talon121a
asked on
XP Pro cannot join 2000 domain. "The specified server cannot perform the requested operation".
The problem im having involves an XP Pro workstation, and Windows server 2000.
I cannot join the 2000 domain (domainname.org); using the XP Pro's wizard.
Although it seems to let me add it using the manual method: ie. WORKGROUP/DOMAIN specification.
And if I add the XP workstation to the domain using the manual method, it doesnt grab any GPO.
Whats wrong? Can someone help me??
DNS resolves fine, I ran netdiag and dcdiag on the DC without problems. (all passed)
I need to get the Add/Remove programs (for network group policy) working .. and nothing lists even though its specified on the servers GPO. (and at the root domain)
Help! :)
Jason
I cannot join the 2000 domain (domainname.org); using the XP Pro's wizard.
Although it seems to let me add it using the manual method: ie. WORKGROUP/DOMAIN specification.
And if I add the XP workstation to the domain using the manual method, it doesnt grab any GPO.
Whats wrong? Can someone help me??
DNS resolves fine, I ran netdiag and dcdiag on the DC without problems. (all passed)
I need to get the Add/Remove programs (for network group policy) working .. and nothing lists even though its specified on the servers GPO. (and at the root domain)
Help! :)
Jason
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
The first thing ,(applying the new security template) didnt work. Unfortunately, Ive tried it a few times.
But I'll give the GPUPDATE /force /boot (10 x)
Do I have to do this on all our NEW DELL PC's? (maybe something about the dell hardware?)
Jason
But I'll give the GPUPDATE /force /boot (10 x)
Do I have to do this on all our NEW DELL PC's? (maybe something about the dell hardware?)
Jason
ASKER
Here's a portion of my userenv (%systemroot%\windows\debu
--
USERENV(1e8.260) 09:06:19:849 GetGPOInfo: Entering...
USERENV(1e8.260) 09:06:19:849 GetGPOInfo: Server connection established.
USERENV(1e8.260) 09:06:19:865 GetGPOInfo: ldap_bind_s failed with = <81>
USERENV(1e8.260) 09:06:19:865 GetGPOInfo: Leaving with 0
USERENV(1e8.260) 09:06:19:865 GetGPOInfo: **************************
USERENV(1e8.260) 09:06:19:865 ProcessGPOs: GetGPOInfo failed.
USERENV(1e8.260) 09:06:19:865 ProcessGPOs: No WMI logging done in this policy cycle.
USERENV(1e8.260) 09:06:19:865 ProcessGPOs: Processing failed with error 58.
USERENV(1e8.260) 09:06:19:865 LeaveCriticalPolicySection
USERENV(1e8.260) 09:06:19:865 ProcessGPOs: User Group Policy has been applied.
USERENV(1e8.260) 09:06:19:865 ProcessGPOs: Leaving with 0.
USERENV(1e8.260) 09:06:19:865 ApplyGroupPolicy: Leaving successfully.
USERENV(1e8.1ec) 09:06:20:304 IsSyncForegroundPolicyRefr
USERENV(524.3e8) 09:06:20:413 LibMain: Process Name: C:\WINDOWS\system32\spools
USERENV(2b4.2c8) 09:06:20:649 ImpersonateUser: Failed to impersonate user with 5.
USERENV(2b4.2c8) 09:06:20:649 GetUserNameAndDomain Failed to impersonate user
USERENV(2b4.2c8) 09:06:20:649 ImpersonateUser: Failed to impersonate user with 5.
USERENV(2b4.2c8) 09:06:20:649 GetUserDNSDomainName: Failed to impersonate user
USERENV(1e8.2f0) 09:06:20:649 GPOThread: Next refresh will happen in 98 minutes
USERENV(454.4c0) 09:06:20:680 LibMain: Process Name: C:\WINDOWS\Explorer.EXE
USERENV(2b4.2c8) 09:06:20:696 ImpersonateUser: Failed to impersonate user with 5.
USERENV(2b4.2c8) 09:06:20:696 GetUserNameAndDomain Failed to impersonate user
USERENV(2b4.2c8) 09:06:20:696 ImpersonateUser: Failed to impersonate user with 5.
