We recently had an incident where a CA on a test domain had its computer account deleted. As it was the CA, we couldn't drop it from the domain and rejoin it (system properties showed "Note: The identification of the computer cannot be changed because: - The Certification Authority is installed on this computer."
To solve the issue, I recreated the computer account manually.
Then, on the server itself I reset the machine password a couple of times using:
netdom resetpwd /Server:name of DC /UserD:domain user /PasswordD:password
Then, I reset the secure channel. This is the part that actually fixed the problem:
netdom reset computer to reset/Domain:DNS name of domain /Server:name of DC /UserO:domain user /PasswordO:password
After that, nltest /SC_QUERY:DNS name of domain shows that the secure channel is operative again.
To solve the issue, I recreated the computer account manually.
Then, on the server itself I reset the machine password a couple of times using:
netdom resetpwd /Server:name of DC
Then, I reset the secure channel. This is the part that actually fixed the problem:
netdom reset computer to reset
After that, nltest /SC_QUERY:DNS name of domain
No comments:
Post a Comment