How To Re-establish The Trust Relationship Between A Neverfail Protected Server And The Domain Controller
Summary
This KB article explains how to restore the trust relationship of a server running Neverfail Continuity Engine with the domain controller.
In some cases a server running Neverfail Continuity Engine could lose the trust relationship with the domain controller. This means that the machine’s private secret is no longer set to the same value that is stored in the domain controller. In this situation one fix would be to re-join the Active server to the domain but this would automatically invalidate the Neverfail license key which is generated based on the FQDN and the machine SID. To avoid having to generate a new license key and to re-clone the Passive server(s), the following two options can be used to restore the machine’s private secret and re-enable domain functionality.
Option 1
Using Powershell commands recommended by Microsoft in the following KB article.
Option 2
Resetting the MachineAccountPassword by running the commands recommend in the following Microsoft KB article.
Option 3
Using netdom utility
Log in with the local Administrator account by typing, .\Administrator in the logon window. If this is not possible you can try to disconnect the machine from the network and try to log in with a domain user.
- Make sure you have the netdom.exe utility. In Windows Server 2008 R2 and Windows Server 2012 you might need to enable the Active Directory Domain Services role in order to have access to the application.
- Open a command prompt with administrative privileges and run the following command:
netdom resetpwd /s:server /ud:domain\User /pd:*
/s:server is the name of the domain controller
/ud:domain\User is the user account
/pd:* represents the password
4. Reboot the server.
More information on how to use the netdom utility can be found in this Microsoft KB