Communication Breakdown!

No, not the Big O’s hit (if you don’t know who the Big O is, ask your parents <g>), but the dreaded:

test1

Hmmm, lost/corrupted/hosed the secure channel. What next? I know, logon locally, take the computer out of the domain, put it into a workgroup, then restart, rejoin the domain, restart yet again; all is sweet! Nope, bzzzzt! Fail. It looks like it has worked, but what you have most probably done in the background is destroyed the original SID (Security IDentifier) of the computer and created a new computer object in the domain; all group memberships, ou membership, SCCM 2012 object history … gone!

The more correct way? Read on. First, go to your Admin tools; either ADUC (Active Directory Users and Computers) or ADAC (Active Directory Admin Center – new from Windows Server 2008R2 on), right-click the offending Computer object and Reset Account! This sets the computer password to computername$ and allows the computer to reset that password when the secure channel is restored. Next, logon locally:

test2

Then, open an Administrative PowerShell prompt:

test3

Uh oh … more red hints, I see lots of these, deliberate errors I tell my students (well, that’s what my old sergeant said in the Army!). Lets try that using the correct command:

test4

That’s better! Supply the correct credentials, and:

test5

The returned value is Boolean, True means all is working, we’ve rejoined the domain and have preserved the SID, the object history in SCCM and all is sweet, until next time.

If you want to do this remotely (certainly saves walking, or in the worst case, driving to the workstation, refer to this TechNet tip: http://technet.microsoft.com/en-us/magazine/ff700227.aspx

get IT right!

Wayne

Advertisements

Leave a comment

Filed under SCCM 2012 R2, Server 2012 R2

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s