the netdom command on the server. This should allow netdom to change the password and re-establish connection.

PSC

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
 
Upvote 0 Downvote
Reset the account in AD before running the netdom command on the server. This should allow netdom to change the password and re-establish connection.
Click to expand...

Yes, already tried that and it doesn't work. I also tried disabling Certificate Services, restarting the CA server and then doing the reset but I get the same behaviour.

I think this is because it's a CA and there is something 'extra' in play? I have other servers on the same subnet and these reset OK.

Andy
 
Upvote 0 Downvote
Take a look at this procedure: [URL unfurl="true"]http://support.microsoft.com/default.aspx/kb/555012[/url]

You may be able to adapt it to your situation. I've used it for it's stated purpose and it works.

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Aquiles Vidal
  • Locked
  • Question
Web Browsers in Windows Server or Terminal Server
Replies
0
Views
255
Aquiles Vidal
Aquiles Vidal
MaioMaio
  • Locked
  • Question
Server Remote Desktop License
Replies
0
Views
205
MaioMaio
MaioMaio
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
293
suncit
suncit
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
264
DrB0b
DrB0b
antonio_dsanchez
  • Locked
  • Question
post-installation WSUS windows server 2016
Replies
0
Views
215
antonio_dsanchez
antonio_dsanchez

Part and Inventory Search

Sponsor

Back
Top