Fix "the trust relationship between this workstation and the primary domain failed" Error

I normally put references for my posts at the end of the post, but because I have shamelessly cut an paste a large chunk of this respectable blogger's page, due to its absolute gold value, I felt I needed to acknowledge them at the beginning.

All thanks for this post must go to Dan Peterson who posted the original info (and background if you wish to read it) at:
http://implbits.com/About/Blog/tabid/78/post/don-t-rejoin-to-fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/Default.aspx

Dan, thank you for the great and valuable post.

Dan's Post (including original font and background colours). I did say shameless...

Just change your computer password using netdom.exe!

netdom.exe resetpwd /s:<server> /ud:<user> /pd:*

<server> = a domain controller in the joined domain

<user> = DOMAIN\User format with rights to change the computer password

Here are the full steps:

1. You need to be able to get onto the machine. I normally just log in with the local Administrator account by typing, ".\Administrator" in the logon window. I hope you remember the password. If you’re creative and resourceful you can hack your way in without the password. Another option is to unplug the machine from the network and log in with domain user. You will be able to do disconnected authentication, but in the case of a reset machine, remember that you may have to use an old password. Your domain user’s cached credential has the same problem as the machine’s private secret.
2. You need to make sure you have netdom.exe. Where you get netdom.exe depends on what version of Windows you’re running. Windows Server 2008 and Windows Server 2008 R2 ship with netdom.exe you just have to enable the Active Directory Domain Services role. On Windows Vista and Windows 7 you can get it from the Remote Server Administration Tools (RSAT). Google can help you get them. For other platforms see this link: http://technet.microsoft.com/en-us/library/ee649281(WS.10).aspx"
3. Extra steps if the machine is a domain controller. If the broken machine is a domain controller it is a little bit more complicated, but still possible to fix the problem. I haven’t done this for a while, but I think this works:
   1. Turn off the Kerberos Key Distribution Center service. You can do this in the Services MMC snap-in. Set the startup type to Manual. Reboot.
   2. Remove the Kerberos ticket cache. A reboot will do this for you, or you can remove them using KerbTray.exe. You can get that tool here: http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17657
   3. Post change steps. Do these in conjunction with 5 below. Turn the Kerberos Key Distribution Center Service back on before rebooting. You should reboot the domain controller and then force replication in the Active Directory Sites and Services MMC snap-in.
4. Run netdom.exe to change the password.
   1. Open an administrative command prompt. On Windows platforms with UAC enabled, you will need to right-click on cmd.exe and select "run as Administrator".
   2. Type the following command: netdom.exe resetpwd /s:<server> /ud:<user> /pd:*
5. Reboot the machine.

Here is more information on netdom.exe: http://support.microsoft.com/kb/325850

References:
http://implbits.com/About/Blog/tabid/78/post/don-t-rejoin-to-fix-the-trust-relationship-between-this-workstation-and-the-primary-domain-failed/Default.aspx
I learnt of Dan's post at http://community.spiceworks.com/topic/285129-my-virtual-nightmare-or-it-would-have-been-if-i-slept?utm_campaign=spotlight&utm_medium=email&utm_source=swemail

Read More

How to Determine SQL Version and Edition

To determine what SQL version and edition you have, connect to the instance of SQL Server, and then run the following query:


SELECT SERVERPROPERTY('productversion'), SERVERPROPERTY ('productlevel'), SERVERPROPERTY ('edition')


Reference:
http://support.microsoft.com/kb/321185

Read More

Run Control Panel Applets from Command Line

   Control panel tool             Command
   -----------------------------------------------------------------
   Accessibility Options          control access.cpl
   Add New Hardware               control sysdm.cpl add new hardware
   Add/Remove Programs            control appwiz.cpl
   Date/Time Properties           control timedate.cpl
   Display Properties             control desk.cpl
   FindFast                       control findfast.cpl
   Fonts Folder                   control fonts
   Internet Properties            control inetcpl.cpl
   Joystick Properties            control joy.cpl
   Keyboard Properties            control main.cpl keyboard
   Microsoft Exchange             control mlcfg32.cpl
      (or Windows Messaging)
   Microsoft Mail Post Office     control wgpocpl.cpl
   Modem Properties               control modem.cpl
   Mouse Properties               control main.cpl
   Multimedia Properties          control mmsys.cpl
   Network Properties             control netcpl.cpl
                                  NOTE: In Windows NT 4.0, Network
                                  properties is Ncpa.cpl, not Netcpl.cpl
   Password Properties            control password.cpl
   PC Card                        control main.cpl pc card (PCMCIA)
   Power Management (Windows 95)  control main.cpl power
   Power Management (Windows 98)  control powercfg.cpl
   Printers Folder                control printers
   Regional Settings              control intl.cpl
   Scanners and Cameras           control sticpl.cpl
   Sound Properties               control mmsys.cpl sounds
   System Properties              control sysdm.cpl


This info is directly sourced from http://support.microsoft.com/kb/192806

Read More

Find A Specific Email Address in Exchange

Sometimes we want to know what mailbox is associated with a particular email address. Here is the easy way to find out.

