none
Replaced Server - Domain problems

    Question

  • I recently replaced our company's Windows 2003 server with new machine with Windows 2008 R2.  I was advised by our computer supplier that I could just name the new server and domain the same as the old and our 30 workstations (all XP Professional) would be able to connect to the domain without any problems.  The large majority of our workstations have to be restarted every day, because they lose connection to the server.  I looked into the event log and found the common Event ID: 5513.  It states, "The computer (computer name) tried to connect to the server (server name) using the trust relationshop established by the (domain name) domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship."  I've done a little research and it looks like I need to rejoin each of the workstations with the domain to fix this problem.  Will I need to rename each computer, or can I rejoin with the same computer name?  Will this create a new profile on each workstation to which I'll have to copy all of the files from the old profile?  How would you recommend I fix this problem?

     

    Thanks for your help, Todd

    Wednesday, June 08, 2011 10:22 PM

Answers

All replies

  • Hi,

     

    Although the new domain controller has the same name as the original one, I would like to confirm the following questions:

     

    1.    Have you remove the metadata for the original domain controller?

    2.    Is the new domain controller has the same IP address as the original one?

    3.    Have you configured the clients DNS settings point to the correct DNS server?

     

    Based on the current situation, you may refer to the following Microsoft KB article for how to reset security channel.

     

    Resetting computer accounts in Windows

    http://support.microsoft.com/kb/216393

     

    If it does not work, you may need to disjoin and rejoin the clients to domain. To answer your questions:

     

    1.    It is not necessary to rename clients before rejoining to the domain.

    2.    The original profiles will not be removed, so you don’t need to create new profiles.

     

    In addition, you need to remove the original domain controller by following the Microsoft articles below:

     

    Removing a Domain Controller from a Domain

    http://technet.microsoft.com/en-us/library/cc771844(WS.10).aspx

     

    Forcing the Removal of a Domain Controller

    http://technet.microsoft.com/en-us/library/cc731871(WS.10).aspx

     

    How to remove completely orphaned Domain Controller

    http://support.microsoft.com/kb/555846

     

    Regards,


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, June 09, 2011 1:54 AM
  • Hello,

    "  I was advised by our computer supplier that I could just name the new server and domain the same as the old and our 30 workstations (all XP Professional) would be able to connect to the domain without any problems."

    This statement is complete wrong!!!

     

    If you create a new server with the same machine name and domain name the SID(Security identifier) is complete new. That's the reason the machines cannot create a secure channel with the domain.

    You have either to add all machines to the new domain and create all user accounts, policies etc. new or you start again with the new server and make it additional DC in the existing domain and then go on at the end after testing to remove the older DC. Therefore you can follow:

    http://msmvps.com/blogs/mweber/archive/2010/02/10/upgrading-an-active-directory-domain-from-windows-server-2003-to-windows-server-2008-or-windows-server-2008-r2.aspx


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Thursday, June 09, 2011 6:41 AM
  • I recently replaced our company's Windows 2003 server with new machine with Windows 2008 R2.  I was advised by our computer supplier that I could just name the new server and domain the same as the old and our 30 workstations (all XP Professional) would be able to connect to the domain without any problems.

    Completely wrong.

    The large majority of our workstations have to be restarted every day, because they lose connection to the server.  I looked into the event log and found the common Event ID: 5513.  It states, "The computer (computer name) tried to connect to the server (server name) using the trust relationshop established by the (domain name) domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship."

    Perfectly normal after you have done.

    I've done a little research and it looks like I need to rejoin each of the workstations with the domain to fix this problem.  Will I need to rename each computer, or can I rejoin with the same computer name?  Will this create a new profile on each workstation to which I'll have to copy all of the files from the old profile?  How would you recommend I fix this problem?

    Do you have an additional DC with GC in your domain? If yes, you have just to add the DC as an additional domain controller. Once done, make it a GC and a DNS server.

    If you don't have an additional DC and you have a system state backup of your old DC then try to restore it on your new server. If in this case, computers have problems of secure channels then re-join them to the domain.

    If you have no additional DC and no backup then consider your domain as lost an in this case, you have to create a new one and create again all your AD objets. In this case, computers should be joined to the new domain.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator


    Thursday, June 09, 2011 8:22 AM
  • in my case also all widows XP machines don't have any issue to join the domain (Domain name, DNS, IP are same as old ) but the issues only in Windows 7 pro

    Thursday, September 19, 2013 10:20 AM