?
Solved

winxp cannot join to win2003 domain

Posted on 2005-03-31
15
Medium Priority
?
1,329 Views
Last Modified: 2008-01-16
I am trying to join a winxp machine to a windows 2003 domain but failed all the time. It always give me an error message as: your computer could not be joined to the domain because the following error has occurred: access is denied.

When I tried to join to domain, I am using the domain administrator account. I've tested by another winxp pc to join to the same domain  with administrator and got no problem, so it sounds like to me that the domain controller has no problem.
 I then installed another win2003 domain controller, which is an indepent one with different domain name and subnet. I got the same error message when I tried to join that winxp pc to the new domain!

On this bad winxp pc, I can ping the domain controller with IP address and computer name, the DNS and gateway had been both set to the domain controller. There is only one dc in the network, actually only 2 machines in the network when I was doing the test.

I don't know what's wrong with that winxp machine. It was a win2000 domain member pc 1 week ago and has been removed from the old domain to a workgroup this week. When I tried to join it  to a win2003 domain the day before yesterday, those stories happened and I am really confused.

Anyone get any idea?

Thanks.
0
Comment
Question by:brothertu
  • 6
  • 6
  • 2
  • +1
15 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 13670901
Have you tried renaming the machine?
You said that it was a Windows 2000 machine a week ago - was it upgraded, or wiped and started from scratch?

Simon.
0
 
LVL 1

Expert Comment

by:Hernandez
ID: 13670957
Have you checked your DNS setting on the client machine?  They should point to a WIndows DNS server so that the xP machine can locate a DC.
0
 
LVL 1

Author Comment

by:brothertu
ID: 13671010
Hi Sembee,Hernandez:
Thanks for your reply.

Yes I did tried renaming the machine  but still not work.

That Winxp machine was a member of a domain which had a win2000 server as domain controller one week ago.  I removed it from the w2k domain the day before yesterday and just tried to join it to another domain which has a win2003 server as domain controller.

On the winxp client machine, the DNS and default gateway are both pointed to the win2003 server which has a DNS server running on it.
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
LVL 4

Expert Comment

by:Dan_JB
ID: 13671606
When you are prompted for the admin user to join the domain try specifying the domain as well as the user: e.g. administrator@2003domain.com.

Are you able to map to a share on the 2003 server if you "Connect using a different user name"? From the Windows Explorer Tools menu and specify a user on your 2003 domain using the @ format?
0
 
LVL 1

Author Comment

by:brothertu
ID: 13671906
Hi Dan JB,
Thanks for you help.
Since the error message I got is sort of "access is denied",I thought it may indicate something wrong with the privilege so I didn't try @ format user name and password you mentioned. But I will have a try tomorrow any way.

As for the share folder on 2003 server, I cannot access it by explorer.
From the network place, I can see the 2003 server name under the domain, when I double clicked on it I got a prompt window asked me for user name and password, I've tried several different accounts but none of them work.
I have also tried to map a network drive  by net use command, always got error message says "access denied", like this:
net use z: \\2003serverIP\sharedfolder-on-2003server

I've also tried on another Winxp machine and got no problem to join it to the same domain with the same administrator account, and I can access all the shared folders on the server too.

As I've mentioned in my question, this headache Winxp machine can't be joined to another brand new domain which I just built for test purpose, access is denied, access is denied, access is denied....
0
 
LVL 104

Expert Comment

by:Sembee
ID: 13671986
How long have you spent trying to get this machine to join this domain? A couple of hours?

If a machine is playing up I give it 30 minutes at most. Then I wipe it. That is what I would recommend to you right now. Something is wrong with this particular machine and you could spend hours trying to find what it is without a resolution.

Dump the data off somewhere else and wipe it. If a new build gives the same problem then you are looking at something more obscure.

Simon.
0
 
LVL 4

Expert Comment

by:Dan_JB
ID: 13671998
You won't be able to map a share without specifying a valid user name on your 2003 domain. Try the @ format and let us know what happens.
0
 
LVL 1

Author Comment

by:brothertu
ID: 13676803
Hi Dan_JB, I've just tried @format user and got the same access denied message.
0
 
LVL 4

Expert Comment

by:Dan_JB
ID: 13680835
Did you try that with the 2003 domain admin, both mapping to a share and joining the domain? If yes, then it looks like the problem is more than just joining the domain.

Is the xp system on the same subnet as the 2003 server? Your default gateway should point to your router unless you are using RRAS on your 2003 server. Double-check your client is pointing to the 2003 server for DNS (check IPCONFIG /ALL at a command prompt)? Verify you can PING your DC using the fully qualified domain name (e.g. dc@your2003domain.com).

Do you have SP2 installed? If so, have you tried turning off the firewall in case the defaults have been changed?
0
 
LVL 1

Author Comment

by:brothertu
ID: 13691003
The problem has been fixed!
I've tried reseal the machine to factory setting, generated a new SID, reinstall tcp/ip (got a tcp/ip tool), but no luck, and finally I found this article from Microsoft talking about "access denied":
http://support.microsoft.com/default.aspx?scid=kb;en-us;330095 
I assigned full rights to administrator account for computer objects and then it works.
This article described the mechanism that Windows XP Professional uses to locate a domain controller in a Windows-based domain:
http://support.microsoft.com/kb/314861/EN-US/ 

Thank you very much for your help. Enjoy the rest of the weekend!

Hi Dan_JB,
Thanks for your help and reply any way.
>Did you try that with the 2003 domain admin, both mapping to a share and joining the domain? If yes, then it looks like the problem is more than just joining the domain.
Yes, got problem to map share folder as well.
The client pc is on the same subnet as 2003 server, and gateway, DNS are pointed to server since I got not router there when I doing the test. Has no problem to ping FQDN name of the server. It's running sp1.

0
 
LVL 4

Accepted Solution

by:
Dan_JB earned 750 total points
ID: 13697304
I had read that MS article you quoted, however one of the fixes is to use a Domain Admin account, so if you had been using one this should not have applied?!

Glad you are up and running anyway.
0
 
LVL 1

Author Comment

by:brothertu
ID: 13697658
>I had read that MS article you quoted, however one of the fixes is to use a Domain Admin account, so if you had been using one this should not have applied?!
Yeah, that's what I am thinking. There must be something wrong with the administrator account. I have talked this with the system administrator of the network which those problem Winxp PCs belong to, he got no idea what happened before.
This is a weird case. There about 20 Winxp machines in their network and some of them have no problem but some of them  can't be joined to the domain neither to access the shared folder on the server.
0
 
LVL 4

Expert Comment

by:Dan_JB
ID: 13697733
Agreed. I'd say that someone removed some of the default privledges from the domain admins in the security policies either locally or via group policy.
0
 
LVL 1

Author Comment

by:brothertu
ID: 13697751
I am giving the points to Dan_JB who didn't lost interest on solving this problem. :)
0
 
LVL 4

Expert Comment

by:Dan_JB
ID: 13698005
Thanks brothertu! Appreciate it.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Screencast - Getting to Know the Pipeline
With just a little bit of  SQL and VBA, many doors open to cool things like synchronize a list box to display data relevant to other information on a form.  If you have never written code or looked at an SQL statement before, no problem! ...  give i…

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question