USERENV(2b4.2c8) 09:06:20:696 GetUserDNSDomainName: Failed to impersonate user
USERENV(2b4.2c8) 09:06:20:727 ImpersonateUser: Failed to impersonate user with 5.
USERENV(2b4.2c8) 09:06:20:727 GetUserNameAndDomain Failed to impersonate user
USERENV(2b4.2c8) 09:06:20:727 ImpersonateUser: Failed to impersonate user with 5.
USERENV(2b4.2c8) 09:06:20:727 GetUserDNSDomainName: Failed to impersonate user
USERENV(454.4c0) 09:06:20:758 GetProfileType: Profile already loaded.
USERENV(454.4c0) 09:06:20:758 GetProfileType: ProfileFlags is 0
USERENV(454.4c0) 09:06:20:790 GetProfileType: Profile already loaded.
USERENV(454.4c0) 09:06:20:790 GetProfileType: ProfileFlags is 0
USERENV(3d0.668) 09:06:28:803 GetAppliedGPOList: Entering. Extension = {C6DC5466-785A-11D2-84D0-0
--
Hmm.. Failed to impersonate user and ldap_bind_s failed with = <81> sounds fishy? Anyone have a resolution? Id like to up my points on this one as well, since its getting sorta urgent.. ;-) Would be nice.
Thanks
--
USERENV(1e8.260) 09:06:19:849 GetGPOInfo: Entering...
USERENV(1e8.260) 09:06:19:849 GetGPOInfo: Server connection established.
USERENV(1e8.260) 09:06:19:865 GetGPOInfo: ldap_bind_s failed with = <81>
USERENV(1e8.260) 09:06:19:865 GetGPOInfo: Leaving with 0
USERENV(1e8.260) 09:06:19:865 GetGPOInfo: **************************
USERENV(1e8.260) 09:06:19:865 ProcessGPOs: GetGPOInfo failed.
USERENV(1e8.260) 09:06:19:865 ProcessGPOs: No WMI logging done in this policy cycle.
USERENV(1e8.260) 09:06:19:865 ProcessGPOs: Processing failed with error 58.
USERENV(1e8.260) 09:06:19:865 LeaveCriticalPolicySection
USERENV(1e8.260) 09:06:19:865 ProcessGPOs: User Group Policy has been applied.
USERENV(1e8.260) 09:06:19:865 ProcessGPOs: Leaving with 0.
USERENV(1e8.260) 09:06:19:865 ApplyGroupPolicy: Leaving successfully.
USERENV(1e8.1ec) 09:06:20:304 IsSyncForegroundPolicyRefr
USERENV(524.3e8) 09:06:20:413 LibMain: Process Name: C:\WINDOWS\system32\spools
USERENV(2b4.2c8) 09:06:20:649 ImpersonateUser: Failed to impersonate user with 5.
USERENV(2b4.2c8) 09:06:20:649 GetUserNameAndDomain Failed to impersonate user
USERENV(2b4.2c8) 09:06:20:649 ImpersonateUser: Failed to impersonate user with 5.
USERENV(2b4.2c8) 09:06:20:649 GetUserDNSDomainName: Failed to impersonate user
USERENV(1e8.2f0) 09:06:20:649 GPOThread: Next refresh will happen in 98 minutes
USERENV(454.4c0) 09:06:20:680 LibMain: Process Name: C:\WINDOWS\Explorer.EXE
USERENV(2b4.2c8) 09:06:20:696 ImpersonateUser: Failed to impersonate user with 5.
USERENV(2b4.2c8) 09:06:20:696 GetUserNameAndDomain Failed to impersonate user
USERENV(2b4.2c8) 09:06:20:696 ImpersonateUser: Failed to impersonate user with 5.
USERENV(2b4.2c8) 09:06:20:696 GetUserDNSDomainName: Failed to impersonate user
USERENV(2b4.2c8) 09:06:20:727 ImpersonateUser: Failed to impersonate user with 5.
USERENV(2b4.2c8) 09:06:20:727 GetUserNameAndDomain Failed to impersonate user
USERENV(2b4.2c8) 09:06:20:727 ImpersonateUser: Failed to impersonate user with 5.
USERENV(2b4.2c8) 09:06:20:727 GetUserDNSDomainName: Failed to impersonate user
USERENV(454.4c0) 09:06:20:758 GetProfileType: Profile already loaded.
