question

ESPITGuy-1290 avatar image
0 Votes"
ESPITGuy-1290 asked DSPatrick answered

Reset machine password of a domain controller

Hello,

On my secondary DC I'm seeing the event NETLOGON 3210
This computer could not authenticate with \\DC.network.local, a Windows domain controller for domain Network, and therefore this computer might deny logon requests. This inability to authenticate might be caused by another computer on the same network using the same name or the password for this computer account is not recognized. If this message appears again, contact your system administrator.

It doesn't appear to be causing any issues but it's something that I'm sure needs to be addresses. I've seen various articles around the topic but none that are quite the issue I have. The closest I can find is: http://blog.cpolydorou.net/2019/02/domain-controller-machine-password-reset.html

I've never reset the machine password of a DC before so a bit apprehensive to follow along. Thoughts anyone?

Many thanks

Edit: I should also add, this DC runs ADsync and has been happily operating for at least 2 years. I've only recently discovered the event so no idea of when it started. Earliest log was 2 months ago.

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick edited

Try;
Test-ComputerSecureChannel
or
Test-ComputerSecureChannel -Repair
or
The simplest solution may be to move roles off, demote, reboot, promo the problematic one again.

--please don't forget to upvote and Accept as answer if the reply is helpful--





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

ESPITGuy-1290 avatar image
0 Votes"
ESPITGuy-1290 answered

Thanks DSPatrick,

Sorry I didn't get notified of your replies. I've run the commands you've mentioned and the DC does fail, but the repair doesn't work. I was hoping to avoid demoting as it runs our ADSync. I think the easy answer is the normal windows way of doing a clean install. I'll transfer everything over and bomb the DC in question.

Appreciate you time. Thanks

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered

Sounds good, you're welcome.

--please don't forget to upvote and Accept as answer if the reply is helpful--





5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.