Q

Problems after installing patch MS04-011 in Active Directory

When patch MS04-011 (KB835732) was applied on the Active Directory DCs, all communications with NT trust relationship

(NT servers) went down. The problem was verified when some users tried to access the DEVSAP server machine (NT 4 Server running SP5 and a lot of patches to be applied, running Development SAP environment). The AD administrators were receiving a lot of messages from those NT servers over branch offices. We made the roll-out, but without success. The problem still remains. After a lot of unsuccessful tries, we found information on the Internet about lost trust between domains.

What was made to correct the problem? It was flagged the "Restricted Anonymous" settings on all Domain Controllers. After we set it, we just restarted all Domain Controllers, and the communication and trust was up once again.

Errors:
The following error message appeared when we tried to logon in NT server:

"The system cannot log you on this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect."

Would you have some hints about what we can do in this case for resolving this problem? We continue with the necessity of applying the patches in DCs, but we need to make it secure (doesn't stop the logon in NT servers).

It appears the problem is partially fixed? If I am reading the above correctly the trust is re-established and yet you are getting an error about authentication failure with the trust. It sounds like you need to remove the trust and then build it again. When you do so, make sure you remove the trust from both domains, and then add the trust back. When you do so, a new computer password will be created and both domains will know it. What has happened is that the password is periodically changed by the operating system (not by administrators), and it is now out of synch.
This was first published in August 2004

Dig deeper on Patches, alerts and critical updates

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close