USERENV(454.4c0) 09:06:20:758 GetProfileType: ProfileFlags is 0
USERENV(454.4c0) 09:06:20:790 GetProfileType: Profile already loaded.
USERENV(454.4c0) 09:06:20:790 GetProfileType: ProfileFlags is 0
USERENV(3d0.668) 09:06:28:803 GetAppliedGPOList: Entering. Extension = {C6DC5466-785A-11D2-84D0-0
--
Hmm.. Failed to impersonate user and ldap_bind_s failed with = <81> sounds fishy? Anyone have a resolution? Id like to up my points on this one as well, since its getting sorta urgent.. ;-) Would be nice.
Thanks
ASKER
Im also receiving:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1006
Date: 3/29/2004
Time: 9:10:10 AM
User: DOMAIN\domainusername
Computer: UNITED-000001
Description:
Windows cannot bind to domain.org domain. (Server Down). Group Policy processing aborted.
On that machine.
(replaced domain.org etc. for security)
Any help would be appreciated :)
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1006
Date: 3/29/2004
Time: 9:10:10 AM
User: DOMAIN\domainusername
Computer: UNITED-000001
Description:
Windows cannot bind to domain.org domain. (Server Down). Group Policy processing aborted.
On that machine.
(replaced domain.org etc. for security)
Any help would be appreciated :)
Just checking that you're on the lastest service packs? I believe that there's a bind issue fixed in Win2k SP4.. Let us know
Deb :))
Deb :))
Hi
Some discussion here
http://groups.google.co.uk/groups?hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8&selm=7faeeb76.0401292239.17c41340%40posting.google.com&rnum=8
Also check that the time syncs not too far out between the two of them, that the Ip's ok - ie try manual addressing, and make sure dns can accept dynamic registrations.
Some discussion here
http://groups.google.co.uk/groups?hl=en&lr=lang_en&ie=UTF-8&oe=UTF-8&selm=7faeeb76.0401292239.17c41340%40posting.google.com&rnum=8
Also check that the time syncs not too far out between the two of them, that the Ip's ok - ie try manual addressing, and make sure dns can accept dynamic registrations.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks everyone for your help, unfortunately the items you listed didnt resolve that issue.
I had to eventually contact the MS $245 per incident line, ( was a domain controller urgent issue.. unfortunately.. But this fixed the problem .. thought Id share the resolution so incase someone else ever runs into this. Maybe be an easier fix.)
--- Issue -------------
Error when joing XP to the domain,
"The specifed server cannot perform the requested operation"
--- Resolution --------
Removed the H323 Gateway using netsh as follows, "netsh routing ip nat delete h323"
We also discovered that IPsec had been enabled in the default domain policy for servers, this was affecting the DC
Thanks everyone!
I had to eventually contact the MS $245 per incident line, ( was a domain controller urgent issue.. unfortunately.. But this fixed the problem .. thought Id share the resolution so incase someone else ever runs into this. Maybe be an easier fix.)
--- Issue -------------
Error when joing XP to the domain,
"The specifed server cannot perform the requested operation"
--- Resolution --------
Removed the H323 Gateway using netsh as follows, "netsh routing ip nat delete h323"
We also discovered that IPsec had been enabled in the default domain policy for servers, this was affecting the DC
Thanks everyone!
Glad you fixed it, and thanks for posting the fix!
Deb :))
Deb :))
I found this potential solution:
Here is the fix for those unfortunate enough to run into this quagmire in the future.
1. Change the computer name to "whatever" and then join the PC to the workgroup "WORKGROUP"
2. Restart the computer and log on locally as the administrator
3. Make sure the OS has all the latest patches.
4. Start>Run>mmc> then add "Security Configuration and Analysis" and "Security Templates" snap-ins.
5. Click on the Security Configuration and Analysis node and follow the instructions on the right to "Create a new database."
6. Import the Setup Security Template
7. Apply the template
8. Join the PC to the new Domain
9. If you continue to get the error, restart the PC and rerun steps 4-8
Although it refers to WinXP upgraded clients,
From here:
http://www.computing.net/windows2003/wwwboard/forum/1129.html
It does refer to a windows 2003 domain though, but sounds very similar. Maybe worth a shot?
Deb :))