We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

XP Pro cannot join 2000 domain. "The specified server cannot perform the requested operation".

talon121a
talon121a asked
on
Medium Priority
3,893 Views
Last Modified: 2010-08-05
The problem im having involves an XP Pro workstation, and Windows server 2000.

I cannot join the 2000 domain (domainname.org); using the XP Pro's wizard.

Although it seems to let me add it using the manual method: ie. WORKGROUP/DOMAIN specification.

And if I add the XP workstation to the domain using the manual method, it doesnt grab any GPO.

Whats wrong? Can someone help me??

DNS resolves fine, I ran netdiag and dcdiag on the DC without problems. (all passed)

I need to get the Add/Remove programs (for network group policy) working .. and nothing lists even though its specified on the servers GPO. (and at the root domain)

Help! :)
Jason
Comment
Watch Question

Top Expert 2004

Commented:
Hi

I found this potential solution:

Here is the fix for those unfortunate enough to run into this quagmire in the future.
1. Change the computer name to "whatever" and then join the PC to the workgroup "WORKGROUP"
2. Restart the computer and log on locally as the administrator
3. Make sure the OS has all the latest patches.
4. Start>Run>mmc> then add "Security Configuration and Analysis" and "Security Templates" snap-ins.
5. Click on the Security Configuration and Analysis node and follow the instructions on the right to "Create a new database."
6. Import the Setup Security Template
7. Apply the template
8. Join the PC to the new Domain
9. If you continue to get the error, restart the PC and rerun steps 4-8

Although it refers to WinXP upgraded clients,

From here:
http://www.computing.net/windows2003/wwwboard/forum/1129.html

It does refer to a windows 2003 domain though, but sounds very similar. Maybe worth a shot?

Deb :))
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Author

Commented:
The first thing ,(applying the new security template) didnt work. Unfortunately, Ive tried it a few times.

But I'll give the GPUPDATE /force /boot (10 x)

Do I have to do this on all our NEW DELL PC's?  (maybe something about the dell hardware?)

