Wednesday, January 14, 2009

Netdom /renamecomputer returns an RPC Error

Short blog on an annoying issue.

I dont know about you, but I keep forgetting that error messages are not always indicative of the real problem.

Heres an issue one of our site admins had recently.  He was trying to use netdom /renamecomputer to rename a bunch of workstations in his domain.  It worked on a few computers, but not all of them.  They recently starting deploying a bunch of newly ghosted workstations.

From that description, you can guess about all the rabbit-trails I followed before I realized what was happening.  The solution was too simple.

Before I figured it out, I did the usual testing:

·       Checked the secure channels between the workstations and the domain

·       Verified forward and reverse (A and PTR) DNS records for the workstation and made sure there were no other duplicate registrations hanging around with the wrong IP (or old PTR records, for that matter).

·       Even checked for duplicate SPN, since we do have the occasional KDC 11 event

·       Even checked WINS

·       Looked at the computer objects in AD and verified they were present and had the expected information such as good modified dates, etc.

·       Checked for duplicate SIDs, thinking some systems may not have firmly joined the domain (which would correct the SIDs on ghosted systems that were not properly sysprepped, first).

Everything looked good.  In all other ways, the systems were on the domain and completely functional.  Their event logs were clean.  The logs on the DCs were clean.  There were logon events for the computers, as appropriate.  But when you tried to rename them with netdom, you got an RPC error.

So I compared the services on a workstation that was okay with netdom and a workstation that was not.

The culprit?  BlackIce.

Should have looked there first.  Dont know why I didnt.  Guess I was looking for a network/configuration/AD issue, since this was presented to me as an issue with the domain controllers in their domain.

Anyway, as soon as they disabled BlackIce, they could do the netdom /renamecomputer and all was well.  I had them modify their script to use SC to shutdown & disable BlackIce before running netdom, and then using SC to enable and start BlackIce again.  No problem.

Just another case where a simple answer is the right answer.  And I thought I should blog about this since I googled the topic earlier and found a lot of people asking, but no one got any sort of a helpful answer.

Not that this is all that helpful, but I do my best.