Solved

Windows XP Will Not Join 2000 Server Domain

Posted on 2004-10-20
28
322 Views
Last Modified: 2010-04-12
OK,

I have spent a week on this, looking at every offered solution here and elsewhere. I've tried them all. Nothing seems to work.

Problem

I have inherited a client with a 2000 Server running ISA, Active Directory, etc. My first task was to deal with some antivirus stuff, and at that time I realized that 2 machines were not running on the domain. I attempted to add them, and received an error:

"Your computer could not be joined to the domain because the following error has occurred: The network name cannot be found."

From all the research I have done, this appears to be a DNS issue. Well, I can resolve the server (from which the workstations get IPs successfully) by name. When I first try to add the machine to the domain, I get a message saying "An account for this computer has been found in the domain "XXXXX."" (Where X is the correctly identified domain)

There are certain places where the domain is listed as XXXXXX and some where it is listed as XXXXXX.local. I have tried adding the workstations using both. It seems to prefer XXXXXX to XXXXXX.local as it times out very quickly when using XXXXXX.local during the add process. However, when I check a machine already added to the domain, it says it is on the XXXXX.local domain!!!!

I have compared network settings on the 2 non-domain machines with the domain machines, and I see no differences. I have tried deleting the pre-existing computer accounts for these machines (they replaced older machines that I no longer have access to) and tried re-adding. I even tried re-creating the computer accounts on the domain, no joy. Tried renaming the computers and trying both of those. Nothing.

The best clue I have is in my attempt to view the WINS server from the server itself. WINS service is running, but I get the error "The network path was not found."

I am simply a poor tech who has been forced into the role of server admin. PLEASE HELP!!!!

Jeremy
0
Comment
Question by:vermontcomputing
  • 10
  • 7
  • 5
  • +3
28 Comments
 
LVL 16

Expert Comment

by:JamesDS
ID: 12358057
vermontcomputing
Yup, this is DNS.

I need the IPCONFIG /ALL output from your XP machine with the problem and the same from your AD domain Controller and the DNS server, if it's different.

Cheers

JamesDS
0
 
LVL 30

Expert Comment

by:Wayne Barron
ID: 12358151
1st question?
  The XP machines? Are they Pro? or Home?
Pro - Will conect to Domain
Home - Will not connect to Domain

Are you using Static InHouse IP's ? Or are you using DHCP ?

Did you try to join them in with using the Wizard that is avialable when you [Right Click] My Computer | Properties | Computer name?

---------
I see that you did Delete the computer's names from the "Domain Servers" . That is the 1st place.
Are you running a backup Domain Controller in the Network?
If so, make sure that it is updated with the "Not Shown" Computers in the [Servers] List.

---------
Are you able to browse the internet with these 2 other machines?
Are they able to connect through the "Router" or what ever you are using to connect to the Internet with?
If they are, then you have everything set up correctly. For IP Information.

Any additional information that you might be able to provide will certainly help us to assist you.

Carrzkiss
0
 

Author Comment

by:vermontcomputing
ID: 12365342
Yes, they can connect to the internet. They are XP Pro. No BDC on the network. Tried the wizard and the manual way of adding about 10000 times each. No dice on either. Get the same error mentioned above both ways. Using DHCP - and they can release/ renew addresses all day long.
0
 
LVL 30

Expert Comment

by:Wayne Barron
ID: 12365916
Vermount.

Could you supply the information that "James" mentioned?

IPCONFIG /ALL

This will help us to maybe assist further
0
 
LVL 4

Expert Comment

by:Beldoran
ID: 12367201
I recently had a similar problem which had been abandoned by all the other IT peeps here.

I eventually tracked it down to firewall (and related) software installed on the machine. Uninstall any/all firewall software as disabling it didnt help, and see if it solves the problem.

If it does then reinstall the FW software and work out how to configure it. We just left it off the machine.
0
 
LVL 30

Expert Comment

by:Wayne Barron
ID: 12368900
Good advice.
Since XP comes with a Built in Firewall on all connections

Try Disabling the "Firewall" on each "NIC" and then try connecting
To the Domain again.

Disable Internet Connection Firewall
1. In Control Panel, double-click Networking and Internet Connections, and then click Network Connections.
2. Right-click the connection on which you would like to disable ICF, and then click Properties.
3. On the Advanced tab, click the box to clear the option to Protect my computer or network.


