Changing Domain Controller Name breaks trust
(Last modified: 22May1998)
This document (2938126) is provided subject to the disclaimer at the end of this document.
Symptom
Changing the NetBios name for a Windows NT Backup Domain Controller (BDC) Server that has been migrated using NDS for NT. Once they reboot the BDC, will receive the following errors in the Event Log:
Date: MM/DD/YY
Time: HH:MM:SS AM/PM
User: N/A
Computer: BDC_Server_Name
Event ID: 5721
Source NETLOGON
Type: Error
Category: None
"The session setup to the Windows NT Domain Controller \\[PDC_Server_Name] for the domain [Domain_Name] failed because the Windows NT Domain Controller does not have an account for the computer [BDC_Server_Name]".
Date: MM/DD/YY
Time: HH:MM:SS AM/PM
User: N/A
Computer: BDC_Server_Name
Event ID: 7023
Source Service Control Manager
Type: Error
Category: None
"The Net Logon service terminated with the following error:
The SAM database on the Windows NT Server does not have a computer account for this workstation trust relationship".
At this point the old BDC name shows in Server Manager as a BDC, and the new BDC name shows in Server Manager as a Workstation (NOT a BDC). Attempting to access the old BDC name while running Server Manager from the PDC will generate the error "The network path was not found". Attempting to access the new BDC name from the PDC will generate the error "Access Denied". However, attempting to access the new BDC name from the newly named BDC will work.
keywords: NDS4NT
Cause
This is a problem with the Microsoft Domain model/architecture. Even if NDS4NT is NOT installed and you rename the BDC for a domain you will get the following warning after giving a new name in Control Panel/Networks/Change and clicking OK:
"Warning
Changing the computer name without the Domain Administrator first changing its name on the domain will result in domain accounts (including your own domain account) not being able to access or logon on to this computer.
Are you sure you want to change the computer name?
Yes/No?"
If you click Yes then the following message will be presented:
"Network Configuration
The Computer Name has been successfully changed to [New_Name].
This change will not take effect until the computer is restarted"
This information is true even when a NetWare Client is NOT installed at all (Novell's or Microsoft's).
When you reboot you will get the generic error:
"Service Control Manager
At least one service or driver failed during system startup. Use Event Viewer to examine the event log for details."
At this point you can logon to the machine and view the event log, it will have the following exact same errors as reported with the NDS4NT migrated domain:
"Date: MM/DD/YY
Time: HH:MM:SS AM/PM
User: N/A
Computer: BDC_Server_Name
Event ID: 5721
Source NETLOGON
Type: Error
Category: None
'The session setup to the Windows NT Domain Controller \\[PDC_Server_Name] for the domain [Domain_Name] failed because the Windows NT Domain Controller does not have an account for the computer [BDC_Server_Name]'
Date: MM/DD/YY
Time: HH:MM:SS AM/PM
User: N/A
Computer: BDC_Server_Name
Event ID: 7023
Source Service Control Manager
Type: Error
Category: None
'The Net Logon service terminated with the following error:
The SAM database on the Windows NT Server does not have a computer account for this workstation trust relationship'."
Solutions
The workaround whether NDS4NT is installed or not is the same. You must:
1. Launch Server Manager from the PDC.
2. Highlight the old BDC name and click on Computer/Remove.
3. Highlight the new BDC name and click on Computer/Remove.
4. Click on Computer/Add to Domain, mark the option for "Windows NT Backup Domain Controller", and then enter the new BDC name and click Add.
5. Reboot the BDC.
At this point it should recreate the implied trust relationship between the PDC and the BDC. No errors should occur in the Event Viewer System log relating to the Domain session or Net Logon service and SAM database.
document
| Document Title: | Changing Domain Controller Name breaks trust |
| Document ID: | 2938126 |
| Creation Date: | 13May1998 |
| Modified Date: | 22May1998 |
| Revision: | 4 |
| Novell Product Class: | Novell eDirectory |
disclaimer
The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.
Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.