Exchange 2003
For Exchange 2003, Neil Hobson writes a very good article on www.msexchange.org that makes the process very simple. You must be logged onto a PC or server that has both Active Directory tools and Exchange 2003 management tools installed. See the full article at http://www.msexchange.org/articles/finding-duplicate-smtp-addresses.html

One thing he doesn't specifically mention is that you can use wildcards, such as '*', in your search, which is handy when you don't know the exact address you're looking for.

Exchange 2007/2010
For newer versions of Exchange, simply open the Exchange Management Shell on your mail server and type the following command:

get-recipient emailaddress@domain.com

References
http://www.msexchange.org/articles/finding-duplicate-smtp-addresses.html

Read More

SharePoint Updates Cause Site to Fail

Config Wizard Access Denied
http://blogs.catapultsystems.com/mpoole/archive/2011/02/12/sharepoint-2007-config-wizard-access-denied.aspx

Cannot Connect to the Configuration Database
http://social.technet.microsoft.com/Forums/en-US/sharepointgenerallegacy/thread/8b3094a1-31ee-49d7-ab02-72ca0dc440a7/

SharePoint 3.0 Site Inaccessible After Update
http://social.technet.microsoft.com/Forums/en-US/sharepointadminlegacy/thread/e8391454-a5b2-418f-8dab-324c430ce219/

Add Old Content Database to New SharePoint Site
http://alkalony.wordpress.com/2009/08/25/add-existing-content-database-to-a-site-collection-using-stsadm/

Restore SharePoint 2.0 Site
http://support.microsoft.com/kb/829113

Read More

Connecting to Windows Internal Database MICROSOFT##SSEE

This is often useful when administering Sharepoint services on a Windows SBS 2008 system:
http://www.networkinghowtos.com/howto/connecting-windows-internal-database-microsoftssee/

If inaccessible after an update:
http://blogs.technet.com/b/sbs/archive/2009/05/06/companyweb-inaccessible-after-sharepoint-3-0-service-pack-2.aspx

http://support.microsoft.com/kb/944267?wa=wsignin1.0

Read More

Notes on Recovering / Restoring Exchange

Here are a few key sites regarding recovery or restore of Microsoft Exchange:

Checking Database State or Integrity
http://community.spiceworks.com/how_to/show/2943-find-and-replay-missing-log-files-in-exchange

Database in Dirty State
http://blogs.technet.com/b/mspfe/archive/2012/09/06/why-exchange-databases-might-remain-dirty-after-eseutil-r-recovery.aspx

Backup Recovery Issues
http://social.technet.microsoft.com/Forums/en-US/exchangesvradminlegacy/thread/9af2afca-3e49-4fa6-ad06-5c6c50671a45

Read More

Find Old Computers in AD

For Windows 2003/2008
(Must be 2003 Native domain or newer)
In a Command Prompt window type:

dsquery computer -inactive <num>

Where <num> is the minimum number of weeks the device has been inactive for. Advice seems to be to use at least 2, as anything less than that is not fully reliable.

For Windows 2008 R2+
In a PowerShell  window type:

$time=Read-host "Enter a date in format mm/dd/yyyy"

then

Get-ADComputer -Filter * | Get-ADObject -Properties lastlogontimestamp | where {(([DateTime]::FromFileTime($_.lastlogontimestamp) - ([system.datetime]$time)).totaldays) -lt 0 } | 

NOTE: This post needs some work to get it exactly the way I would use it, but the necessary commands in here should be roughly correct.

For more detail or a better example (of which this is basically a cut and paste at the moment), see reference site below.

