none
Not able to login after install the AD in windows server 2012

    Question

  • Hi

    After I installed the Active Director Domain Server to my windows server 2012 and set some values with the help of this site

    http://virtualcurtis.wordpress.com/2011/03/02/fix-the-security-database-on-the-server-does-not-have-a-computer-account-for-this-workstation-trust-relationship/#comment-1637

    Now I'm not able to login to my server with the "Administrator" Password. Now it showing the error

    "The security database on the server does not have a computer account for this workstation trust relationship."

    How can i solve this?

    Thanks

    Bobbin Paulose

    Saturday, December 20, 2014 11:09 AM

Answers

  • Hai all friends

    I fix this problem. I login through DSRM and demort the AD and re-installed it with different name. Now i'm able to login and also i add client machines. Now my problem is publish my software through GPM.

    Thanks to everyone who spend time to fix my problem.....

    Bobbin

    Monday, January 05, 2015 12:13 PM

All replies

  • Delete the computer from AD and disjoin then rejoin your domain
    Saturday, December 20, 2014 4:19 PM
  • Hi

    Actually I'm not able to login in the Server (Windows Server 2012 Standard) itself, Where i'm installed the Active Directory. If i need to do anything, first i need to login to that machine. :( .

    I set these thing after that i'm not abel to login. 

    dNSHostName:
    srv1.mydomainname.com

    servicePrincipalName:
    HOST/SRV1
    HOST/srv1.mydomainname.com
    RestrictedKrbHost/SRV1
    RestrictedKrbHost/srv1.mydomainname.com
    TERMSRV/SRV1
    TERMSRV/srv1.mydomainname.com

    Is there any provision to disable AD from BIOS. And one more thing i have doubt is My server prefered DNS is not the server  IP(Windows Server 2012 Standard),  Its different. Need to give there the same IP of server?

    Thanks

    Bobbin

    Monday, December 22, 2014 5:45 AM
  • Have you tried the local admin account. And no you cannot disable AD from bios. Reset the password if not there's tools to help you do this just use Google
    Monday, December 22, 2014 7:06 AM
  • Follow the below link, similar issue resolved.

    Click here

    Reg,


    Darshan

    Monday, December 22, 2014 12:38 PM
  • Hi

    I'm not able to not reset the password. But I'm able to login in safe mode with administrator. Can I do anything (Uninstall the AD) from safe mode?

    Thanks

    Bobbin

    Monday, December 22, 2014 1:46 PM
  • Be sure to login to DSRM mode and not safe mode. If you've logged into DSRM mode then what is the error you get when resetting the password.


    Darshan

    Monday, December 22, 2014 1:56 PM
  • Hi Darshan

    I'm able to login in DSRM. Which password i need to reset and from where. Can you give me some more details about it.

    Thanks

    Bobbin

    Monday, December 22, 2014 5:20 PM
  • Hi Bobbin,

    First stop KDC "net stop KDC"

    Next "netdom /resetpwd /server:<dcname> /userd:<domain>\administrator /passwordd:<password>"

    In the above syntax replace <dcname> with your server name and <domain> with your domain name

    After this command - Do a "repadmin /syncall"

    Next "Net start KDC"

    Reboot DC and try.

    Reg,


    Darshan

    Tuesday, December 23, 2014 5:56 AM
  • Hi Darshan

    Thanks to spend time for me!!!!

    I done what you said.....but there is no luck for me... :)

    when i type this commend "net stop KDC" I'm getting the below msg

    "The Kerberos key distribution center services is not started. More help is available by typing NET HELPMSG 3521"

    I just ignore this msg and type second one "netdom /resetpwd /server:<dcname> /userd:<domain>\administrator /passwordd:<password>", but i'm getting below msg

    "The Machine account password for the local machine could not be reset.

    They are currently no logon servers available to service the logon request.

    The command failed to complete successfully."

    so i didnt type the 3rd and 4th command

    Thanks

    Bobbin

    Tuesday, December 23, 2014 8:06 AM
  • Ok, Looks like a bigger problem now,

    So how many DC's do you have in your Domain. Is this the only one. If there are other DC's then can you reach them (through ping by fqdn name)

    Reg,


    Darshan

    Tuesday, December 23, 2014 8:16 AM
  • No ,I have only created one DC's...
    Tuesday, December 23, 2014 8:33 AM
  • "There are currently no logon servers..."

    This indicates that the Domain Controller is not advertising itself as a DC. This can happen due to DNS issues.

    Does the domain controller also have the DNS Service installed. Can you post results of IPconfig /all.

    Are the DNS Server/Client Services started , Check Netlogon service as well.

