LDAP: XP-SP2 client access to W2K DC server

Thanks, I created the XP2-SP2 from a copy of the XP-SP1.
So, what to compare?
The computername has changed and added to the DC.
A DNS server is not installed. I use DHCP from a host.

On the network neighborhood of XP-SP2 I can access the DC's share.

What are the lines around the one line you posted?

Generally I don't see or use this the way you are using it.
try something like

Set objRootLDAP = GetObject("LDAP://RootDSE")
strDomain = objRootLDAP.Get("DefaultNamingContext")

you have the same rootDSE to the left and right of the operator,
that could be causing the problem

The caller ( a cmd file):
   cscript showInfo.vbs //NOLOGO
   pause >nul
The vbs file:
   on error resume next
   ' AD Domain:
   isADS = false
   Set rootDSE = GetObject("LDAP://rootDSE") ' <== here the error appears if I make the "On error" to comment
      actErr = Err.number
      If actErr = 0 Then
          isADS = true
       Else
         WScript.echo "AD does not exist"
      End If
      strADDomain = rootDSE.Get("defaultNamingContext")
   Set rootDSE = Nothing
   If isADS = true Then
       WScript.echo("AD:" + strADDomain)
   End If
   ...

test this out:


on error resume next
' AD Domain:

isADS = false
Set objRootLDAP = GetObject("LDAP://rootDSE") ' <== here the error appears if I make the "On error" to comment
actErr = Err.number
If actErr = 0 Then
      isADS = true
  Else
      WScript.echo "AD does not exist"
End If

strADDomain = objRootLDAP.Get("defaultNamingContext")
Set rootDSE = Nothing

If isADS = true Then
      WScript.echo("AD:" + strADDomain)
End If

I get "AD does not exist"

In addition I'm executing a logon script.
There the following appears:
...
C:\...\myadm>net send myserver "Hello from myadm on  clientXPSP2"
An error appeared during sending the message to myserver
The alias of the message on the network could not be found
For further help enter NET HELPMSG 2273
...
I think this situation has the same reason as the primary problem.

1) OK I have to get the DNS question out of my mind.
Can you run an ipconfig /all from the command line to verify?

2) Also in your script replace this line

   WScript.echo "AD does not exist"

with this

Wscript.echo err.number & vbtab & err.description

This will give a more detailed description.

3) check event viewer for errors on startup that might pertain to this situation

4) When you created this copy of the XP SP1 machine what utility did you use and do you use it often?
Basically want to see if you use something like GhostWalker to change the machine ID.

5) If this is a test machine then rejoin it to the domain using a different name

Here is the ipconfig /all
---

C:\>ipconfig /all

Windows-IP-Konfiguration

        Hostname. . . . . . . . . . . . . : clientxpsp2
        Primäres DNS-Suffix . . . . . .: srvExchange.VMware
        Knotentyp . . . . . . . . . . . . . : Hybrid
        IP-Routing aktiviert. . . . . . . : Nein
        WINS-Proxy aktiviert. . . . . . : Nein
        DNS-Suffixsuchliste . . . . . .  : srvExchange.VMware
                                                   localdomain

Ethernetadapter LAN-Verbindung 2:

        Verbindungsspezifisches DNS-Suffix: localdomain
        Beschreibung. . . . . . . . . . . : VMware Accelerated AMD PCNet Adapter
        Physikalische Adresse . . . . .: 00-0C-29-9D-B4-5B
        DHCP aktiviert. . . . . . . . .  . : Ja
        Autokonfiguration aktiviert .  : Ja
        IP-Adresse. . . . . . . . . . .  .. : 192.168.146.147
        Subnetzmaske. . . . . . . . . .  : 255.255.255.0
        Standardgateway . . . . . . . . : 192.168.146.2
        DHCP-Server . . . . . . . . . . . : 192.168.146.254
        DNS-Server. . . . . . . . . . . . : 192.168.146.2
        Primärer WINS-Server. . . .  : 192.168.146.2
        Lease erhalten. . . . . . . . . . : Dienstag, 23. Mai 2006 22:10:09
        Lease läuft ab. . . . . . . .. . . : Dienstag, 23. Mai 2006 22:40:09

C:\>
---

for 2) I get only -2147023541    <== no description
 

for 3) I get (translation from German):
--- System event:
The resource entries for Host(A) for the following network adapter couldn`t be registered:
   Adaptername : {61B348EB-5A5F-48DC-90FE-07492EB5A937}
   Hostname : clientxpsp2
   Primary Domain suffix : srvExchange.VMware
   DNS server list :
           192.168.146.2
   Server, to whom the Update has been send : <?>
   IP-Adresse(s) :
     192.168.146.147
The resource entries couldn't be registered because the DNS server has rejected the Update request.
Possible reasons are:
(a) You are not allowed to actualize the DNS domain name
(b) the authorized DNS server does not support dynamical DNS update
Further information can be received from http://go.microsoft.com/fwlink/events.asp.
--- Application event
The DC for your network could not be detected.
The given Domain does not exist or a connection couldn't be established.
The processing of the group directive has cancelled.

