Lost domain - rejoin domain but account is damaged

This is related to a posting of mine from 4/13/2005, but the problem seems
to be more serious than I originally noticed.

I have a WinNT 4.0 domain. The primary domain controller's hard disk
crashed, and the backup domain controller did not do its job. As a result, I
need to rebuild the network.

I have installed a new hard drive in the PDC, and reinstalled WINNT 4.0
server and all service packs, etc.

I am in the process of putting the domain back together. I have run into a
strange problem.

Before deploying to the entire group, I have been working on getting my own
workstation to work with the rebuilt PDC.

Understanding that the loss of all domain information on the PDC would
likely invalidate the domain information on the local workstations, e.g.
secure channel passwords, I removed the workstation from the domain, and
then added it back in again, with the same computer name.

1. To start, I have setup two Administrator accounts on the PDC, the
built-in Administrator account, and my own personal account. Both of them
belong to the Domain Admins group.
2. On my workstation, I have removed all accounts from the Administrators
group except the local Administrator, and Domain Admins.

Prior to the crash of the PDC I never logged into this workstation using the
<Domain>\Administrator acct. Rather, I always logged in as
<Domain>\<myacct>. So, prior to today, there was no SID or profile for
<Domain>\Administrator, but there was <Domain>\<myacct>. When I log in as
<Domain>\Administrator, I can see that the system is using the profile
folder Administrator.<Domain>. When I log in as <Domain>\<MyAcct>, I can see
that the system is using the profile folder <MyAcct>.<Domain>.000, since
there already was a <MyAcct>.<Domain> profile folder.

Here is the problem: if I log on as <Domain>\Administrator, I can log off
and then back on again as either <Domain>\Administrator, or
<Domain>\<myacct>. However, if I log on as <Domain>\<myacct> and log off, I
am unable to log on again using either account. I get an error message
saying that my domain is unavailable.

I have used the WinNT Resource Kit took NetDom to look at the secure channel
connection to my workstation. When I am free to log on to the workstation,
NetDom confirms that the secure channel connection is good. However, when I
am not able to log into the workstation, NetDom tells me "The RPC server is
unavailable."

There is something about the <Domain>\<MyAcct> acct on my workstation that
breaks the connection to my PDC.

I will appreciate any help that can get be past this problem

Thanks,
Jim

Please visit the server experts in the server newsgroup:
news://msnews.microsoft.com/microsoft.public.windows.server.general

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User
Microsoft Newsgroups

Get Windows XP Service Pack 2 with Advanced Security Technologies:
http://www.microsoft.com/athome/security/protect/windowsxp/choose.mspx

-------------------------------------------------------------------------------------------

"Jim Walsh" wrote:

| This is related to a posting of mine from 4/13/2005, but the problem seems
| to be more serious than I originally noticed.
|
| I have a WinNT 4.0 domain. The primary domain controller's hard disk
| crashed, and the backup domain controller did not do its job. As a result, I
| need to rebuild the network.
|
| I have installed a new hard drive in the PDC, and reinstalled WINNT 4.0
| server and all service packs, etc.
|
| I am in the process of putting the domain back together. I have run into a
| strange problem.
|
| Before deploying to the entire group, I have been working on getting my own
| workstation to work with the rebuilt PDC.
|
| Understanding that the loss of all domain information on the PDC would
| likely invalidate the domain information on the local workstations, e.g.
| secure channel passwords, I removed the workstation from the domain, and
| then added it back in again, with the same computer name.
|
| 1. To start, I have setup two Administrator accounts on the PDC, the
| built-in Administrator account, and my own personal account. Both of them
| belong to the Domain Admins group.
| 2. On my workstation, I have removed all accounts from the Administrators
| group except the local Administrator, and Domain Admins.
|
| Prior to the crash of the PDC I never logged into this workstation using the
| <Domain>\Administrator acct. Rather, I always logged in as
| <Domain>\<myacct>. So, prior to today, there was no SID or profile for
| <Domain>\Administrator, but there was <Domain>\<myacct>. When I log in as
| <Domain>\Administrator, I can see that the system is using the profile
| folder Administrator.<Domain>. When I log in as <Domain>\<MyAcct>, I can see
| that the system is using the profile folder <MyAcct>.<Domain>.000, since
| there already was a <MyAcct>.<Domain> profile folder.
|
| Here is the problem: if I log on as <Domain>\Administrator, I can log off
| and then back on again as either <Domain>\Administrator, or
| <Domain>\<myacct>. However, if I log on as <Domain>\<myacct> and log off, I
| am unable to log on again using either account. I get an error message
| saying that my domain is unavailable.
|
| I have used the WinNT Resource Kit took NetDom to look at the secure channel
| connection to my workstation. When I am free to log on to the workstation,
| NetDom confirms that the secure channel connection is good. However, when I
| am not able to log into the workstation, NetDom tells me "The RPC server is
| unavailable."
|
| There is something about the <Domain>\<MyAcct> acct on my workstation that
| breaks the connection to my PDC.
|
| I will appreciate any help that can get be past this problem
|
| Thanks,
| Jim