Wednesday, July 09, 2008

Windows 2000 Domain Controller - Restore Trust Relationship

If your domain controllers are not replicated to each other and your are getting the following errors:

netdiag

DC list test . . . . . . . . . . . :[WARNING] Cannot call DsBind to DC1). [SEC_E_WRONG_PRINCIPAL]

dcdiag

Warning: DC1 is the Schema Owner, but is not responding to DSRPC Bind.[DC1] LDAP bind failed with error 31,A device attached to the system is not functioning..

Warning: DC1 is the Schema Owner, but is not responding to LDAP Bind.
Warning: DC1 is the Domain Owner, but is not responding to DSRPC Bind.
Warning: DC1 is the Domain Owner, but is not responding to LDAP Bind.
Warning: DC1 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the PDC Owner, but is not responding to LDAPBind.
Warning: DC1 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the Rid Owner, but is not responding to LDAPBind.
Warning: DC1 is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the Infrastructure Update Owner, but is not responding to LDAP Bind.

It could be the trust relationship between the domain controller is broken. To establish the trust back, do the following:

1. Find the PDC Role

netdom query fsmo

2. Reset the computer account password from the other Domain Controller

net stop kdc

netdom resetpwd /server: /userd: /passwordd:

reboot