See if this corrects the problem. If not, then we will need to take a look at the "IPCONFIG /ALL"  ( without the Quotes )

Take Care
Carrzkiss
0
 

Author Comment

by:vermontcomputing
ID: 12371667
I will get the ipconfig /all ASAP.

There is no firewall. It had Norton, but I uninstalled that already and made sure about 20 times that ICF was off.
0
 

Author Comment

by:vermontcomputing
ID: 12377055
Here they are, as promised. I have left some data out to protect my client... just replaced it. You'll see what I mean.

Computer #1 "Chris"

Windows IP COnfiguration

Host Name - Chris2
Primary DNS Suffix - domain.local
Node Type - Hybrid
IP Routing Enabled - No
WINS Proxy Enabled - No
DNS Suffix Search List - domain.local

Ethernet Adapter Local Area Connection

Connection Specific DNS SUffix - hq.domain.com
Description - Intel Pro/100 VE Network
Physical Address - MAC Address Here
DHCP Enabled - Yes
Autoconfiguration Enabled - Yes
IP Address - 10.0.0.80
Subnet Mask - 255.255.255.0
Default Gateway - 10.0.0.2
DHCP Server - 10.0.0.2
DNS Servers - 10.0.0.2/209.198.xxx.xxx (The external address)/ 64.30.xxx.xxx (The ISPs something or other)
Primary WINS Server - 10.0.0.2
Lease Obtained - Today
Lease Expires - 8 days from now

Computer #2 "Neil"

Windows IP COnfiguration

Host Name - Neil
Primary DNS Suffix - domain.local
Node Type - Hybrid
IP Routing Enabled - No
WINS Proxy Enabled - No
DNS Suffix Search List - domain.local/ hq.domain.com (I recognize that this is different from computer #1 - Like I said I have been trying stuff ;-) )

Ethernet Adapter Local Area Connection

Connection Specific DNS SUffix - hq.domain.com
Description - Intel Pro/1000 MT Network
Physical Address - MAC Address Here
DHCP Enabled - Yes
Autoconfiguration Enabled - Yes
IP Address - 10.0.0.92
Subnet Mask - 255.255.255.0
Default Gateway - 10.0.0.2
DHCP Server - 10.0.0.2
DNS Servers - 10.0.0.2/209.198.xxx.xxx (The external address)/ 64.30.xxx.xxx (The ISPs something or other)
Primary WINS Server - 10.0.0.2
Lease Obtained - 10/18
Lease Expires - 8 days from then

Does this have something to do with the WINS/IP Routing that are set to no? I would love to think so, but machines ON the domain are no on both, so I doubt it.

I finally got a hold of the guy who had been doing this. Not sure if it helps, but he said the server got hit with a nasty virus a while back, and he had some issues stripping it out, and DNS stuff was one of the things hit. He suggests I upgrade to Server2K3, for which there is an upgrade available to me (we are 5 CALS short, though, and I am trying not to spend too much money) but also, I've always been of the school that does not Upgrade as a solution to an unknown problem.

Jeremy
0
 

Expert Comment

by:PhilipCastro
ID: 12383209
Jeremy:

Try adding the PC's to a Work Group.
Reboot.
Now add it back to the domain.

Philip
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 12383290
vermontcomputing
You seem to have sent me IPConfigs from two workstations, can I have one from the DC and the DNS Server too please (and tell me which one!)

Cheers

JamesDS
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 12383313
PhilipCastro

You might want to look at this:
http://www.experts-exchange.com/Operating_Systems/Win2000/Q_20954146.html

Cheers

JamesDS
0
 

Author Comment

by:vermontcomputing
ID: 12396231
Philip: Tried it several times. Tried adding it to a workgroup with the same name as the domain, and a workgroup with a different name. No go!

James: The DNS Server and the DC are the same machine.

Host Name - fs1
Primary DNS Suffix - xxxxx.local
Node Type - Hybrid
IP Routing Enabled - No
WINS Proxy Enabled - No
DNS Suffix Search List - xxxxxx.local

Ethernet Adapter DMZ
Connection specific DNS Suffix - (this is blank)
Description - Intel Pro/1000
Physical Address - MAC address here
DHCP Enabled - No
IP Address - extenal address assigned by ISP
Subnet Mask - 255.255.255.248
Default Gateway - assigned by ISP
DNS Server - ISP Assigned, ISP Assigned, 10.0.0.2

Internal Eth
Connection Specific DNS Suffix - (blank)
Description - Intel Pro/1000
Physical Address - MAC address here
DHCP Enabled - No
IP Address - 10.0.0.2
Subnet Mask - 255.255.255.0
Default Gateway - (blank)
DNS Servers - ISP Assigned, 10.0.0.2, ISP Assigned
Primary WINS Server - 10.0.0.2

~jeremy
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 30

Expert Comment

by:Wayne Barron
ID: 12396312
Have you tried to assign "Static IP's" to the machines,
And then add them to the domain?

