Hello, to understand all the mentioned servers here the problem belongs to the SBS machine? Then i suggest that you ask in the following forum, as there are the SBS experts http://social.technet.microsoft.com/Forums/en-US/smallbusinessserver/threads too many steps on SBS are different then on the regular OS versions. Other wise please describe again with all server roles the mentioned servers. I have never seen that a machine is renamed automatically after installing updates.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Hi Meinolf, I have posted on the SBS forum as you suggested, however, the problem is only on the second server - Windows Server 2008 FE 64bit. The only other reference to a similar problem I can find relates to Vista clients on a network. - http://social.technet.microsoft.com/Forums/en-US/itprovistanetworking/thread/307cb0a3-860f-48cd-b600-7d72360d0efa An outline of the network topography is below. I have change internal server names and identifiers as I do not like to post clues to my client's newtwork identity and structure on a public forum. Any insight you you can bring to the issue would be appreciated. Linda Network Topography Primary DC: server1.domain.local - Fixed IP - Virtual machine running SBS 2008 Premium running on Hyper-V physical box, Exchange 2007 and all standard SBS roles; AD certificate services, AD Domain Services, DHCP Server, DNS Server, File Services, NPAS, TS with 25 TS cals, Web Services and WSUS. AV is Avast 4 for SBS. 24 port gigabit manage switch 24 port 10/100 unmanaged switch router and firewall Secondary DC: server2.domain.local - Fixed IP - Physical machine running second server Windows 2008 Standard FE 64bit and SQL Server 2008 for SBS for LOB application Patronbase, and required server roles; AD DS, DNS Server, File Services, Remote Access, TS remote apps and required elements from Web Services. This is the machine with the problem logging on and the only serious problem. server3.domain.local - Physical Machine running 32bit Server 2008 used for backups and LOB accounting apps. Fixed IP 14 Windows 7 Desktop PCs all with IP reservations 5 networked printers. all with fixed IPs

Hello, the naming problem with MINWINPC seems to belong to HP machines and some restore, so i assume this is about imaging/recovery options they provide, maybe you'll contact HP support about this. If you search on the web for MINWINPC you'll find a lot. Name changes are fine as long as you keep topologies with naming conventions but this is already done from you. So you run the server1 as DC on the physical machine and additional you have installed the Hyper-V role on the same server? Well, this is NOT recommended for DC backup and restore!!!! security settings and also performance reasons. Normally you install the Hyper-V role and all other servers as VM on this and the Hyper-V is NEVER member of the domain. If server1 is on a separate machine ignore this part of my answer. Server2 is Foundation edition? You are aware that this is only for up to 15 user accounts in AD? SQL on DCs is also not recommended and especially RRAS(except on SBS) shouldn't be installed on DCs for multiple reasons. The same applies to use a DC for RD services, this will lower the security as you have to allow domain users to logon to a DC!!! SQL, RD, Webservices and RRAS should always be run on domain member servers and Webservices like IIS on a DMZ instead inside the LAN. Too many ports must be open on firewalls to grant access and allows hackers easy entry. Have you done some restore or repair on server2 before the updates? I would like to see the following output files run on server2: ipconfig /all >c:\ipconfig.txt [from each DC/DNS Server] dcdiag /v /c /d /s:dcname >c:\dcdiag.txt repadmin /showrepl dc* /verbose /all /intersite >c:\repl.txt ["dc* is a place holder for the starting name of the DCs if they all begin the same (if more then one DC exists)] dnslint /ad /s "DCipaddress" (http://support.microsoft.com/kb/321045) As the output will become large, DON'T post them into the thread, please use Windows Sky Drive (skydrive.live.com) [with open access!] and add the link from it here. Also the /e in dcdiag scans the complete forest, so better run it on COB. It is fine to change names again but keep the format and please check the output before uploading that it is readable.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Hi Meinolf, 1) This is not an HP Server, nor is the issue to do with imaging or recovery. 2) I did not change the name of the server, it has appeared in explorer when browsing the network as MINWINPC. This happened after the server rebooted following the installation of the latest windows updates. Minwinpc is apparently the name of the WinRE windows recovery environment system. 3) Server2 is still in AD, DNS and SBS console as Server2.domain.local but cannot be contacted or logged onto remotely or interactively. 4) The primary DC - Server1 - is a virtual machine hosted on a Hyper-V physical machine. 5) Server 2 is not Foundation Edition - This is the second server installation which comes with SBS 2008 Premium. The user account limit is 75 with SBS 2008. 6) I agree the installing RRAS, Webservices etc on a DC is not a good idea, but SBS installs Exchange, OWA, Sharepoint and windows remote access by default on one server. SBS 2008 is based on Windows Server Standard Edition with its own specific AD, group policies and scripts. It automates many of the tasks which you would normally do in Windows Server. The biggest danger is running LOB apps as well on the one server and I do not like doing this. 7)This is a relatively small network. Running the secondary DC on Server 2 is done so that I can have replication for failover and continuity for the most important LOB app. It is installed in the same office where the LOB app is used and it and all the clients there are connected to their own UPS so that even if the rest of the system failed, this would continue to work. I did not expect that a windows update would completely corrupt Server2. Recovery should simply be a matter of logging into the local machine and correcting the identity and reconnecting to the domain. The problem is that it is not letting me logon. I suspect I am going to have to run the windows DVD in recovery console and try to correct the registry. This fills me with dread, but I need to be able to logon as local administrator and then everything should be fine as I will have full access to all the command line tools. If I cannot get logged on locally, I can either recover from a system image or reinstall the server and then restore the LOB backups, which I hope to avoid. regards, Linda

After installing the recent batch of updates to a windows server 2008 machine, I cannot logon after the restart. The problem is with the SBS second server which runs windows server 2008 64 bit on a physical box as a secondary DC and runs a SQL Server 2008 line of business application. The SBS server runs as a virtual system on Hyper V physical box. The network, primary DC, exchange etc all work fine. All the PCs in the network run Windows 7 Professional and log on to them is not a problem. The problem second server returns an error (5) access is denied when trying to log on to the machine remotely. Interactive logon returns username or password not recognised. Logging onto the local machine returns "unable o logon - an attempt was made to logon, but the network logon service was not started" Pinging the IP address of the problem server works OK as does sending a shutdown /m IP address -r -f instruction using the command prompt from the SBS primary server, however, sending a shutdown /m \\computername -r -f returns the (5) access is denied error. Browsing the network now lists the name of the problem server as minwinpc. I can browse the shared folders on the minwinpc problem server. I am having problems logging on in safe mode or even in safe mode with cmd prompt. I am going on site tomorrow to attempt recovery. Does anyone have any advice about what I need to do to get logged on again and reconnect this server to the network. I will be able to get to a recovery console using a windows server installation disk.

The following error appears in the event log of the primary DC if this can help anyone to point me in the right direction to find a solution. The Kerberos client received a KRB_AP_ERR_MODIFIED error from the server minwinpc$. The target name used was domain\SERVER2$. This indicates that the target server failed to decrypt the ticket provided by the client. This can occur when the target server principal name (SPN) is registered on an account other than the account the target service is using. Please ensure that the target SPN is registered on, and only registered on, the account used by the server. This error can also happen when the target service is using a different password for the target service account than what the Kerberos Key Distribution Center (KDC) has for the target service account. Please ensure that the service on the server and the KDC are both updated to use the current password. If the server name is not fully qualified, and the target domain (domain.LOCAL) is different from the client domain (domain.LOCAL), check if there are identically named server accounts in these two domains, or use the fully-qualified name to identify the server.