No domain trust relationship after SSR recovery
Dear All,
I came across an unusual situation and count on your help since I cannot resolve it.
Scenario: Domain network with W2012R2 server as a DC, a spare DC and several other servers both virtual and physical. Several dozen workstations.
One of the workstations (W7pro-64) got a failure with cyclic BSOD. Disks C:,D: and SYSTEM_DRV were restored from the 24-hour-old backup. "Preserve domain trust token on target drive" option is checked, though I do not know if it's correct. Anyway I see no way change this.
After that the trust relationship was with the domain was broken with the following symptoms:
1. Login not possible with network cable plugged. The system refused to recognize any domain users.
2. RDP connections to the workstation fail.
3. Impossible to connect to MS Exchange.
Additional information:
What I tried:
1. Nltest query
C:\>nltest /query
Flags: 0
Connection Status = 1786 0x6fa ERROR_NO_TRUST_LSA_SECRET
The command completed successfully
2. Nltest reset
C:\>nltest /sc_reset:<DOMAIN>
I_NetLogonControl failed: Status = 1786 0x6fa ERROR_NO_TRUST_LSA_SECRET
3. Netdom reset
Also no luck - access denied.
4. Netsh
netsh winsock reset
netsh int ip reset
and attempt to join the domain with the wizard. No luck.
5. Multiple attempts to unjoin the domain.
Every possible combination. Under domain users with administrative rights, under enabled local admin account. With network cable plugged and unplugged. The result is the same - ACCESS DENIED.
6. wmic
start /B /W wmic.exe /interactiveff ComputerSystem Where "Name='%computername%'" Call UnJoinDomainOrWorkgroup FUnjoinOptions=0
No result at all.
7. POwershell cmdlet
Reset-ComputerMachinePassword
Reset-ComputerMachinePassword -Server "DC01" -Credential Domain01\Admin01
Also leads to access denied error
All the methods I tried have one symptom in common - access is denied.
I think that there is some fundamental problem in recovery.
Please, advise how to resolve the problem.