I have a 2008 R2 server joined to an SBS 2003 domain. Secure channel has somehow become broken. Netdom gives access denied when run from either DC or member server. I could change to a workgroup, reboot, then re-join domain, and pray that I don’t lose remote access along the way, or I could use this trick:

Are you ready? It’s so simple.. 😉

Go to change the domain, and simply change it from the DNS domain name (e.g. domain.local), to the netbios domain name (e.g. DOMAIN). You will probably need to be on the same broadcast domain (LAN segment), i.e. not over a VPN or WAN, for the netbios domain to be found (unless you have WINS running I suppose).

So, the machine is joined to domain.local, but the secure channel is broken. I just go to the ‘Computer Name’ tab of ‘System Properties’, click Change, and backspace out the .local from the domain name and press OK. It’s like I’m joining a different domain but it’s the same one really. You get the “Welcome to the domain. You must restart this computer for the change to take effect” message. Reboot and it’s all done. As usual the DNS domain name will be shown on the computer name tab after the reboot. Nothing has changed except that the secure channel has been re-established.