I have these 2x Windows 2012 Domain Controllers that inherited policies from the old GPO which were created since Windows 2003 days. I did not realize there were problems until some of the features that I want to use started acting badly (e.g. access denied, etc).
Obviously the DCs have been joined to the domain and be put in the "Domain Controllers" OU by default after they were dcpromo-ed, which then got the old GPO applied to them.
So to clean them up all the registries, file systems security configuration that have been applied to DC, I need to reset the default domain policy and the default domain controllers policy. Before I do that, I back them up first, just in case.
To clean up the GPO run the following command:
C:\> DCGPOFIX
Then I need to clean up the actual settings that have been applied to my DCs by running the following command on each DC:
C:\> secedit /configure /cfg C:\windows\inf\defltdc.inf /db defltdc.sdb /overwrite
Reboot the DC
Showing posts with label domain controller. Show all posts
Showing posts with label domain controller. Show all posts
Wednesday, April 17, 2013
Wednesday, July 09, 2008
Windows 2000 Domain Controller - Restore Trust Relationship
If your domain controllers are not replicated to each other and your are getting the following errors:
netdiag
DC list test . . . . . . . . . . . :[WARNING] Cannot call DsBind to DC1). [SEC_E_WRONG_PRINCIPAL]
dcdiag
Warning: DC1 is the Schema Owner, but is not responding to DSRPC Bind.[DC1] LDAP bind failed with error 31,A device attached to the system is not functioning..
Warning: DC1 is the Schema Owner, but is not responding to LDAP Bind.
Warning: DC1 is the Domain Owner, but is not responding to DSRPC Bind.
Warning: DC1 is the Domain Owner, but is not responding to LDAP Bind.
Warning: DC1 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the PDC Owner, but is not responding to LDAPBind.
Warning: DC1 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the Rid Owner, but is not responding to LDAPBind.
Warning: DC1 is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the Infrastructure Update Owner, but is not responding to LDAP Bind.
It could be the trust relationship between the domain controller is broken. To establish the trust back, do the following:
1. Find the PDC Role
netdom query fsmo
2. Reset the computer account password from the other Domain Controller
net stop kdc
netdom resetpwd /server: /userd: /passwordd:
reboot
netdiag
DC list test . . . . . . . . . . . :[WARNING] Cannot call DsBind to DC1). [SEC_E_WRONG_PRINCIPAL]
dcdiag
Warning: DC1 is the Schema Owner, but is not responding to DSRPC Bind.[DC1] LDAP bind failed with error 31,A device attached to the system is not functioning..
Warning: DC1 is the Schema Owner, but is not responding to LDAP Bind.
Warning: DC1 is the Domain Owner, but is not responding to DSRPC Bind.
Warning: DC1 is the Domain Owner, but is not responding to LDAP Bind.
Warning: DC1 is the PDC Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the PDC Owner, but is not responding to LDAPBind.
Warning: DC1 is the Rid Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the Rid Owner, but is not responding to LDAPBind.
Warning: DC1 is the Infrastructure Update Owner, but is not responding to DS RPC Bind.
Warning: DC1 is the Infrastructure Update Owner, but is not responding to LDAP Bind.
It could be the trust relationship between the domain controller is broken. To establish the trust back, do the following:
1. Find the PDC Role
netdom query fsmo
2. Reset the computer account password from the other Domain Controller
net stop kdc
netdom resetpwd /server:
reboot