Windows Server 2008 : Using netdom (part 3) - Querying and Resetting Secure Channels with netdom

2/14/2014 12:52:03 AM

4. Querying and Resetting Secure Channels with netdom

You can use the netdom command to query and verify secure channels between computers in the domain. When needed, you can use the netdom command to reset these channels.

Tip

Computers have passwords used to establish the secure channels. When the password kept on the system doesn’t match the password kept in the domain, the secure channel is broken. This can happen when the computer has been turned off for a long time, or after restoring Active Directory.

The basic command to query and verify the secure channel with computers in the domain is

netdom query server /verify

The following output shows the partial result of this command:

C:\> netdom query server /verify
Verifying secure channel setup for domain members:
Machine                     Status/Domain       Domain Controller
=======                     =============       =================
\\SALES73                   PEARSON           \\DC1.PEARSON.PUB
\\SALES74                   PEARSON           \\DC1.PEARSON.PUB
\\WIN7PCG                   ERROR!  ( The network path was not found. )
\\DC2                       PEARSON           \\DC1.PEARSON.PUB
\\PC-1                      PEARSON           \\DC1.PEARSON.PUB
\\SC1                       PEARSON           \\DC1.PEARSON.PUB
The command completed successfully.

Notice that the majority of these systems show the domain and the domain controller where the secure channel (trust relationship) has been verified. However, the \\win7pcg computer has a problem.

Note

Before resetting the trust, you should verify that the system is up and operational.

You can also check the channel with just a single computer using the following command:

netdom verify /d:domain computer-name

For example, the following listing shows how to verify the channel with a computer named dc2 in the pearson.pub domain, and the result:

C:\> netdom verify /d:pearson.pub dc2
The secure channel from DC2 to the domain PEARSON.PUB has been
verified. The connection is with the machine \\DC1.PEARSON.PUB.

The command completed successfully.

If the command fails, you can reset the secure channel between the domain and the computer with the following command:

netdom reset /d:domain computer-name

The following listing shows how to reset the secure channel with the computer named dc2 in the pearson.pub domain:

C:\> netdom reset /d:pearson.pub dc2
The secure channel from DC2 to the domain PEARSON.PUB has been reset.
The connection is with the machine \\DC1.PEARSON.PUB.

The command completed successfully.

Others

- Windows Server 2008 : Using netdom (part 2) - Verifying Trust Relationships

- Windows Server 2008 : Using netdom (part 1) - Identifying Operations Master Roles, Joining a Computer to a Domain

- Windows 7 : Windows Media Center - Some Tricks of the Trade (part 2) - Burning DVDs from Recorded TV, Setting Parental Control Ratings

- Windows 7 : Windows Media Center - Some Tricks of the Trade (part 1) - Viewing TV Shows on Your HDTV or Projector

- Windows 7 : The WMC Functions (part 2) - Pictures, Videos, Music

- Windows 7 : The WMC Functions (part 1) - TV

- Windows 7 : The WMC Hardware (part 2) - Can I Upgrade My Non-WMC PC to a WMC PC?

- Windows 7 : The WMC Hardware (part 1) - The New WMC PC Form Factors

- Windows 7 : Windows Media Center—What’s the Hubbub?

- Windows Server 2008 R2 high-availability and recovery features : Planning for High Availability