References:
http://blog.mattvogt.net/powershell-last-logon-timestamp-for-single-ho 

Read More

Reset Offline Files Cache in Windows 7

To reset the offline files cache in Windows 7

1. Create a registry file called resetcache.reg file with the following contents:
   
   Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CSC\Parameters] "FormatDatabase"=dword:00000001
2. Double click the file and it should merge with registry. Alternatively, use command line:
   E.g. regedit.exe /s resetcache.reg
3. Reboot the PC

Reference:
http://www.networknet.nl/apps/wp/archives/1093

Read More

Find the Desktop

It can be REALLY hard to access the desktop using scripts, especially batch scripts, if it has been moved from the default location of C:\Users\%username%, or even worse if it has been moved out of the %userprofile% location by the way of Folder Redirection.

As batch files cannot find this location, and I do not want to start learning VB script, I want a Powershell method I can use to find it.

This is the method I found:

$desktop = [Environment]::GetFolderPath("Desktop")

The $desktop variable now contains the location to the currently logged-in user's desktop. To view this path simply type

write-host $desktop

Happy day!

Reference:
The comment on the post at http://stackoverflow.com/questions/11349885/get-currently-logged-in-users-with-powershell-to-add-shortcut-to-desktop

:-)

Read More

Windows Update 800B0001 Error

If Windows 7 clients are getting the following Windows Update error:

Windows could not search for new updates

An error occurred while checking for new updates for your computer.

Error(s) found:

Code 800B0001 Windows Update  encountered an unknown error.

 

Clients can still get updates from Microsoft Update, but anything from our WSUS does not work.

According to http://myworldofit.net/?p=809

As it turns out Microsoft had updated the Windows Update client on Windows 7 and that an update (the number is KB2720211) was required on the WSUS server to allow the clients to continue to update.

Simple solution is to approve this update in WSUS and apply it to your servers, a bit of a pain is that this update requires a reboot of the server but hey its that or no updates for your clients!

 Thanks MyWorldOfIT

References:

http://myworldofit.net/?p=809

Read More

Force Windows to Check for Updates

To force Windows to check for updates type wuauclt /detectnow at a command prompt

Read More

Black Screen When Restoring Minimised RDP Session

When restoring a minimised RDP session, often it will come up with a completely black screen, which won't go away for up to 20 seconds...not productivity friendly!

Try this on the client PC (not the remote server/PC):

• In registry go to HKEY_LOCAL_MACHINE\Software\Microsoft\Terminal Server Client\
• Create a new DWORD value named RemoteDesktop_SuppressWhenMinimized
• Specify 2 as the value data.

Reference:
http://serverfault.com/questions/48650/remote-desktop-session-black-after-minimize

Read More

Use proxy.pac to Auto Configure Proxy Settings

Proxy.pac files are great. They'll configure your proxy settings when you're on the protected network, but leave your system unaffected if you take it offsite to a network that does not require or use a proxy server.

Before I even begin to create something of my own I must recognise the following sources:
http://marckean.wordpress.com/2010/02/09/setting-up-proxy-pac-files-in-iis7-for-proxy-use/
http://nscsysop.hypermart.net/setproxy.html
http://nscsysop.hypermart.net/proxypac.html
http://technet.microsoft.com/en-us/library/dd361950.aspx

These sources are all you really need to get going, but I may put some more info up here more specific to the things I do with proxy.pac files.

Read More

Add an Exchange Mailbox for an Existing Active Directory User

If you have a user in Active Directory that does not have an email address or Exchange Mailbox, you need to do the following to set them up.

These instructions are valid for Exchange 2007 or 2010. Ensure you are a member of the Exchange Recipient Administrators group within Active Directory. If you cannot set this up yourself, ask your network administrator to do this.

If you have a 64-bit version of Windows Vista or 7, you can have the Exchange Management Console (EMC) installed directly on your PC. How to do this is not covered in this post however. If you don't already have the EMC on your PC, to complete the following steps you will need to log onto one of your Exchange servers or another PC or server that has the EMC installed.

Once logged onto a PC or server that has the EMC installed:

1. Go to Start | All Programs | Microsoft Exchange | Exchange Management Console 
2. Once that opens, navigate to Recipient Configuration | Mailbox
3. Then on the right click New Mailbox
4. Ensure User Mailbox is selected and click Next
5. Select Existing User and click the Add button
6. Find the new user, select them and click OK
7. Click Next
8. Tick Specify the mailbox… (for Exchange 2010) or Mailbox Database (for Exchange 2007) and click Browse  
9. Select the database (there may only be one if you have a small Exchange environment) and click OK  
10. Click Next 
11. At the final page, click New to proceed with the mailbox creation

Your user should now have a new mailbox. Well done!

Read More