brothertu
asked on
winxp cannot join to win2003 domain
I am trying to join a winxp machine to a windows 2003 domain but failed all the time. It always give me an error message as: your computer could not be joined to the domain because the following error has occurred: access is denied.
When I tried to join to domain, I am using the domain administrator account. I've tested by another winxp pc to join to the same domain with administrator and got no problem, so it sounds like to me that the domain controller has no problem.
I then installed another win2003 domain controller, which is an indepent one with different domain name and subnet. I got the same error message when I tried to join that winxp pc to the new domain!
On this bad winxp pc, I can ping the domain controller with IP address and computer name, the DNS and gateway had been both set to the domain controller. There is only one dc in the network, actually only 2 machines in the network when I was doing the test.
I don't know what's wrong with that winxp machine. It was a win2000 domain member pc 1 week ago and has been removed from the old domain to a workgroup this week. When I tried to join it to a win2003 domain the day before yesterday, those stories happened and I am really confused.
Anyone get any idea?
Thanks.
When I tried to join to domain, I am using the domain administrator account. I've tested by another winxp pc to join to the same domain with administrator and got no problem, so it sounds like to me that the domain controller has no problem.
I then installed another win2003 domain controller, which is an indepent one with different domain name and subnet. I got the same error message when I tried to join that winxp pc to the new domain!
On this bad winxp pc, I can ping the domain controller with IP address and computer name, the DNS and gateway had been both set to the domain controller. There is only one dc in the network, actually only 2 machines in the network when I was doing the test.
I don't know what's wrong with that winxp machine. It was a win2000 domain member pc 1 week ago and has been removed from the old domain to a workgroup this week. When I tried to join it to a win2003 domain the day before yesterday, those stories happened and I am really confused.
Anyone get any idea?
Thanks.
Have you checked your DNS setting on the client machine? They should point to a WIndows DNS server so that the xP machine can locate a DC.
ASKER
Hi Sembee,Hernandez:
Thanks for your reply.
Yes I did tried renaming the machine but still not work.
That Winxp machine was a member of a domain which had a win2000 server as domain controller one week ago. I removed it from the w2k domain the day before yesterday and just tried to join it to another domain which has a win2003 server as domain controller.
On the winxp client machine, the DNS and default gateway are both pointed to the win2003 server which has a DNS server running on it.
Thanks for your reply.
Yes I did tried renaming the machine but still not work.
That Winxp machine was a member of a domain which had a win2000 server as domain controller one week ago. I removed it from the w2k domain the day before yesterday and just tried to join it to another domain which has a win2003 server as domain controller.
On the winxp client machine, the DNS and default gateway are both pointed to the win2003 server which has a DNS server running on it.
When you are prompted for the admin user to join the domain try specifying the domain as well as the user: e.g. administrator@2003domain.c om.
Are you able to map to a share on the 2003 server if you "Connect using a different user name"? From the Windows Explorer Tools menu and specify a user on your 2003 domain using the @ format?
Are you able to map to a share on the 2003 server if you "Connect using a different user name"? From the Windows Explorer Tools menu and specify a user on your 2003 domain using the @ format?
ASKER
Hi Dan JB,
Thanks for you help.
Since the error message I got is sort of "access is denied",I thought it may indicate something wrong with the privilege so I didn't try @ format user name and password you mentioned. But I will have a try tomorrow any way.
As for the share folder on 2003 server, I cannot access it by explorer.
From the network place, I can see the 2003 server name under the domain, when I double clicked on it I got a prompt window asked me for user name and password, I've tried several different accounts but none of them work.
I have also tried to map a network drive by net use command, always got error message says "access denied", like this:
net use z: \\2003serverIP\sharedfolde r-on-2003s erver
I've also tried on another Winxp machine and got no problem to join it to the same domain with the same administrator account, and I can access all the shared folders on the server too.
As I've mentioned in my question, this headache Winxp machine can't be joined to another brand new domain which I just built for test purpose, access is denied, access is denied, access is denied....
Thanks for you help.
Since the error message I got is sort of "access is denied",I thought it may indicate something wrong with the privilege so I didn't try @ format user name and password you mentioned. But I will have a try tomorrow any way.
As for the share folder on 2003 server, I cannot access it by explorer.
From the network place, I can see the 2003 server name under the domain, when I double clicked on it I got a prompt window asked me for user name and password, I've tried several different accounts but none of them work.
I have also tried to map a network drive by net use command, always got error message says "access denied", like this:
net use z: \\2003serverIP\sharedfolde
I've also tried on another Winxp machine and got no problem to join it to the same domain with the same administrator account, and I can access all the shared folders on the server too.
As I've mentioned in my question, this headache Winxp machine can't be joined to another brand new domain which I just built for test purpose, access is denied, access is denied, access is denied....
