Windows 10: Broken Secure Channel on Restored DC

Hello everyone, I recently ran into a problem that has been bothering me for a long time. The secure channel of a restored DC is broken. No matter how much effort I put into solving it, even following the various official guides, for example using netdom resetpwd, the secure channel remains broken. The only detail I noticed is that the DC that holds the role of PDC Emulator has this problem, if I move that FSMO role to another DC, magically the secure channel works but the new DC that receives the FSMO Emulator has the secure channel broken. I also specify that all domain features are ok. Any

:)

 

Feature Update 20H2 - Secure Channel Broken

Hi,
I'm hoping someone can help me out here?

I have a small home network, comprised of 6PCs that are members of a Windows Domain. I have 2 Domain Controllers running Server 2016.

Since installing Feature Update 20H2 on one of my machines I've been seeing errors at logon "The Security Database on the Server does not have a Computer Account for this Workstation Trust Relationship".

The machine in question was cloned from an older computer that suffered hardware failure but has been working perfectly well in my domain. Until now.

In the Event Viewer there are Security Audit failures that specify a NULL SID, which I'm attributing to the machine being cloned. I ran a query in PowerShell to test the secure channel. It is broken. I tried to fix this in PowerShell but any attempt to repair the channel return a value of "False". Ordinarily I would just remove it from the domain and rejoin BUT this computer is my primary audio/video system. I have a TON of audio apps and projects on their so HAVING A NEW USER PROFILE IS NOT AN OPTION HERE.

If I disconnect the Ethernet cable I can login with cached credentials and when I plug the cable back in everything works fine (until the next time I try to login). I can run a PowerShell command to reset the machine password in AD BUT when I do this the machine restarts and creates a new profile for my user account (I had the foresight to image this machine right after I installed the feature update, so I can restore it to a state where my profile is intact.

What I've Tried

1. Repairing the secure channel using PowerShell - Failed
2. Removing the PC from the domain and rejoining the same domain - Succeeded but broke the user profile (new desktop, apps not registering etc.)
3. Resetting the machine password in AD - Succeeded but broke the important user profile.
4. Ran an NSLOOKUP on the problem machine, which correctly identifies the primary DC and also the secondary.
5. Reset the computer's account in the domain
6. Ran repadmin /syncall /AdeP on the DCs. Replication completed without errors
7. Ran an ipconfig/all on the PC, which correctly displays network settings (including DNS)
8. Tried turning off IPv6 and enabled "Enable NETBIOS over TCP/IP" - No difference

What I'm looking for is a non-destructive way to repair the secure channel (one that does not lead to resetting the user profile).

I realize this one is a bit off the wall but would be grateful for any suggestions anyone could offer that might steer me in the right direction. Even something that would allow me to create a clone of the user profile, so I don't lose access to my apps, that could be restored after a domain unjoin/rejoin

Best regards

 

error 1012 dc

Hi Colinus,

Corrupted system files may be the possible reason why you received the error code 1012 dc. To efficiently assist you, we'd like to gather more information:

• What specific task are you trying to do?
• When did you get error code 1012 dc?

In the meantime, if you're trying to install update, we suggest that you follow the steps in this
article on how to troubleshoot Windows Update issues. It will let you choose which version of Windows you are experiencing
the problem and try performing the instructions provided.

Keep us posted if you need additional help.

 

Restore Security Permissions

Hello Deepak,

Thank you for posting in Microsoft Community.

I understand that you have cancelled the security permissions while setting it to folders and you are trying to restore back. We will help you.

• Which folder are you trying to set the permissions?
• What are you referring to " files is affected "?

I suggest you to follow the below steps and check if it helps.

• Open the file explorer and select the destination folder
  for which you wanted to revert back the permission changes.
• Right click on the folder. Select the Previous versions
  tab.
• Select the previous version in the below list and click
  apply.
• Check if the issue persists.

Keep us posted to help you better.