The title pretty much says it all...
The domain is on a guest VM (Essentials 2012 R2), to which I joined the Hyper-V 2012 R2 host. For reasons not appropriate for discussion here, recently I briefly switched back to Workstation mode. Now that I've rejoined the domain, however, I'm finding that I can't access essential services remotely using the Domain Admin's credentials (Services MMC, Disk Management, etc.). I didn't change any firewall rules during my time away (only an hour or so).
In fact I can't even navigate to its UNC path or any shares (e.g. \\SERVER1). I get this famous error:
I can RDP into it just fine, using Domain Admin credentials. I've used the net localgroup administrators command to verify that the Domain Admin is indeed in the local Administrators group.
How can I get back to where I was before I left the domain? Everything was going great--I was managing disk partitions, local users and groups, VM settings... you name it. Do I have to delete and recreate the Domain Admin's profile on the host? Is something in there looking for the 'old' account (which is actually the same account)?
EDIT to provide add'l troubleshooting info
(I've adjusted the tags a bit to better reflect the topic, as my understanding of the nature of the problem evolves.)
Per Mark's suggestion I deleted and recreated the Domain Admin profile on \\SERVER1, as described in the article he linked. For extra measure, just to be safe, I did the leave/rejoin again—this time taking care to delete the old AD object for \\SERVER1 (which I'd neglected to do the first time).
Still no luck. I have all functionality on \\SERVER1 from all workstations, but not from the PDC.
Thinking I may have some sort of SID caching issue going on, I turned to PsGetSID. It seems a domain member has two SIDs: 1) its machine SID and 2) its domain SID (reference here). Here's what I get when running it on \\SERVER1:
Not sure quite how to deal with that...
But anyway—I'm narrowing it down a bit. Apparently the PDC thinks the Domain Admin account is disabled on \\SERVER1.
This when on the PDC and navigating w/File Explorer:
And this when trying to connect w/MMC's Event Viewer:
So there's a common thread here. I just don't know how to figure out what it is or how to fix it.
UPDATE:
I was using the wrong syntax for PsGetSID for the second SID (you're supposed to exclude the leading backslashes and just use the computer name, followed by a $). I can see now that the domain SID is identical to the one shown in AD. So at least that possibility's eliminated.
Like you said I'd start off by removing the domain admin profile (as long as nothing is needed otherwise rename it) on the local host that was removed and re-added to the domain. This should help in doing so: https://itworkedbeforeyoubrokeit.wordpress.com/2013/07/11/how-to-recreate-a-corrupt-profile-on-windows-7/
Really you just want to login with another account that has admin rights. Delete the local profile for the domain admin account in C:\users\%domainadminusername% Then go into that registry location and rename or delete the SID that matches that username.
Reboot then login with the domainadmin username again.