How long have you spent trying to get this machine to join this domain? A couple of hours?
If a machine is playing up I give it 30 minutes at most. Then I wipe it. That is what I would recommend to you right now. Something is wrong with this particular machine and you could spend hours trying to find what it is without a resolution.
Dump the data off somewhere else and wipe it. If a new build gives the same problem then you are looking at something more obscure.
Simon.
If a machine is playing up I give it 30 minutes at most. Then I wipe it. That is what I would recommend to you right now. Something is wrong with this particular machine and you could spend hours trying to find what it is without a resolution.
Dump the data off somewhere else and wipe it. If a new build gives the same problem then you are looking at something more obscure.
Simon.
You won't be able to map a share without specifying a valid user name on your 2003 domain. Try the @ format and let us know what happens.
ASKER
Hi Dan_JB, I've just tried @format user and got the same access denied message.
Did you try that with the 2003 domain admin, both mapping to a share and joining the domain? If yes, then it looks like the problem is more than just joining the domain.
Is the xp system on the same subnet as the 2003 server? Your default gateway should point to your router unless you are using RRAS on your 2003 server. Double-check your client is pointing to the 2003 server for DNS (check IPCONFIG /ALL at a command prompt)? Verify you can PING your DC using the fully qualified domain name (e.g. dc@your2003domain.com).
Do you have SP2 installed? If so, have you tried turning off the firewall in case the defaults have been changed?
Is the xp system on the same subnet as the 2003 server? Your default gateway should point to your router unless you are using RRAS on your 2003 server. Double-check your client is pointing to the 2003 server for DNS (check IPCONFIG /ALL at a command prompt)? Verify you can PING your DC using the fully qualified domain name (e.g. dc@your2003domain.com).
Do you have SP2 installed? If so, have you tried turning off the firewall in case the defaults have been changed?
ASKER
The problem has been fixed!
I've tried reseal the machine to factory setting, generated a new SID, reinstall tcp/ip (got a tcp/ip tool), but no luck, and finally I found this article from Microsoft talking about "access denied":
http://support.microsoft.com/default.aspx?scid=kb;en-us;330095
I assigned full rights to administrator account for computer objects and then it works.
This article described the mechanism that Windows XP Professional uses to locate a domain controller in a Windows-based domain:
http://support.microsoft.com/kb/314861/EN-US/
Thank you very much for your help. Enjoy the rest of the weekend!
Hi Dan_JB,
Thanks for your help and reply any way.
>Did you try that with the 2003 domain admin, both mapping to a share and joining the domain? If yes, then it looks like the problem is more than just joining the domain.
Yes, got problem to map share folder as well.
The client pc is on the same subnet as 2003 server, and gateway, DNS are pointed to server since I got not router there when I doing the test. Has no problem to ping FQDN name of the server. It's running sp1.
I've tried reseal the machine to factory setting, generated a new SID, reinstall tcp/ip (got a tcp/ip tool), but no luck, and finally I found this article from Microsoft talking about "access denied":
http://support.microsoft.com/default.aspx?scid=kb;en-us;330095
I assigned full rights to administrator account for computer objects and then it works.
This article described the mechanism that Windows XP Professional uses to locate a domain controller in a Windows-based domain:
http://support.microsoft.com/kb/314861/EN-US/
Thank you very much for your help. Enjoy the rest of the weekend!
Hi Dan_JB,
Thanks for your help and reply any way.
>Did you try that with the 2003 domain admin, both mapping to a share and joining the domain? If yes, then it looks like the problem is more than just joining the domain.
Yes, got problem to map share folder as well.
The client pc is on the same subnet as 2003 server, and gateway, DNS are pointed to server since I got not router there when I doing the test. Has no problem to ping FQDN name of the server. It's running sp1.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
>I had read that MS article you quoted, however one of the fixes is to use a Domain Admin account, so if you had been using one this should not have applied?!
Yeah, that's what I am thinking. There must be something wrong with the administrator account. I have talked this with the system administrator of the network which those problem Winxp PCs belong to, he got no idea what happened before.
This is a weird case. There about 20 Winxp machines in their network and some of them have no problem but some of them can't be joined to the domain neither to access the shared folder on the server.
Yeah, that's what I am thinking. There must be something wrong with the administrator account. I have talked this with the system administrator of the network which those problem Winxp PCs belong to, he got no idea what happened before.
This is a weird case. There about 20 Winxp machines in their network and some of them have no problem but some of them can't be joined to the domain neither to access the shared folder on the server.
Agreed. I'd say that someone removed some of the default privledges from the domain admins in the security policies either locally or via group policy.
ASKER
I am giving the points to Dan_JB who didn't lost interest on solving this problem. :)
Thanks brothertu! Appreciate it.
You said that it was a Windows 2000 machine a week ago - was it upgraded, or wiped and started from scratch?
Simon.