I have a Windows Server 2003 member server that is running IIS 6 in our test environment. It is a VM and was reverted to a snapshot about 4 days old. After doing this, attempts to log into the domain fail with system event ID 3210:
This computer could not authenticate with %dcin.mydomain.com, a
Windows DC for domain %MY_DOMAIN, and therefore this computer might
deny logon requests. This inability to authenticate might be caused
by another computer on the same network using the same name or the
password for this computer account is not recognized. If this message
appears again, contact your system administrator.
All network and DNS issues have been ruled out.
After doing some research I have a hunch that the issue is the computer account password that by default changes every 30 days is out of sync. Issuing the "reset account" command from ADUC did not help the issue.
Attempts to reset the account also failed when using:
NetDom reset svrname /d:mydomain.com /uo:User@mydomain.com /po:*
with a result of the Logon Failure: The target account name is incorrect.
If this were any other server that wasn't running IIS…. I would just remove it from the domain and rejoin it and move on with my life. But I don't know what effects doing that would have on IIS.
After I get through this I'm going got set HKLM/system/currentcontrolset/services/netlogon/paramerters/DisablePasswordChange to "1"
But until then I'm not sure if the "NetDom reset" command is even the correct thing to do short of readding the server to the domain.
Thoughts?
Best Answer
You have a snapshot of the machine already. If unjoining and rejoining it to the domain borks IIS somehow (I doubt it will), you can still revert it. You also said that this was a test environment, which is kind of made to be blown up (in some sense of the word). I'd just unjoin and rejoin it.