Replaced Server - Domain problems
I recently replaced our company's Windows 2003 server with new machine with Windows 2008 R2. I was advised by our computer supplier that I could just name the new server and domain the same as the old and our 30 workstations (all XP Professional)
would be able to connect to the domain without any problems. The large majority of our workstations have to be restarted every day, because they lose connection to the server. I looked into the event log and found the common Event ID: 5513.
It states, "The computer (computer name) tried to connect to the server (server name) using the trust relationshop established by the (domain name) domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish
the trust relationship." I've done a little research and it looks like I need to rejoin each of the workstations with the domain to fix this problem. Will I need to rename each computer, or can I rejoin with the same computer name? Will this
create a new profile on each workstation to which I'll have to copy all of the files from the old profile? How would you recommend I fix this problem?
Thanks for your help, Todd
June 8th, 2011 6:27pm
Hi,
Although the new domain controller has the same name as the original one, I would like to confirm the following questions:
1.
Have you remove the metadata for the original domain controller?
2.
Is the new domain controller has the same IP address as the original one?
3.
Have you configured the clients DNS settings point to the correct DNS server?
Based on the current situation, you may refer to the following Microsoft KB article for how to reset security channel.
Resetting computer accounts in Windows
http://support.microsoft.com/kb/216393
If it does not work, you may need to disjoin and rejoin the clients to domain. To answer your questions:
1.
It is not necessary to rename clients before rejoining to the domain.
2.
The original profiles will not be removed, so you don’t need to create new profiles.
In addition, you need to remove the original domain controller by following the Microsoft articles below:
Removing a Domain Controller from a Domain
http://technet.microsoft.com/en-us/library/cc771844(WS.10).aspx
Forcing the Removal of a Domain Controller
http://technet.microsoft.com/en-us/library/cc731871(WS.10).aspx
How to remove completely orphaned Domain Controller
http://support.microsoft.com/kb/555846
Regards,
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
June 8th, 2011 9:59pm
Hello,
" I was advised by our computer supplier that I could just name the new server and domain the same as the old
and our 30 workstations (all XP Professional) would be able to connect to the domain without any problems."
This statement is complete wrong!!!
If you create a new server with the same machine name and domain name the SID(Security identifier) is complete new. That's the reason the machines cannot create a secure channel with the domain.
You have either to add all machines to the new domain and create all user accounts, policies etc. new or you start again with the new server and make it additional DC in the existing domain and then go on at the end after testing to remove the older
DC. Therefore you can follow:
http://msmvps.com/blogs/mweber/archive/2010/02/10/upgrading-an-active-directory-domain-from-windows-server-2003-to-windows-server-2008-or-windows-server-2008-r2.aspxBest regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
June 9th, 2011 2:46am
I recently replaced our company's Windows 2003 server with new machine with Windows 2008 R2. I was advised
by our computer supplier that I could just name the new server and domain the same as the old and our 30 workstations (all XP Professional) would be able to connect to the domain without any problems.
Completely wrong.
The large majority of our workstations have to be restarted every day, because they lose connection to the server.
I looked into the event log and found the common Event ID: 5513. It states, "The computer (computer name) tried to connect to the server (server name) using the trust relationshop established by the (domain name) domain. However, the computer lost the
correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship."
Perfectly normal after you have done.
I've done a little research and it looks like I need to rejoin each of the workstations with the domain to fix this
problem. Will I need to rename each computer, or can I rejoin with the same computer name? Will this create a new profile on each workstation to which I'll have to copy all of the files from the old profile? How would you recommend I fix
this problem?
Do you have an additional DC with GC in your domain? If yes, you have just to add the DC as an additional domain controller. Once done, make it a GC and a DNS server.
If you don't have an additional DC and you have a system state backup of your old DC then try to restore it on your new server. If in this case, computers have problems of secure channels then re-join them to the domain.
If you have no additional DC and no backup then consider your domain as lost an in this case, you have to create a new one and create again all your AD objets. In this case, computers should be joined to the new domain.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft Certified
Professional
Microsoft Certified
Systems Administrator: Security
Microsoft Certified
Systems Engineer: Security
Microsoft Certified
Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows 7, Configuring
Microsoft Certified
IT Professional: Enterprise Administrator
Free Windows Admin Tool Kit Click here and download it now
June 9th, 2011 4:28am