Solved

Can't join windows XP Pro workstation to windows NT domain

Posted on 2006-06-16
4
3,931 Views
Last Modified: 2013-12-23
Question:

I am trying to add a Windows XP Pro SP2 PC named IBM-001 to my little Windows NT Network. The PDC in my little network is a Windows NT Server version 4.0 SP6a named TANGO. On this PDC I have created a user account and made it a member of the "Domain Users" Group by using the User Manager >> User Properties dialog box. I have also added the Windows XP Pro SP2 PC to the domain named DANCE by using on the PDC the Server Manager >> Add Computer to Domain dialog box.

On the XP Pro workstation (host name: IBM-001), when I use the Network Identification Wizard and I'm on the screen that says: "User Account and domain information", after entering the UID, PW, and domain,I get the following dialog box: "Your computer must also belong to a domain." So after entering my computer host name "IBM-001" and the domain that I want it to join "DANCE", I get another dialog box that asks for my UID, PW, and domain. I enter my user ID that I created above. I very carefully enter my PW. And I enter my domain name "DANCE". This is followed by a response window (It only has one button on it to click -- "OK") that says: "Your computer could not be joined to the domain because the following error has occured: Logon failure: unknown user name or bad password."

Somewhere else along the way that happen so long ago and so much has happened since I can't remember where I got the error message: "Windows cannot find an account for your computer on the DANCE domain".

What makes this question even more challenging is the fact that on IBM-001 I can go to "My Network Places>>Entire Network>>Microsoft Windows Network" and click on the plus sign in front of host name "Tango" and I get a dialog box with the title bar text "Connect to Tango" with some keys icon. After I enter my UID and PW created above, I am shown all the share names on Tango. That means that, from IBM-001 to Tango, I have connectivity and the UID and PW I created on Tango are good.

I will give the same information that was requested in another question on EE by the same title from a different user who had much different circumstances than I do so that the Experts that help me won't have to ask them. Maybe we will get to a good answer a little faster that way.

+++++++++
I can ping workstation to server and server to workstation; no problem. In response to the command lines "ipconfig -all" and "route print" on the WS and server I get the following results:

Server:

"ipconfig -all":

Windows NT IP Configuration

      Host Name . . . . . . . . . : tango.HOBBIT
      DNS Servers . . . . . . . . : 10.125.224.1
                                    68.94.156.1
      Node Type . . . . . . . . . : Hybrid

      NetBIOS Scope ID. . . . . . :

      IP Routing Enabled. . . . . : No

      WINS Proxy Enabled. . . . . : No

      NetBIOS Resolution Uses DNS : No


Ethernet adapter El90x1:



      Description . . . . . . . . : 3Com 3C90x Ethernet Adapter

      Physical Address. . . . . . : 00-C0-4F-58-3C-86

      DHCP Enabled. . . . . . . . : Yes

      IP Address. . . . . . . . . : 10.125.224.33

      Subnet Mask . . . . . . . . : 255.255.255.0

      Default Gateway . . . . . . : 10.125.224.1

      DHCP Server . . . . . . . . : 10.125.224.1

      Lease Obtained. . . . . . . : Friday, June 16, 2006 7:55:23 PM

      Lease Expires . . . . . . . : Saturday, June 17, 2006 7:55:23 PM


"route print":

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 c0 4f 58 3c 86 ...... 3Com 3C90x Ethernet Adapter
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     10.125.224.1   10.125.224.33        1
     10.125.224.0    255.255.255.0    10.125.224.33   10.125.224.33        1
    10.125.224.33  255.255.255.255        127.0.0.1       127.0.0.1        1
   10.255.255.255  255.255.255.255    10.125.224.33   10.125.224.33        1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1        1
        224.0.0.0        224.0.0.0    10.125.224.33   10.125.224.33        1
  255.255.255.255  255.255.255.255    10.125.224.33   10.125.224.33        1
===========================================================================


Workstation (IBM-001):

"ipconfig -all":


Windows IP Configuration

        Host Name . . . . . . . . . . . . : ibm-001
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : HOBBIT

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : HOBBIT
        Description . . . . . . . . . . . : Intel® PRO/100 VE Desktop Connection
        Physical Address. . . . . . . . . : 00-09-6B-F2-51-0A
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.125.224.36
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.125.224.1
        DHCP Server . . . . . . . . . . . : 10.125.224.1
        DNS Servers . . . . . . . . . . . : 10.125.224.1
                                            68.94.156.1
        Primary WINS Server . . . . . . . : 10.125.224.33
        Lease Obtained. . . . . . . . . . : Friday, June 16, 2006 12:27:44
        Lease Expires . . . . . . . . . . : Saturday, June 17, 2006 12:27:44

"route print":