I spoke to a computer admin tech friend of mine, and this is what he
Suggested doing.
As it might be something corrupted in your DHCP Server that si causing the issue's.
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 12398275
vermontcomputing
Ok, you need to change the properties on your DNS service to listen ONLY on the 10.0.0.2 address (use the DNS Snapin, rightclick/properties on the server at the top of the tree.)

Remove the .ROOT if it exists

Configure a forwarder on the DNS Server (in the same place as above) to point ONLY to your ISP DNS Servers.

Then you need to set its DNS settings in the IP configuration to ONLY point to itself for DNS.

You will probably have to reboot your DC/DNS server for the rest of the steps below to work properly.

Set the IP configuration of ALL other machines and server to point to your internal DNS Server for DNS.

Change the DNS Suffux for everything to xxxxx.local and remove hq.domain.com from everywhere

ADD xxxx.local and hq.domain.com ONLY to the search suffixes in that order.

Do all this and it should work fine.

Cheers

JamesDS
0
 
LVL 2

Expert Comment

by:Salehd
ID: 12420839
I once faced a similar problem when trying to moving one PC from a domain to another.
The solution was to uninstall TCP/IP reboot then reinstalling it.
You may try this.
0
 

Author Comment

by:vermontcomputing
ID: 12429310
OK.

I am on the verge of insanity.

The suggestions JamesDS made sounded good. Except that most of the things had already been done! I will continue to share what I have/ know.

DNS was already set to listen on only 10.0.0.2
There was NO .ROOT
forwarder was already there, correctly.
DNS settings in IP configuration already pointed to itself. It did have an external as the secondary, but I took it out.

then I rebooted.

Went to one of the 2 problem machines.

overrode the automatic IP config coming off the DHCP server so that DNS was set to 10.0.0.2 only
made DNS suffix domain.local. hq.domain.com was not present on this one for a suffix
added domain.local and hq.domain.com to search suffixes, in that order.

No Dice.

I also tried SaleHD's suggestion, but I can't "uninstall" tcp/ip the way I have in other versions of windows. I can disable it, and uninstall everything else (which I tried, didn't help! after readding it, that is.)

2 other points that MAY be helpful:

In the local side of the servers IP configuration, it had no default gateway. I plugged in 10.0.0.2. Didn't seem to make a difference to anything...

When I try to add either of the machines to the domain. If I try to add it to "domain" it takes about 30 seconds to time out. If I try to add it to "domain.local" it times out very quickly. Yet, at the initial request to add to either, it prompts for a user name/ password for authorized user. I will post a separate post with the updated IPConfigs from all 3 machines in case I misunderstood something JamesDS told me to do.

Jeremy
VC

0
 

Author Comment

by:vermontcomputing
ID: 12429400
IPCONFIG /ALL for Server (Domain Controller, etc.)
______________________
Server

Host Name - fs1
Primary DNS Suffix - domain.local
Node Type - Hybrid
IP ROuting Enabled - no
WINS Proxy enabled - no
DNS suffix search list - domain.local

Ethernet Adapter DMZ

Connection specific DNS suffix - (blank)
Description - Intel blah
Physical Address - MAC blah
DHCP Enabled - No
IP Address - given by ISP, blah
subnet mask - 255.255.255.248
Default gateway - given by ISP
DNS servers - 1) given by ISP, 2) given by ISP 3) 10.0.0.2

Ethernet Adapter Local

Connection Specific DNS suffix - (blank)
Description - intel
physical - mac
DHCP enabled - no
IP - 10.0.0.2
Subnet - 255.255.255.0
default gateway - 10.0.0.2
DNS servers - 10.0.0.2
Primary WINS server - 10.0.0.2
_______________________________________
Computer #1 (The One I tried pulling out the TCP/IP stuff)

