How to Reset Active Directory Secure Channel If Broken

active-directory windows-server-2008-r2

Solution 1:

I've had some instances where a machine will decide to use an off-site domain controller (elsewhere on our WAN) as it's logon server and map offsite network drives instead of local ones; that can be resolved by resetting the secure channel directly:

nltest /sc_reset:<domain>\<domain controller>

Solution 2:

nltest.exe can be used to check the channel and attempt to reset it.

nltest.exe /sc_verify:<fully.qualified.domain.name.here>

If that does not do it, you can restart the netlogon service (I mainly use PowerShell, so I'll give an example of that).

Get-Service netlogon | restart-service
nltest.exe /sc_verify:<fully.qualified.domain.name.here>

I ran the nltest command after restarting the service to validate that the secure channel was back in operation.

If you've made some network changes (IP Addresses, changing hardware, virtualizing, etc..) you might want to flush your dns cache and clear your arp table before running the above commands.

ipconfig /flushdns
arp -d *
Get-Service netlogon | restart-service
nltest.exe /sc_verify:<fully.qualified.domain.name.here>

Related

Ubuntu Server 12.04 CPU Load
How can I block a specific type of DDoS attack?
tail -f : `tail: logfile.log: file truncated`
Yum: What is the @shortname for a Package Group?
Ubuntu lastlog only shows a few entries
When should one use EPEL 5 or EPEL 6?
how to cause linux system datetime to run faster than real world datetime?
Refresh /dev/sdx list
Apply Group Policy to Remote Desktop Services users but not when they log on to their local system
Finding Windows keys in use throughout corporation
Add Machine Key to machine.config in Load Balancing environment to multiple versions of .net framework
Deleted Apache access logs still taking up space