Unable to join xp or 2000 clients to 2k3 server - access denied

Hi, since the file server was moved we are now unable to atttach any PC (100 plus) to our file server. COmes up access denied.

Re built server, using administrator account, have tried other PC names, DNS working and setup fine. We have found 2 PCs which can join and dettach from the server ok.

Have tried linking a workstations and server with a mini switch, same thing.

Only way out at the moment is to clone ALL the PCs in this high school which is a nightmare (differant hardware). At the mo we have only 2 PCs which work.

This is the toughest prob I have had to deal with in 7 years of support!! I can't understand how so many PCs are now unable to join a domain. WHen the server was moved it had a program error lsass.exe, so its been formatted and rebuild - bog standard build.

Below is an extract from log file.

07/07 09:38:14 -----------------------------------------------------------------
07/07 09:38:14 NetpDoDomainJoin
07/07 09:38:14 NetpMachineValidToJoin: 'T2-02'
07/07 09:38:14 NetpGetLsaPrimaryDomain: status: 0x0
07/07 09:38:14 NetpMachineValidToJoin: status: 0x0
07/07 09:38:14 NetpJoinDomain
07/07 09:38:14       Machine: T2-02
07/07 09:38:14       Domain: domainxx
07/07 09:38:14       MachineAccountOU: (NULL)
07/07 09:38:14       Account: domainxx\administrator
07/07 09:38:14       Options: 0x25
07/07 09:38:14       OS Version: 5.0
07/07 09:38:14       Build number: 2195
07/07 09:38:14       ServicePack: Service Pack 4
07/07 09:38:14 NetpValidateName: checking to see if 'domainxx' is valid as type 3 name
07/07 09:38:14 NetpCheckDomainNameIsValid [ Exists ] for 'domainxx' returned 0x0
07/07 09:38:14 NetpValidateName: name 'domainxx' is valid for type 3
07/07 09:38:14 NetpDsGetDcName: trying to find DC in domain 'domainxx', flags: 0x1020
07/07 09:38:29 NetpDsGetDcName: failed to find a DC having account 'T2-02$': 0x525
07/07 09:38:29 NetpDsGetDcName: found DC '\\4019C' in the specified domain
07/07 09:38:29 NetUseAdd to \\4019C\IPC$ returned 5
07/07 09:38:29 Trying add to  \\4019C\IPC$ using NULL Session
07/07 09:38:29 NullSession NetUseAdd to \\4019C\IPC$ returned 5
07/07 09:38:29 NetpJoinDomain: status of connecting to dc '\\4019C': 0x5
07/07 09:38:29 NetpDoDomainJoin: status: 0x5
07/07 09:48:26 -----------------------------------------------------------------
07/07 09:48:26 NetpValidateName: checking to see if 'domainxx' is valid as type 3 name
07/07 09:48:26 NetpCheckDomainNameIsValid [ Exists ] for 'domainxx' returned 0x0
07/07 09:48:26 NetpValidateName: name 'domainxx' is valid for type 3
07/07 09:48:31 -----------------------------------------------------------------
07/07 09:48:31 NetpDoDomainJoin
07/07 09:48:31 NetpMachineValidToJoin: 'T2-02'
07/07 09:48:31 NetpGetLsaPrimaryDomain: status: 0x0
07/07 09:48:31 NetpMachineValidToJoin: status: 0x0
07/07 09:48:31 NetpJoinDomain
07/07 09:48:31       Machine: T2-02
07/07 09:48:31       Domain: domainxx
07/07 09:48:31       MachineAccountOU: (NULL)
07/07 09:48:31       Account: domainxx\administrator
07/07 09:48:31       Options: 0x27
07/07 09:48:31       OS Version: 5.0
07/07 09:48:31       Build number: 2195
07/07 09:48:31       ServicePack: Service Pack 4
07/07 09:48:31 NetpValidateName: checking to see if 'domainxx' is valid as type 3 name
07/07 09:48:32 NetpCheckDomainNameIsValid [ Exists ] for 'domainxx' returned 0x0
07/07 09:48:32 NetpValidateName: name 'domainxx' is valid for type 3
07/07 09:48:32 NetpDsGetDcName: trying to find DC in domain 'domainxx', flags: 0x1020
07/07 09:48:32 NetpDsGetDcName: found DC '\\4019C' in the specified domain
07/07 09:48:32 NetUseAdd to \\4019C\IPC$ returned 5
07/07 09:48:32 NetpJoinDomain: status of connecting to dc '\\4019C': 0x5
07/07 09:48:32 NetpDoDomainJoin: status: 0x5
07/07 09:48:32 -----------------------------------------------------------------
07/07 09:48:32 NetpDoDomainJoin
07/07 09:48:32 NetpMachineValidToJoin: 'T2-02'
07/07 09:48:32 NetpGetLsaPrimaryDomain: status: 0x0
07/07 09:48:32 NetpMachineValidToJoin: status: 0x0
07/07 09:48:32 NetpJoinDomain
07/07 09:48:32       Machine: T2-02
07/07 09:48:32       Domain: domainxx
07/07 09:48:32       MachineAccountOU: (NULL)
07/07 09:48:32       Account: domainxx\administrator
07/07 09:48:32       Options: 0x25
07/07 09:48:32       OS Version: 5.0
07/07 09:48:32       Build number: 2195
07/07 09:48:32       ServicePack: Service Pack 4
07/07 09:48:32 NetpValidateName: checking to see if 'domainxx' is valid as type 3 name
07/07 09:48:32 NetpCheckDomainNameIsValid [ Exists ] for 'domainxx' returned 0x0
07/07 09:48:32 NetpValidateName: name 'domainxx' is valid for type 3
07/07 09:48:32 NetpDsGetDcName: trying to find DC in domain 'domainxx', flags: 0x1020
07/07 09:48:32 NetpDsGetDcName: found DC '\\4019C' in the specified domain
07/07 09:48:32 NetUseAdd to \\4019C\IPC$ returned 5
07/07 09:48:32 Trying add to  \\4019C\IPC$ using NULL Session
07/07 09:48:32 NullSession NetUseAdd to \\4019C\IPC$ returned 5
07/07 09:48:32 NetpJoinDomain: status of connecting to dc '\\4019C': 0x5
07/07 09:48:32 NetpDoDomainJoin: status: 0x5