Host Name - Chris2
Primary DNS Suffix - domain.local
Node Type - Hybrid
IP Routing Enabled - No
WINS Proxy Enabled - No
DNS Suffix Search List - domain.local

Ethernet Adapter Local Area Connection

Connection Specific DNS SUffix - hq.domain.com
Description - Intel Pro/100 VE Network
Physical Address - MAC Address Here
DHCP Enabled - Yes
Autoconfiguration Enabled - Yes
IP Address - 10.0.0.80
Subnet Mask - 255.255.255.0
Default Gateway - 10.0.0.2
DHCP Server - 10.0.0.2
DNS Servers - 10.0.0.2/209.198.xxx.xxx (The external address)/ 64.30.xxx.xxx (The ISPs something or other)
Primary WINS Server - 10.0.0.2
Lease Obtained - Today
Lease Expires - 8 days from now
____________________________
Computer #2 "Neil" (The one that I made JamesDS' changes to)

Windows IP COnfiguration

Host Name - Neil
Primary DNS Suffix - domain.local
Node Type - Hybrid
IP Routing Enabled - No
WINS Proxy Enabled - No
DNS Suffix Search List - domain.local/ hq.domain.com

Ethernet Adapter Local Area Connection

Connection Specific DNS SUffix - domain.local
Description - Intel Pro/1000 MT Network
Physical Address - MAC Address Here
DHCP Enabled - Yes
Autoconfiguration Enabled - Yes
IP Address - 10.0.0.92
Subnet Mask - 255.255.255.0
Default Gateway - 10.0.0.2
DHCP Server - 10.0.0.2
DNS Servers - 10.0.0.2
Primary WINS Server - 10.0.0.2
Lease Obtained - 10/18
Lease Expires - 8 days from then

0
 

Author Comment

by:vermontcomputing
ID: 12429421
Oh, and I hate to add urgency to this annoying problem... but the ISP is claiming that there are "nasty virii sending out mass infections from your site. you need to do something or your internet connection will be cut."

while their proof completely sucks for what is going on at this site, I have little leverage to say, "well, other than these 2 unmanaged clients, everything is fine, so leave me alone!!!"

:-)

I'm going to go home and drink beer now.
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 12430797
vermontcomputing
Ok, next thing to do is remove the 10.0.0.2 address from the DNS settings on the externally facing IP. It shouldn't be there anyway.

"Neil" is now set up correctly - you should modify your DHCP accordingly.

So long as the DNS Service on Neil is set to listen ONLY on the internal IP we should be nearly there (use the DNS Snapin, rightclick/properties on the server at the top of the tree.)

Go into the the DNS zone for your domain and delete all host entries for your DC that refer to to the externally facing IP address - this is confusing your internal clients and contributing to your problems.

At the console of the DC/DNS server run these commands:

IPCONFIG /flushDNS
IPCONFIG /RegisterDNS
NET STOP NETLOGON
NET START NETLOGON

Then retry joining the domain with "NEIL"
If this fails then install the support tools pack off the Windows 2000 CD and run NETDIAG and DCDIAG - post their outputs here.

Cheers

JamesDS
0
 

Author Comment

by:vermontcomputing
ID: 12469601
Sorry for the hiatus... but I am back. Not sure what you mean, JamesDS, by a few things:

1. ""Neil" is now set up correctly - you should modify your DHCP accordingly."
-----What do I need to do with DHCP???
2. "Go into the the DNS zone for your domain and delete all host entries for your DC that refer to to the externally facing IP address - this is confusing your internal clients and contributing to your problems."
-----I see nothing in forward nor reverse lookup zones that is external, with the exception of an entry for the gateway in the forward lookup. Is that what you mean? If not, then I'm stumped. Doesn't seem right to take that out...

Could not get dcdiag to run, got an error. Got netdiag - here ya go. (separate post)

Jeremy/Vermont Computing
0
 

Author Comment

by:vermontcomputing
ID: 12469616

............................................