Jason

Author

Commented:
Here's a portion of my userenv (%systemroot%\windows\debug\userenv.txt)
--
USERENV(1e8.260) 09:06:19:849 GetGPOInfo:  Entering...
USERENV(1e8.260) 09:06:19:849 GetGPOInfo:  Server connection established.
USERENV(1e8.260) 09:06:19:865 GetGPOInfo:  ldap_bind_s failed with = <81>
USERENV(1e8.260) 09:06:19:865 GetGPOInfo:  Leaving with 0
USERENV(1e8.260) 09:06:19:865 GetGPOInfo:  ********************************
USERENV(1e8.260) 09:06:19:865 ProcessGPOs: GetGPOInfo failed.
USERENV(1e8.260) 09:06:19:865 ProcessGPOs: No WMI logging done in this policy cycle.
USERENV(1e8.260) 09:06:19:865 ProcessGPOs: Processing failed with error 58.
USERENV(1e8.260) 09:06:19:865 LeaveCriticalPolicySection: Critical section 0x7a4 has been released.
USERENV(1e8.260) 09:06:19:865 ProcessGPOs: User Group Policy has been applied.
USERENV(1e8.260) 09:06:19:865 ProcessGPOs: Leaving with 0.
USERENV(1e8.260) 09:06:19:865 ApplyGroupPolicy: Leaving successfully.
USERENV(1e8.1ec) 09:06:20:304 IsSyncForegroundPolicyRefresh: Synchronous, Reason: FirstPolicyRefresh
USERENV(524.3e8) 09:06:20:413 LibMain: Process Name:  C:\WINDOWS\system32\spoolsv.exe
USERENV(2b4.2c8) 09:06:20:649 ImpersonateUser: Failed to impersonate user with 5.
USERENV(2b4.2c8) 09:06:20:649 GetUserNameAndDomain Failed to impersonate user
USERENV(2b4.2c8) 09:06:20:649 ImpersonateUser: Failed to impersonate user with 5.
USERENV(2b4.2c8) 09:06:20:649 GetUserDNSDomainName: Failed to impersonate user
USERENV(1e8.2f0) 09:06:20:649 GPOThread:  Next refresh will happen in 98 minutes
USERENV(454.4c0) 09:06:20:680 LibMain: Process Name:  C:\WINDOWS\Explorer.EXE
USERENV(2b4.2c8) 09:06:20:696 ImpersonateUser: Failed to impersonate user with 5.
USERENV(2b4.2c8) 09:06:20:696 GetUserNameAndDomain Failed to impersonate user
USERENV(2b4.2c8) 09:06:20:696 ImpersonateUser: Failed to impersonate user with 5.
USERENV(2b4.2c8) 09:06:20:696 GetUserDNSDomainName: Failed to impersonate user
USERENV(2b4.2c8) 09:06:20:727 ImpersonateUser: Failed to impersonate user with 5.
USERENV(2b4.2c8) 09:06:20:727 GetUserNameAndDomain Failed to impersonate user
USERENV(2b4.2c8) 09:06:20:727 ImpersonateUser: Failed to impersonate user with 5.
USERENV(2b4.2c8) 09:06:20:727 GetUserDNSDomainName: Failed to impersonate user
USERENV(454.4c0) 09:06:20:758 GetProfileType:  Profile already loaded.
USERENV(454.4c0) 09:06:20:758 GetProfileType: ProfileFlags is 0
USERENV(454.4c0) 09:06:20:790 GetProfileType:  Profile already loaded.
USERENV(454.4c0) 09:06:20:790 GetProfileType: ProfileFlags is 0
USERENV(3d0.668) 09:06:28:803 GetAppliedGPOList: Entering. Extension = {C6DC5466-785A-11D2-84D0-00C04FB169F7}
--
Hmm.. Failed to impersonate user and ldap_bind_s failed with = <81> sounds fishy? Anyone have a resolution? Id like to up my points on this one as well, since its getting sorta urgent.. ;-) Would be nice.

Thanks

Author

Commented:
Im also receiving:
Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1006
Date:            3/29/2004
Time:            9:10:10 AM
User:            DOMAIN\domainusername
Computer:      UNITED-000001
Description:
Windows cannot bind to domain.org domain. (Server Down). Group Policy processing aborted.  

On that machine.

(replaced domain.org etc. for security)
Any help would be appreciated :)
Top Expert 2004

Commented:
Just checking that you're on the lastest service packs? I believe that there's a bind issue fixed in Win2k SP4.. Let us know

Deb :))
Top Expert 2004

Commented:
Hi
Some discussion here

http://groups.google.co.uk/groups?hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8&selm=7faeeb76.0401292239.17c41340%40posting.google.com&rnum=8

Also check that the time syncs not too far out between the two of them, that the Ip's ok - ie try manual addressing, and make sure dns can accept dynamic registrations.

Top Expert 2004
Commented:
Unlock this solution with a free trial preview.
(No credit card required)
Get Preview

Author

Commented:
Thanks everyone for your help, unfortunately the items you listed didnt resolve that issue.

I had to eventually contact the MS $245 per incident line, ( was a domain controller urgent issue.. unfortunately.. But this fixed the problem .. thought Id share the resolution so incase someone else ever runs into this. Maybe be an easier fix.)

   --- Issue -------------

Error when joing XP to the domain,
    "The specifed server cannot perform the requested operation"

    --- Resolution --------

Removed the H323 Gateway using netsh as follows, "netsh routing ip nat delete h323"

We also discovered that IPsec had been enabled in the default domain policy for servers, this was affecting the DC

Thanks everyone!
Top Expert 2004

Commented:
Glad you fixed it, and thanks for posting the fix!

Deb :))
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a free trial preview!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.