The NETDOM utility from
makes it easy to reset the secure channel of the BDC. If the NetLogon service on the BDC cannot start due to a secure channel problems, NETDOM is the simplest solution.The BDC secure channel can be reset by typing:
NETDOM BDC JSIBDCn /RESET
You can run this on the PDC, BDC, or any member of the domain, provided that you are logged on with administrator priviledges.
The output looks like:
NetDom 1.2 @1997.
Querying domain information on computer \\JSIBDCn ...
The computer \\JSIBDCn is a domain controller of JSIINC.
Searching PDC for domain JSIINC ...
Found PDC \\JSIPDC
Verifying secure channel on \\JSIBDCn ...
Verifying the computer account on the PDC \\JSIPDC ...
The computer account for \\JSIBDCn doesn't exist or has an invalid password.
Resetting secure channel ...
Changing computer account on PDC \\JSIPDC ...
Stopping service NETLOGON on \\JSIBDCn .... stopped.
Starting service NETLOGON on \\JSIBDCn .... started.
The BDC \\JSIBDCn secure channel was reset successfully.
Logoff/Logon \\JSIBDCn to take modifications into effect.
The above command resets the BDC secure channels only if required. If the password for the BDC secure channel was good, then you receive:
NetDom 1.2 @1997.
Querying domain information on computer \\JSIBDCn ...
The computer \\JSIBDCn is a domain controller of JSIINC.
Searching PDC for domain JSIINC ...
Found PDC \\JSIPDC
Verifying secure channel on \\JSIBDCn ...
Verifying the computer account on the PDC \\JSIPDC ...
Secure channel checked successfully.