    Computer Name: FS1
    DNS Host Name: fs1.DOmain.local
    System info : Windows 2000 Server (Build 2195)
    Processor : x86 Family 15 Model 2 Stepping 9, GenuineIntel
    List of installed hotfixes :
        KB820888
        KB822831
        KB823182
        KB823559
        KB824105
        KB824141
        KB824146
        KB824151
        KB825119
        KB826232
        KB828028
        KB828035
        KB828741
        KB828749
        KB834707-IE6SP1-20040929.091901
        KB835732
        KB837001
        KB839643
        KB839645
        KB840315
        KB840987
        KB841356
        KB841533
        KB841872
        KB841873
        KB842526
        Q147222
        Q828026
        Service Pack 2


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : DMZ

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : fs1
        IP Address . . . . . . . . : xxx.xxx.xxx.xxx
        Subnet Mask. . . . . . . . : 255.255.255.248
        Default Gateway. . . . . . : xxx.xxx.xxx.xxx
        Primary WINS Server. . . . : 10.0.0.2
        Dns Servers. . . . . . . . : xxx.xxx.xxx.xxx
                                     xxx.xxx.xxx.xxx


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed

        WINS service test. . . . . : Passed

    Adapter : Intel 82544GC Based Network Connection - onboard

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : fs1
        IP Address . . . . . . . . : 10.0.0.2
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . :
        Primary WINS Server. . . . : 10.0.0.2
        Dns Servers. . . . . . . . : 10.0.0.2


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Skipped
            [WARNING] No gateways defined for this adapter.

        NetBT name test. . . . . . : Passed

        WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{ADF321E8-92A4-493A-9A81-354CEBCB1B9C}
        NetBT_Tcpip_{D2C778B8-CA98-4749-B826-AB8E11653D5C}
    2 NetBt transports currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
          [WARNING] Cannot find a primary authoritative DNS server for the name
            'fs1.domain.local.'. [RCODE_SERVER_FAILURE]
            The name 'fs1.domain.local.' may not be registered in DNS.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '209.198.xxx.xxx'. Please wait for 30 minutes for DNS server replication.
    [WARNING] The DNS entries for this DC are not registered correctly on DNS server '209.198.xxx.40'. Please wait for 30 minutes for DNS server replication.
    PASS - All the DNS entries for DC are registered on DNS server '10.0.0.2' and other DCs also have some of the names registered.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{ADF321E8-92A4-493A-9A81-354CEBCB1B9C}
        NetBT_Tcpip_{D2C778B8-CA98-4749-B826-AB8E11653D5C}
    The redir is bound to 2 NetBt transports.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{D2C778B8-CA98-4749-B826-AB8E11653D5C}
        NetBT_Tcpip_{ADF321E8-92A4-493A-9A81-354CEBCB1B9C}
    The browser is bound to 2 NetBt transports.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Failed
        Failed to enumerate DCs by using the browser. [NERR_BadTransactConfig]


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Passed
    IPSec policy service is active, but no policy is assigned.


The command completed successfully
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 12470744
vermontcomputing

"Neil" is now set up correctly - you should change your DHCP scope so that it gives out the settings you have hardcoded into neil to everyone.

"Go into the the DNS zone for your domain and delete all host entries for your DC that refer to to the externally facing IP address - this is confusing your internal clients and contributing to your problems."

The address given by your ISP is external. There should be nothing in your DNS that refers to this

If you have followed my instructions and have a forward lookup zone called domain.local that can be written to then restarting the NETLOGON service will put the missing records back and should allow you to join the domain.

What was the dcdiag error?

Cheers

JamesDS
0
 

Author Comment

by:vermontcomputing
ID: 12562249
Well, the issue is solved. Apparently there had been a virus on the server that, when it got removed, was not fully stripped out. It left a registry key that had been deleting default shares. This is what was relayed to me by the gentleman who found it. It had affected printing (which I had not noticed) but now everything is good.

Many thanks, especially to JamesDS. Everything works now, though. Wish I had thought of looking in the registry. :-(

Jeremy
0
 
LVL 30

Expert Comment

by:Wayne Barron
ID: 12562257
Jeremy;

 Though you was able to find a solution to your problem outside of the group. I think it would be appropriate and in good standings.
If you was to award to the ones of this post that went up and beyound the call to assist you in this matter.

   Not me, as I did not assist with enough information, But the other guys that really assisted deserve some points for their time spent.

Take Care
Carrzkiss
0
 
LVL 16

Accepted Solution

by:
JamesDS earned 250 total points
ID: 12563488
vermontcomputing

Welcome, glad to help and nice to hear you got rid of that pesky virus.

Cheers

JamesDS
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Owning a franchise can be the dream of a lifetime. It provides a chance for economic growth. You can be as successful as you want.  To make your franchise successful, you need to market it successfully. Here are six of the best marketing strategies …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now