Logon May Not Succeed After Rejoining a Windows 2000 Domain Using Netdom and an Explicit Organizational Unit

This article was previously published under Q257986
This article has been archived. It is offered "as is" and will no longer be updated.
You may not be able to log on to a Windows 2000-based domain after you join the domain by using the Netdom tool from the Microsoft Windows 2000 Resource Kit and specifying an explicit organizational unit, remove yourself from the domain, and then join the domain again by specifying the same organizational unit.
This problem occurs because the new machine account password that is generated the second time you join the domain is not set on the domain controller. You cannot log on because the machine account password from the initial join is still stored on the domain controller and does not match the password from the second join. Therefore, the workstation cannot set up a secure channel for authentication.
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in theMicrosoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

This problem was first corrected in Windows 2000 Service Pack 1.

Article ID: 257986 - Last Review: 10/20/2013 18:32:58 - Revision: 2.3

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • kbnosurvey kbarchive kbbug kbfix kbwin2000sp1fix kbhotfixserver kbqfe KB257986