I hope someone can help!!!

James
m0bovAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JBlondCommented:
You said you "moved the server". What have you changed?
m0bovAuthor Commented:
Physical location, that was all, since then I have rebuilt it. We did try plugging it back into identical socket.
JBlondCommented:
Are there any error messages in the event log of the server that a service hasn't been started on bootup or something like that.

I suppose you already tried to join the computer to the domain with joining them to a workgroup and then re-join them to the domain?

You said DNS is working fine: Can you ping the server from the computers with it's hostname?
Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

m0bovAuthor Commented:
Can ping ok, also can ping domain name, no event errors and yes, done workgroup, then onto domain using relevant admin account where needed.

Just found that the two machines that appeared to be on domain will not find the login scripts or group pols.
LongbowCommented:
Are the adapter's DNS configuration ok on each client ?
m0bovAuthor Commented:
Yes, also tried static. Have built another server on a differant chassis, still same problem.
LongbowCommented:
Have you removed then readd the computers from the AD ?
LongbowCommented:
I will try to run the next command in a dos box :
ipconfig /flushdns
LongbowCommented:
also run nbtstat -R if the above commang gives you no success
LongbowCommented:
Use the correct case for -R
glenn_1984Commented:
Did you add DNS and WINS to the work stations and WINS to the server?
Did you try to modify the lmhosts file on the workstation to point to the IP address of the server?
Are all the service packs on the server and work stations?
Did you try to join the domain by IP address?
For the PCs that are on the domain but will not run the login scripts, did you try to use the full path to the login script in the Profile of the User?
kapesCommented:
:)  try this

Change this value ...

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters\enablesecuritysignature

from 0 to 1 and restart the machine and then try again...
barnesm6Commented:
might be a daft question but is there a router between the servers new location and the clients?
what's the IP address of the servers lan card
what IP addresses are on the clients? obviously only need one at this point - once you get one working then the rest should follow suit.
also what subnet mas are you using on both the server and the clients?
how are you trying to connect the clients? are you doing it via system properties or are you using the connectcomputer via a browser?
At what point are you getting the error? when you try adding to domain, do you get asked for the admin account details then get access denied? I usually find that this is down the fact that the servers lan ip hasn't been set as the DNS server in the clients TCP/IP settings.
m0bovAuthor Commented:
Hi, found the problem which was client/software related rather than ip/hardware. Thanks very much for the suggestions.

Could a mod close the Q please? Thanks again.
kapesCommented:
is it possible for you to share the solution???
m0bovAuthor Commented:
Had to remove te MS Client and reinstall. Happened again which pointed to these "Deep Freeze" type cards in the machine, I think something in the client was not updating or getting corrupt.
kapesCommented:
I had faced the same problems.. and it was due to hardening...

basically, when connecting to a DC, it requires that Workstation service, "sign" its communication...otherwise it gives Access denied error...

if you get access denied for following command then surely the problem is same...

net use \\domaincontroller\ipc$  /user:adminuser adminpassword

You can enable the same key from group policy > computer configuration > windows settings > security settings > locla policies > security options > "Microsoft network client" Digitally sign communication (when server agrees)
which is enabled by the key i had provided...

m0bovAuthor Commented:
Tried the reg tweak but it did'nt make any differance.
moduloCommented:
PAQed with points refunded (500)

modulo
Community Support Moderator

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.