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 09 6b f2 51 0a ...... Intel® PRO/100 VE Desktop Connection - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     10.125.224.1   10.125.224.36        30
     10.125.224.0    255.255.255.0    10.125.224.36   10.125.224.36        30
    10.125.224.36  255.255.255.255        127.0.0.1       127.0.0.1        30
   10.255.255.255  255.255.255.255    10.125.224.36   10.125.224.36        30
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1        1
        224.0.0.0        240.0.0.0    10.125.224.36   10.125.224.36        30
  255.255.255.255  255.255.255.255    10.125.224.36   10.125.224.36        1
Default Gateway:      10.125.224.1
===========================================================================
Persistent Routes:
  None


// =====================================================================

Somebody please tell me why it ain't happening for me because I have researched the question and I can't find an answer on my own.
0
Comment
Question by:Ted Palmer
  • 2
  • 2
4 Comments
 
LVL 95

Accepted Solution

by:
Lee W, MVP earned 500 total points
ID: 16923860
I think you're over thinking this.  Try this and post what happens:

1.  Delete the account you created for the computer (computer accounts are automatically created when you join the domain).
2.  Don't use the wizard.  Bring up the system control panel, go to the Computer Name tab, click the "Change" button.  
3.  In the window that appears, enter the NT4 domain name and click OK.  You should then be prompted for a username and password.  Use ANY user name that has ADMINISTRATOR privilages, and the accompanying password.

Wait a few seconds and you should be ok.
0
 

Author Comment

by:Ted Palmer
ID: 16924267
leew:

I attempted as you suggested and here is what happened:

I deleted the user account that I had created on the PDC but I didn't remove the host IBM-001 from the domain because the caution message I got made me feel like that wasn't a good idea. Sorry I didn't write it down. I'll. . . . Oh shoot. It was

Title bar text: "Server Manager"

Message: "Removing IBM-001 from the domain will render it incapable of authenticating domain logons until it is added to another domain."

"Are you sure you want to remove IBM-001 from the DANCE domain?" Yes/No

I selected "No" and left it in place.

On IBM-001 From My Computer >> System Properties where is says "To rename this computer or join a domain, click Change." I clicked on "Change..." and another dialog box poped up. Title bar text "Computer Name Changes" with message: "Enter the name and password of an account with permission to join the domain".

I tried both the 'Administrator' account and the account that I had created on the IBM-001 as a user member of the Administrators Group. The both got the same error message.

Title bar text: "Computer Name Changes" message: "The following error occured attempting to join the domain "DANCE": Logon failure: unknown user name or bad password". I wish it would tell me on which machine the user name or password was bad on.

That is what I'm getting. Part of the problem for me is that when the message box asks for a "...name and password of an account with permission to join the domain" it doesn't specify on what host that UID and PW is authenticated. Is it supposed to be a UID that is a member of the Administrators Group on the local machine? I would have thought it would be the UID (They -- Microsoft -- shouldn't be calling it a name. It is the user ID -- a unique string that names the account. name is ambiguous in this context.) on the PDC.

Additional Info:
When I got to the "Computer Name Changes" dialog box, the radio button for Domain was already selected with the string "DANCE" in the Domain text box. Since the "OK" button was grayed out it would only change from grayed out to active if I changed the string "DANCE" some kind of way. Which indicated to me that the host IBM-001 was already a member of domain DANCE. I selected Workgroup and made IBM-001 a member of an old Workgroup that I used to use so that I could follow your suggestion and join the domain without a user account on the PDC. Also, I usually establish a UID on the local machine that is the same as my Domain UID. I had already done that but apparently I had gobered up the PW because I couldn't logon to the local machine till I logged on as Administrator and changed the PW for that user. Then I was able to logon to IBM-001 as that user. Which is the same as the UID that I'm trying to get established on the PDC and authenticated by the PDC when I logon to IBM-001. That is the way I have it on 4 other W2K machines that I have.

I'm just waiting to see what my next move is going to be.

Thank you.

TedPalmer
0
 
LVL 95

Expert Comment

by:Lee W, MVP
ID: 16924350
I didn't say delete the user account - I said delete the COMPUTER account.  Which you chose not to do because of a correct but pointless warning.  Is IBM-001 logging in to the domain?  If I read you correctly, no.  So if no, SO WHAT if  ""Removing IBM-001 from the domain will render it incapable of authenticating domain logons until it is added to another domain."  As I said, computer accounts are automatically created when you join the domain.

When prompted for the user name, try using YourDomainName\AdministratorAccount as the user name.
0
 

Author Comment

by:Ted Palmer
ID: 16925125
leew:

I just now got to do what you suggested. It didn't work. I went back and deleted the computer account on the PDC and restored the Username, as it is called on the PDC, that I was using. After I did this I got an error message on IBM-001, while joining to the domain, that was not foreign to me but one that I have not yet seen in this effort. It was very simple: "Access Denied". I went back to the PDC and added back the IBM-001 host as a member of the DANCE domain. After doing this, I was able to go back to IBM-001 and join it to the DANCE domain.

The best that I can figure out is that I had the userID on the local machine, IBM-001, with the wrong password. I could not use that userID to logon to the local machine. Once I got that corrected everything just fell into place; BUT I'm sure that everything would not have "fell into place" without your advise. I was confused about which host the error messages applied to without your advice. So I'm awarding you the points.

TedPalmer
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now