?
Solved

winxp cannot join to win2003 domain

Posted on 2005-03-31
15
Medium Priority
?
1,314 Views
Last Modified: 2008-01-16
I am trying to join a winxp machine to a windows 2003 domain but failed all the time. It always give me an error message as: your computer could not be joined to the domain because the following error has occurred: access is denied.

When I tried to join to domain, I am using the domain administrator account. I've tested by another winxp pc to join to the same domain  with administrator and got no problem, so it sounds like to me that the domain controller has no problem.
 I then installed another win2003 domain controller, which is an indepent one with different domain name and subnet. I got the same error message when I tried to join that winxp pc to the new domain!

On this bad winxp pc, I can ping the domain controller with IP address and computer name, the DNS and gateway had been both set to the domain controller. There is only one dc in the network, actually only 2 machines in the network when I was doing the test.

I don't know what's wrong with that winxp machine. It was a win2000 domain member pc 1 week ago and has been removed from the old domain to a workgroup this week. When I tried to join it  to a win2003 domain the day before yesterday, those stories happened and I am really confused.

Anyone get any idea?

Thanks.
0
Comment
Question by:brothertu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
  • 2
  • +1
15 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 13670901
Have you tried renaming the machine?
You said that it was a Windows 2000 machine a week ago - was it upgraded, or wiped and started from scratch?

Simon.
0
 
LVL 1

Expert Comment

by:Hernandez
ID: 13670957
Have you checked your DNS setting on the client machine?  They should point to a WIndows DNS server so that the xP machine can locate a DC.
0
 
LVL 1

Author Comment

by:brothertu
ID: 13671010
Hi Sembee,Hernandez:
Thanks for your reply.

Yes I did tried renaming the machine  but still not work.

That Winxp machine was a member of a domain which had a win2000 server as domain controller one week ago.  I removed it from the w2k domain the day before yesterday and just tried to join it to another domain which has a win2003 server as domain controller.

On the winxp client machine, the DNS and default gateway are both pointed to the win2003 server which has a DNS server running on it.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Expert Comment

by:Dan_JB
ID: 13671606
When you are prompted for the admin user to join the domain try specifying the domain as well as the user: e.g. administrator@2003domain.com.

Are you able to map to a share on the 2003 server if you "Connect using a different user name"? From the Windows Explorer Tools menu and specify a user on your 2003 domain using the @ format?
0
 
LVL 1

Author Comment

by:brothertu
ID: 13671906
Hi Dan JB,
Thanks for you help.
Since the error message I got is sort of "access is denied",I thought it may indicate something wrong with the privilege so I didn't try @ format user name and password you mentioned. But I will have a try tomorrow any way.

As for the share folder on 2003 server, I cannot access it by explorer.
From the network place, I can see the 2003 server name under the domain, when I double clicked on it I got a prompt window asked me for user name and password, I've tried several different accounts but none of them work.
I have also tried to map a network drive  by net use command, always got error message says "access denied", like this:
net use z: \\2003serverIP\sharedfolder-on-2003server

I've also tried on another Winxp machine and got no problem to join it to the same domain with the same administrator account, and I can access all the shared folders on the server too.

As I've mentioned in my question, this headache Winxp machine can't be joined to another brand new domain which I just built for test purpose, access is denied, access is denied, access is denied....
0
 
LVL 104

Expert Comment

by:Sembee
ID: 13671986
How long have you spent trying to get this machine to join this domain? A couple of hours?

If a machine is playing up I give it 30 minutes at most. Then I wipe it. That is what I would recommend to you right now. Something is wrong with this particular machine and you could spend hours trying to find what it is without a resolution.

Dump the data off somewhere else and wipe it. If a new build gives the same problem then you are looking at something more obscure.

Simon.
0
 
LVL 4

Expert Comment

by:Dan_JB
ID: 13671998
You won't be able to map a share without specifying a valid user name on your 2003 domain. Try the @ format and let us know what happens.
0
 
LVL 1

Author Comment

by:brothertu
ID: 13676803
Hi Dan_JB, I've just tried @format user and got the same access denied message.
0
 
LVL 4

Expert Comment

by:Dan_JB
ID: 13680835
Did you try that with the 2003 domain admin, both mapping to a share and joining the domain? If yes, then it looks like the problem is more than just joining the domain.

Is the xp system on the same subnet as the 2003 server? Your default gateway should point to your router unless you are using RRAS on your 2003 server. Double-check your client is pointing to the 2003 server for DNS (check IPCONFIG /ALL at a command prompt)? Verify you can PING your DC using the fully qualified domain name (e.g. dc@your2003domain.com).

Do you have SP2 installed? If so, have you tried turning off the firewall in case the defaults have been changed?
0
 
LVL 1

Author Comment

by:brothertu
ID: 13691003
The problem has been fixed!
I've tried reseal the machine to factory setting, generated a new SID, reinstall tcp/ip (got a tcp/ip tool), but no luck, and finally I found this article from Microsoft talking about "access denied":
http://support.microsoft.com/default.aspx?scid=kb;en-us;330095 
I assigned full rights to administrator account for computer objects and then it works.
This article described the mechanism that Windows XP Professional uses to locate a domain controller in a Windows-based domain:
http://support.microsoft.com/kb/314861/EN-US/ 

Thank you very much for your help. Enjoy the rest of the weekend!

Hi Dan_JB,
Thanks for your help and reply any way.
>Did you try that with the 2003 domain admin, both mapping to a share and joining the domain? If yes, then it looks like the problem is more than just joining the domain.
Yes, got problem to map share folder as well.
The client pc is on the same subnet as 2003 server, and gateway, DNS are pointed to server since I got not router there when I doing the test. Has no problem to ping FQDN name of the server. It's running sp1.

0
 
LVL 4

Accepted Solution

by:
Dan_JB earned 750 total points
ID: 13697304
I had read that MS article you quoted, however one of the fixes is to use a Domain Admin account, so if you had been using one this should not have applied?!

Glad you are up and running anyway.
0
 
LVL 1

Author Comment

by:brothertu
ID: 13697658
>I had read that MS article you quoted, however one of the fixes is to use a Domain Admin account, so if you had been using one this should not have applied?!
Yeah, that's what I am thinking. There must be something wrong with the administrator account. I have talked this with the system administrator of the network which those problem Winxp PCs belong to, he got no idea what happened before.
This is a weird case. There about 20 Winxp machines in their network and some of them have no problem but some of them  can't be joined to the domain neither to access the shared folder on the server.
0
 
LVL 4

Expert Comment

by:Dan_JB
ID: 13697733
Agreed. I'd say that someone removed some of the default privledges from the domain admins in the security policies either locally or via group policy.
0
 
LVL 1

Author Comment

by:brothertu
ID: 13697751
I am giving the points to Dan_JB who didn't lost interest on solving this problem. :)
0
 
LVL 4

Expert Comment

by:Dan_JB
ID: 13698005
Thanks brothertu! Appreciate it.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question