Link to home
Start Free TrialLog in
Avatar of snubel
snubel

asked on

Cannot join domain - "A remote procedure call (RPC) protocol error occured"

Here is the background

1.  Laptop is part of our domain at one point
2.  Laptop removed from domain and used standalone for a few months
3.  Hard drive replaced
4.  Clean install of XP Pro
5.  Laptop joined to domain and all is well
6.  Install Apps and nearly ready to deploy to user
7.  Out of the blue domain accounts get stuck at "Applying computer settings" when logging on
8. Further investigation indicates communication problems with Active Directory (AD) (i.e. when try to set security on a folder - cannot locate domain accounts)
9.  Remove laptop from domain
10. Try to rejoin to domain
11. Get error "The following error occured attempting to join the domain "<domain>": A remote procedure call (RPC) protocol error occured"

My first thought was that this must be a DNS issue, but I have investigated this and I don't think DNS is the problem. The system is pointed to AD for DNS and can ping the domain and DC's using hostnames.

Other interesting tidbits:
* I am able to join other systems to the domain without an problem
* I tried an repair install of XP - that did not fix the issue
* I have deleted all computer accounts from AD users and computers
* I have cleaned up all DNS records for laptop (i.e. deleting  records for old computer name)
* I have cleaned up WINS records for this laptop
* I have tried running dcdiag on this laptop but it also reports RPC errors
* When running dcdiag from others machines - no problems reported
* Using Windows Server 2003 for DHCP and DNS
* Running a 2003 Domain


Any ideas? This is driving me nuts!
Avatar of martin_babarik
martin_babarik
Flag of Czechia image

Hi,

as you provided very thorough problem description, there is not much left to ask, but anyway:
1. How about the physical network topology? Couldn't the RPC protocol be blocked by some network device?
2. Regarding the point no. 7 of your description, the problem seems to be definetly related to computer account. I'd try few things: can you rename the laptop and try to join the domain under different name? Another one:
Try to pre-stage the computer: create a new account for it, give it some new name and click "this is a managed computer". Then enter the computer's GUID (without dashes). Try to join now.
Please let me know if this helped.
Avatar of snubel
snubel

ASKER

Martin.

Thanks for the ideas.

* This laptop is on our LAN - no firewalls between it and the servers.
* Other RPC functionality like remote Event Viewer works OK - so I have feeling that the RPC thing might just be a symptom of the real cause
* I have tried renaming and re-joining - I get the "Welcome the <domain> domain" message and the computer account will get created in AD. However after I click OK on the dialog, another appears that says something to the affect of "Cannot rename this computer it was previously joined to <domain> under <oldname>." That error also makes reference to an RPC error.

I will try the prestage idea.

I am sure that if I did a clean install I would be OK, but I would really like to figure this out and make sure that it is not something more serious than just this computer.

Shawn
Actually I'm not sure if clean install will help. I was thinking about your problem and I have one theory (which might be completely wrong:-):
I'm still thinking about this GUID. To be honest, I don't know where is it taken from, if it's generated by the OS (don't think so) or if it's based on MAC or if it's somehow calculated from entire PC HW, or (I bet on this one) it's stored in BIOS. Back to the theory - I was thinking that this computer had an account in AD before and that it was possibly associated with the GUID of your erratic laptop. Ok, you deleted the account but maybe something went wrong and AD remembers that this GUID should be forcily associated with some particular computer account - and this could be the reason why it doesn't allow you to join the domain now (as you replaced the hard drive, the GUID maybe changed? Really just guessing).
This is really just what comes to my mind - maybe it's totally out.

Another thing: the RPC problems use to happen also if you have some problem with DNS name resolution. I'd doublecheck the TCP/IP settings of your laptop (it might be obtaining incorrect information from DHCP based on MAC address reservation someone did on DHCP - just another guess).

I recommend to temporarily enable all types of failure auditing on your DC, I think this could give you the most valuable information. Check system, security and maybe also application logs on the DC and please try to do the same on the client, I'm almost sure you will find some clues here.
In addition to the above, I would check the computer name properties on the laptop to see if there is a DNS suffix being applied to the computer name as well as the DNS registry settings in the tcp/ip properties.
Assuming that you have network connectivity and you are pointing to correct dns server
RPC errors usually caused by block of certain ports which causes communication failure if DNS is fine.

1) Delete old computer account from PDC if it's there / Renaming and join (I guess this is already done)
2) Ping the server with MTU of 1472 ping -f -l 1472 IP (try both ways)
3) Disable any firewall software for testing
3) Do msconfig on XP machine, Start -> Run -> Msconfig -> check mark on Disable third party services, Disable all, Reboot and test / In one case uninstallation of a antivirus fixed it.
4) Make sure netlogon service is started and force Kerberos to use TCP rather than UDP on XP client
Follow: http://support.microsoft.com/kb/244474
DJ Drunk: excuse me, could you please explain what is MTU 1472? I never heard of it. Slightly off topic, sorry.
Avatar of snubel

ASKER

Thanks for all the feedback guys. I will try some of your suggestions tomorrow and report back.

Thanks again,
Shawn
Hello Martin,

Maximum Transfer Unit (MTU) specifies the maximum transmission unit size of an interface. By default Windows XP communicated at MTU of 1472. Usually in a LAN the mtu stays default but if two sites are separated by router the MTU size might fall leading to lack of communication / slow network / loss of packets so by using ping -f -l 1472 IPAddress you can check where you get the response from and would indicate what's the mtu size machine is using for communication.

Also See
http://support.microsoft.com/kb/314496/
Method 3 In the article below
http://support.microsoft.com/kb/900926/en-us
ASKER CERTIFIED SOLUTION
Avatar of snubel
snubel

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Good it is fixed
netsh int ip reset c:\resetlog.txt

Above command would reset winsock automatically. For future install support tools on XP box and run the command netdiag /test:winsock

It would tell if if it is corrupted or not.
Cya