Apple OSX 10.4 Cannot connect to Windows Server 2008 SBS

OK let's start slow and can you provide me some answers:

1. Do you have a DHCP server on your network?
2. Can you browse the internet?
3. Do you have an internal DNS server on your network?
4. Please post a screenshot of your network settings.
5. What is the version of 10.4? e.g. 10.4.5 or 10.4.11?

to ping the domain controller by name (assuming DHCP is assigning the DC as the DNS server) you need to append the domain suffix to your network settings. It's a good idea to do this within DHCP if you have access to the settings. In the section where it says "search domains" in your network settings on the mac assign your domain suffix IE. domain.lan.

Also, probably before the mac will be able to connect to server resources you typically have to change these two group policy objects on the 2008 server:

Microsoft network client: Digitally sign communications (always) set to disabled
Microsoft network server: Digitally sign communications (always) set to disabled

It's a SBS 2008 configuration, it's doing DHCP, I can browse the Internet just fine. DNS works for everything else that I've tried. I'm not sure what exactly the version of 10.4 is but I did just do an update of 168 mb. Ok another little nuance. I can see the domain when i do an nslookup from the apple box. when i do an nslookup i can see the server, ip address and domain name. Go figure. So I'm now leaning to trying to understand what renazonse is asking me about the suffix.
I've already done the group policy changes. So that should be good. The thing I don't know about is the appending of the domain suffix. Can you be a bit more specific about this. I've never had to do this before in my 15 years of networking, so I'm not sure what exactly you are telling me to do. The domain controller is handing out Dhcp and yes the SBS server is the domain controller. How do I append the domain suffix to the network settings. I'll look up the 'search domains" now.

Appending the domain suffix is something that's automatically done to a PC when it joins a domain. If a pc is joined to a domain it's FQDN looks something like this: computer.domain.local and your server is server.domain.local. I'd imagine if you go to the mac and try to ping your server's FQDN server.domain.local you'll get a response. If you don't append the suffix in the network settings on a mac it flat out will not ping the server by it's short name. I always add the domain suffix into the settings within DHCP so it's pushed out automatically. A screenshot of where the setting is is attached:

System Preferences > Network > Built-In Ethernet or Airport > TCP/IP > "Search Domains" field > type in domain.local (obviously replaced with yourdomainname.local)
Picture-1.png

Appending the domain name is easier set on your dhcp.

Are you trying to join a domain with your mac?

I am trying to join the domain with the Mac. I've never had to do the append before on a Mac to get it to work. Sounds like it would have been easier if I did. I can connect to the server by using the "connect to"  but it's not consistant and leaves too much maintenance up to the end user. Joining the domain like I had it before on the old server would correct all that. How do I use DHCP to append the domain?

In your DHCP management console browse to "Scope Options" > right click on "Scope Options" > select configure options > find DNS Domain Name > type in yourdomain.local > ok > go to the client and renew the DHCP lease.

ok to do this, you need to:

1. go to your utilities folder
2. open the application directory access
3. place a check mark in the box for Active Directory
4. click on configure for Active Directory
5. Enter your forest name
6. Enter your Active directory Domain name the FQDN!!
7. Enter your computer name
8. under user experience click the box Create mobile account
9. Click administrative
   
10. Enable preferred domain server
11. Eter your preferred domain server name
12. Click on bind
13. Enter your domain credentials
    

Picture-195.png

This is what  I can't do. When I try to join the domain I keep getting an invalid username and password error. So since I couldn't ping the server, I've been assuming that that is what is twisting up the configuration. That's why I was thinking that the extending the suffix might help.

Oh, and I already had the domain option included in DHCP.

Is this a .local domain suffix? You'll have some real trouble with it if that's the case. Apple's local Rendezvous address uses .local and this has been a major hassle in the past.

Can you ping the FQDN of the server?

Joining a domain in this fashion should not be a problem as long as you are entering your FQDN such as mydc.mycompany.com

Do not use the NetBIOS name mycompany.  With AD domain joining and Macs it does not work.

Also make sure that the user performing the join has AD administrative permissions.

the domain name is "domain-int.local". And no I cannot ping the fqdn of the server. I can ping the ip address. I can even do an nslookup, because it queries the domain server as the name server and comes up with all of the correct information. I mentioned this above allso. It's the most perplexing thing.

The mac is using the AD server as the DNS server. I will try creating a new network location.
Now about disabling bonjour. Can it be done just while i do the actual joining of the domain and then reenable it. Or would that be a permanent thing. And how exactly do I do this. Is this a command I enter on a run line in apple. Or in a terminal window?
An what will the repercussions be when I turn off Bonjour. I guess it won't automatically discover the network printers anymore as one thing.

You run the commands from the terminal and there will be a bit of lost functionality, like bonjour printing or iChat, but AppleTalk will still work for printing.

I'm not sure about re-enabling it...can't hurt to try once your bound. If it doesn't work, turn it back off.

To be exact, I first set the dhcp setting to "manual" and put in all of the same settings that the mac got from dhcp. I can't understand why that would make a difference, but I was then able to ping the domain name and the server by name.
At that point I still couldn't join the domain.
I then disabled the bonjour and "voila" I was able to join the domain.