    Reg,


    Darshan

    Tuesday, December 23, 2014 8:53 AM
  • Hi

    IPconfig /all Result

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : SUGARSERVER
       Primary Dns Suffix  . . . . . . . : SugarPlugin.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : SugarPlugin.com

    Ethernet adapter Local Area Connection:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : TeamViewer VPN Adapter
       Physical Address. . . . . . . . . : 00-FF-6C-25-5A-C6
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes

    Ethernet adapter Ethernet:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connectio
    n
       Physical Address. . . . . . . . . : 00-22-4D-9B-50-2E
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::8965:7360:7123:2e89%13(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.0.54(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.0.10
       DHCPv6 IAID . . . . . . . . . . . : 218112589
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-32-51-E0-00-22-4D-9B-50-2E

       DNS Servers . . . . . . . . . . . : ::1
                                           192.168.0.54
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter VMware Network Adapter VMnet1:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet
    1
       Physical Address. . . . . . . . . : 00-50-56-C0-00-01
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::91c7:daa6:ee8f:8aea%19(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.225.1(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . :
       DHCPv6 IAID . . . . . . . . . . . : 436228182
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-32-51-E0-00-22-4D-9B-50-2E

       DNS Servers . . . . . . . . . . . : ::1
                                           127.0.0.1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter VMware Network Adapter VMnet8:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet
    8
       Physical Address. . . . . . . . . : 00-50-56-C0-00-08
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::dd2c:bc08:5bde:d38d%20(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.177.1(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . :
       DHCPv6 IAID . . . . . . . . . . . : 469782614
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-32-51-E0-00-22-4D-9B-50-2E

       DNS Servers . . . . . . . . . . . : ::1
                                           127.0.0.1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{6B2F009B-F1C9-4DDD-BD32-581060763969}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{64E49EE4-592F-48AA-8107-55E927BA54EF}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{9DAEA9BD-F42E-41F8-92A0-35135B364085}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.{6C255AC6-0A49-4FEF-9007-6563BD39D844}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Netlogon and DNS Services are already running, but DNS Server Service is not running. When i try start it, its showing an error

    "Windows could not start the DNS Server services on local computer.

    Error 1068: The dependencies services or group failed to start"

    Tuesday, December 23, 2014 10:39 AM
  • This is what i suspected. Till the DNS Service starts the AD will not be able to load. DNS SRV records are used to locate a DC, Since DNS Server is not starting it is unable to find the DC for your domain.


    Darshan


    Let me see how to troubleshoot this issue.
    Tuesday, December 23, 2014 12:27 PM
  • Hi Darshan

    Any hope.....Why its not starting the DNS server..?

    Tuesday, December 23, 2014 1:49 PM
  • Hi Bobbin,

    Initially me seems, below is the issue and if it not solved let me know i will check my

    earlier docs on this.

    I came across this issue,long back when our AD was in 2003 or mixed Mode.


    Solution:

       1. Remove the network cables on the Server/Desktop that is inaccessible.
       2. Login on to the Server/machine that is not accessable  with an account that has Administrator privileges.
       3.Plug the server network cable back in while logged on.
       4. Change the domain name from FQDN (Microsoft.com ) to the short name (Microsoft).
       5.  Restart the server and log back in as the domain user and all should be fine.

    Please mark as helpful or correct and let me know if you have any questions

    Regards

    Raj Navalgund


    ADS/DNS/DHCP/RIS/GROUP POLICY/PowerShell/VMware/Esxi/Storage.

    Tuesday, December 23, 2014 2:57 PM
  • Try the below,

    Try disabling IPv6 throught the registry

    Also try adding 127.0.0.1 under the DNS settings

    Am curious but why are VMware adapters present in your DC??


    Darshan

    Wednesday, December 24, 2014 6:29 AM
  • Hi Darshan / RAJ

      The above trick also not helped me. So i demoted the AD. Now i'm able to login to my server with administrator password. I'm Planning to reinstall the active directory.

      What all things i need to check before install the active directory. My primary aim is to install my msi package through group policy management. For this what all thing i need to check?

    Thanks

    Bobbin

    Friday, December 26, 2014 12:06 PM
  • Hi Bobbin,

    Before going further, from the ipconfig/all report you post, it's noticed that you also configured IPv6 address of the DNS server. If we don't use IPv6, we don't need to configure IPv6 address for the DNS server. Besides, DNS servers on <adapter name> should include the loopback address, but not as the first entry.

    Regarding this point, the following article can be referred to for more information.

    DNS: DNS servers on <adapter name> should include the loopback address, but not as the first entry

    http://technet.microsoft.com/en-us/library/ff807362(v=ws.10).aspx

    Moreover, there are also multiple NICs on the server, which is not recommended for domain controller.

    Regarding this point, the following article can be referred to for more information.

    Steps to avoid registering unwanted NIC(s) in DNS on a Mulithomed Domain Controller

    http://support.microsoft.com/kb/2023004

    >>What all things i need to check before install the active directory. My primary aim is to install my msi package through group policy management. For this what all thing i need to check?

    After properly configuring the NIC properties of the server, we can follow the article below to promote it to domain controller.

    Windows Server 2012: Set Up your First Domain Controller (step-by-step)http://social.technet.microsoft.com/wiki/contents/articles/12370.windows-server-2012-set-up-your-first-domain-controller-step-by-step.aspx

    Best regards,

    Frank Shen



    Wednesday, December 31, 2014 8:16 AM
    Moderator
  • Hai all friends

    I fix this problem. I login through DSRM and demort the AD and re-installed it with different name. Now i'm able to login and also i add client machines. Now my problem is publish my software through GPM.

    Thanks to everyone who spend time to fix my problem.....

    Bobbin

    Monday, January 05, 2015 12:13 PM