Archived from groups: microsoft.public.win2000.security (
More info?)
ouch
Thanks I will get to it.
"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:YSKzc.55554$HG.12231@attbi_s53...
> Well you have a couple of options.
>
> If you have a recent System State backup of that domain controller you
could boot
> into Directory Services Restore Mode [similar to safe mode] where you
would have to
> logon as the local administrator account that was configured when to
computer was
> first dcpromo and then use ntbackup to restore the System State and after
reboot your
> domain controller will replicate with the others do get updates.
>
> If you do not have a System State backup for that domain controller. You
will have to
> reinstall W2K including service packs and then dcpromo it to a domain
controller
> where it will replicate with other domain controllers. Note that you will
have to
> clean up entries in AD Sites and Services and do a matadata cleanup of
Active
> Directory using ntdsutil FIRST if you go that route. See the link below
for more info
> on Active Directory restore procedures. If the failed dc held any fsmo
roles or was
> global catalog server, you will need to seize those roles on another
domain
> controller and create another global catalog server.
>
> You may also want to post in the win2000.Active_directory newsgroup to see
if they
> have any further advice with a post along the line of "domain controller
> ilure". --- Steve
>
>
http://www.microsoft.com/technet/prodtechnol/windows2000serv/technologies/ac
tivedirectory/maintain/opsguide/part1/adogd03.mspx#XSLTsection128121120120
>
http://tinyurl.com/28476 -- same link as above, shorter.
>
> "ScottS" <SSalvatore@lbmca.com> wrote in message
> news:eskAWHyUEHA.2908@TK2MSFTNGP10.phx.gbl...
> > Thank you
> >
> > All the other servers are reachable by the users. The only server that
is
> > having the issue is the restored one.
> >
> >
> >
> > Not knowing what this means, the following items failed during the
netdiag
> > and DCdiag.
> >
> > What would be the next steps?
> >
> >
> >
> > Global results:
> >
> >
> >
> > Domain membership test . . . . . . : Failed
> >
> > [WARNING] Ths system volume has not been completely replicated to
the
> > local machine. This machine is not working properly as a DC.
> >
> >
> >
> >
> >
> > Trust relationship test. . . . . . : Failed
> >
> > [FATAL] Secure channel to domain 'RCAL' is broken.
> > [ERROR_NO_TRUST_SAM_ACCOUNT]
> >
> >
> >
> > Kerberos test. . . . . . . . . . . : Failed
> >
> > [FATAL] Kerberos does not have a ticket for SPEAKER$.
> >
> >
> >
> > ------------------------------------------------
> >
> >
> >
> > DC Diagnosis
> >
> >
> >
> > Performing initial setup:
> >
> > [speaker] LDAP bind failed with error 31,
> >
> > A device attached to the system is not functioning..
> >
> >
> >
> >
> >
> > "Steven L Umbach" <n9rou@nscomcast.net> wrote in message
> > news:OeIzc.59193$Sw.2529@attbi_s51...
> > > You can reset local security settings to default defined levels as
> > described
> > > in the link below. However on a domain controller, Domain Controller
> > > Security Policy will override user rights assignments. The second link
> > shows
> > > how to restore Domain Controller Security Policy user rights to
default or
> > > otherwise modify it.
> > >
> > >
http://support.microsoft.com/default.aspx?scid=kb;EN-US;313222
> > >
http://support.microsoft.com/?kbid=267553
> > >
> > > Having said that, I think your problem is not with security policy,
but
> > > probably due to the fact that your computer accounts may have been
> > corrupted
> > > or the comuter passwords on the backup have expired. I would first
install
> > > the support tools on your domain controller and a domain member from
the
> > > install disk under support/tools where you will need to run setup or
the
> > > .msi package there. The run first netdiag and then dcdiag on your
domain
> > > controller looking for failed tests/fatal errors particularly in
regards
> > to
> > > dns, domain membership, dclist, and trust relationship. If all looks
well
> > > for the dc, run netdiag on a domain member that is experiencing
problems
> > > looking for the same. You may simply need to rejoing the computers to
the
> > > domain or otherwise try to reset their accounts using netdom which may
be
> > > easier but does not always work. If you find a lot of problems with
the
> > dc,
> > > look in Event Viewer for event ID error numbers and search the
Knowledge
> > > Base or
http://eventid.net for what you find. --- Steve
> > >
> > >
http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B216393
> > >
> > > "ScottS" <SSalvatore@lbmca.com> wrote in message
> > > news:#P2PBNwUEHA.712@TK2MSFTNGP11.phx.gbl...
> > > > Hi
> > > >
> > > > I have an issue accessing an AD server; do to hardware failure I
needed
> > to
> > > > restore the server from tape. Veritas BE was unable to restore the
> > sysvol
> > > > share point, but it did restore the files and folders. I created the
> > share
> > > > and right however as an end user I cannot logon to the server. When
I
> > > browse
> > > > the network places to the server I cannot access the server. I
receive
> > the
> > > > error Logon failure: the target account name is incorrect. This
happens
> > as
> > > > the admin as well.
> > > >
> > > >
> > > >
> > > > I feel it could be a permission issue. Can anyone tell me how to
reset
> > the
> > > > security permission on an AD server? I want to set them to the same
> > level
> > > as
> > > > it would be after you promote the server to an AD I know its doable
I
> > jus
> > > > went brain dead on the syntax.
> > > >
> > > >
> > > >
> > > > I posted this in the
> > > >
> > > >
> > > >
> > > > Thanks
> > > >
> > > > Scott
> > > >
> > > >
> > >
> > >
> >
> >
>
>