The automatic certificate registration for "local" Computer couldn't establish a connection to the Active Directory (0x8007054b).

The CRM protocol file has been created initially on a computer with another name. It has been actualized with the name of the current Computer.
If this warning is displayed after changing of a computername, no further action is required. clientxpsp1
---

for 4) I'm using VMware, my process was as follows:
- copy the files of the VM containing XP-SP1
- start XP-SP1, change domain to workgroup
- start copied XP-SP1, change domain to workgroup, change computername, upgrade with SP2
  join XP-SP2 to domain
- join XP-SP1 to domain <== this VM one is working

for 5) it is a test machine so I could rejoin
  ==> then rejoin it to the domain using a different name
  What do you mean here?

Thanks-
Yes you were right the DNS Entries look fine

With this System Event you posted what is the Source and the EVENT ID ?

The source is DnsApi, the Event ID is 11165.

Ooopps didn't see your last post...

I've never sued VMWare so I'm not sure about the procuderes.
Are you suppose to change the machines account ID somewhere in the process, the SID ?
Or is it done for you?

I wanted you to rejoin the computer using a different name to force a new object to be created in AD

sometimes I have better results with problems like this when I either
a) disjoin the computer from the domain and rename it so it joins the Domain as a new/different object
b) Disjoin the computer from the Domain then DELETE the computer in Active Directory Users and Computers

What is disjoining a domain?
Is it equivalent to changing a domain to a workgroup?
I made using System-Computername on the client only.

I cannot remember if I have been asked to change the SID?

Sorry about that, Yes that is right.
When I said disjoining it is the same as changing a domain to a workgroup

I've never used VMWare so only do what you are comfortable doing

XP-SP2 client: I changed the domain to a workgroup
   restart
   logon
Server: I deleted the computer for XP-SP2
XP-SP2 client: the system is re-started
   the firewall is inactive
   I modified the computername to clientxp-sp2
   I rejoined the computer to the domain
   restart
   logon (not OK)
   logon (OK - without changes!)
   after this the new computername appears on the server in Computers
XP-SP2: the problem is still there

I've been trying to find info on that error message you posted. DnsApi, Event ID is 11165
Most articles say to make sure that your DNS is setup to allow dynamic updates

I can't imagine this being your problem but here is where to look...
Open DNS management > expand your server > forward lookup zones > you should see your dns zone.
Now right click on this > choose properties > on the General tab you will see 'Dynamic Updates'

There are plenty of articles out there that discuss this error message.
I'll try to find the better ones and post back. so far they all say the
same thing about allowing Dynamic Updates

Dynamic Updates:  Only secured actualization  <== I could set this to Yes or No?

Typ:  Active Directory integrated

On the right side of the DNS window I see
  - the name of the server and its IP (DHCP one)
  - the name of the XP-SP1 client        ---  Host                  --- old IP
    old IP means that in the past the IP was fix and not DHCP based
 - (identical with higher-ranked folder) --- Host                  --- DHCP IP of the server
 - (identical with higher-ranked folder) --- Nameserver       --- AD-name
 - (identical with higher-ranked folder) --- Authority source --- AD-name, admin-AD-name

In other words...do not follow the steps in that article yet.
Just read it and see if it applies to your situation

Thank you mdiglio,
I'm checking the information you've supplied.
I'll keep you informed.

In the meantime I made several checks
and - it is getting strange.
SP2 is still not working for LDAP.
SP1 works for a time and after a while it stops working for LDAP.
But now I changed also the W2K server (DNS, DHCP,...) ,
so I'm encountering problems having a usable environment;
fortunately the server still works as expected.
Because of this situation I'm going to close this question.
Your last comment looks good to me, so I'll accept this.
Sorry for the situation, and - thank you very much for your help.

HStrix

FYI, I continued checking my environment
and I found the reason for the problem:
In my Tcp/IP properties I used "Obtain DNS server address automatically".
I changed this to "Use the following DNS server addresses"
and inserted the IP address of my W2K server.
And - voila it worked.
I don't understand why it worked for W2K clients before..
But I'm glad that it is now working.
Thank you again for your help.

Thats Great!
Was this the dns address that you used 192.168.146.2 ?

That is the gateway address in the VMs.

On the host, the VMware8 IP is 192.168.146.1

On the VMs (it seems to be required using NAT)
 - the IPs are 192.168.146.x   (if they are based on DHCP)
 - the DHCP is 192.168.146.254
 - the Gateway is 192.168.146.2

Good job, I'm glad you got it figured out

This also means
you've been right in thinking that the problem is DNS related!

I thought the system is doing it right,
but it didn't - it needed to be done manually.
So. I learned sonething,
and - it will not be the last one :-)