When your CA server lost is Trust with the AD Domain yo will get this error after you put your username and password :
The trust relationship between this workstation and the primary domain failed
At the same time, events with EventID 5719 with the source NETLOGON appear in the System section of the Event Viewer:
This computer was not able to set up a secure session with a domain controller in domain “XXXX” due to the following:
There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator.ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
The Problem start with the fact that when a server is with CA role you can not rejoin to the domain
The “official” steeps include uninstall and reinstall the CA service and rejoin to domain
The major steps :
- backup existing CA server (including CA keys, CA database and registry configuration);
- uninstall CA service from the server;
- join server to workgroup and re-join server to a new domain. …
- install CA service on the server again.
- after installation is complete restore CA database and registry settings.
The “unofficial way” is to Reset secure channel between the server and the domain (AS always take a backup Before and try to test in Lab).
First Try :
Reset Computer Account Password Using the Active Directory Users and Computers Microsoft Management Console (MMC) – you success to reset but you cant logon with domain cred.
What Solve ?
Using the old good and strong command tool – NETDOM
- Log on Locally to the server with Admin Rights (Not on DC).
- Start CMD As Administrator.
- RUN netdom resetpwd /server:Name-Of-A-DC /userd:Domainadmin /passwordd:P@ssw0rd
- Restart the server.
- Boom the Magic …. the server Rejoin to Domain and CA service running.
SHMUEL H.
Yes! Great trick, thank you!!!
thank you!!!
Legend! +1 for this solution.
Thank you so very much! To anyone wondering, the account and password is not for the computer itself. It is for the account with domain admin access to the domain, to reset the password of the computer account there.