Solved

Trouble joining pc's to the domain

Posted on 2006-07-06
6
309 Views
Last Modified: 2010-04-18
Any help would be greatly appreciated!!!

I have pc's that were in a Samba Linux domain. We have disjoined the pc's from that domain and are now trying to join them to a Wiindows Server 2003 domain. About half of the pc's are joining fine with no problems. The other half are not joining the domain. They automatically return an access is denied error when you try to join them. This has nothing to do with the accounts not having permission. I am using a domain admin account to add these pc's. The fact that some are joining no problem proves that it isn't with the account being used to add the computers. We are thinking that some settings may have been changed on the local pc's by being joined to a Linux (red hat) domain. Does anyone have ANY idea whatsoever about the local security policies and how they should be set in the local pc to allow for the pc to join a Server 2003 environment?????

0
Comment
Question by:snyderpaper
6 Comments
 
LVL 9

Expert Comment

by:SamuraiCrow
ID: 17054444
You can test the security setup theory by adding the compatws template discussed here.  I've also included the instructions for applying the template.  If reseting the security doesn't work we know we'll need to look elsewhere.

Information on Security Templates

http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sag_scedefaultpols.mspx?mfr=true


Apply a new Security Template

Apply a Security Template
1. Click Start, click Run, type mmc, and then click OK.
2. On the File menu, click Add/Remove Snap-in.
3. Click Add.
4. In the Available Stand Alone Snap-ins list, click Security Configuration and Analysis, click Add, click Close, and then click OK.
5. In the left pane, click Security Configuration and Analysis and view the instructions in the right pane.  
6. Right-click Security Configuration and Analysis, and then click Open Database.
7. In the File name box, type the name of the database file, and then click Open.
8. Click the security template that you want to use, and then click Open to import the entries that are contained in the template to the database.
9. Right-click Security Configuration and Analysis in the left pane, and then click Configure Computer Now.


Crow
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 500 total points
ID: 17055283
COMPATWS.INF is for loosening the security to run applications that are non-compliant as normal Users - I don't think that's going to do much for you.

The problem may lie in the method used to image these PCs - did you run sysprep before imaging or are all these using the OEM builds that came with them?
0
 
LVL 2

Expert Comment

by:bleujaegel
ID: 17055971
Is this a fresh W2K3 install?  If not, is it possible that these machine accounts already existed in AD?  If so, delete them and try joining the domain again.  Anything in the event viewer?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 1

Author Comment

by:snyderpaper
ID: 17063407
I appreciate all of the responses. Let me answer all of your questions:

The problem may lie in the method used to image these PCs - did you run sysprep before imaging or are all these using the OEM builds that came with them?

They are using the OEM builds. Unfortunately, I have been hired on to a company to bring them into the 20th century and hopefully eventually into the 21st. None of these pc's were imaged so sysprep is not an issue.

Is this a fresh W2K3 install?  If not, is it possible that these machine accounts already existed in AD?  If so, delete them and try joining the domain again.  Anything in the event viewer?

As stated above these are not fresh installs. These machines did not exist in AD as they were previously on a Linux domain and are now being joined to a Windows domain. There were absolutely NO errors in the event logs on any of these pc's!

About half of the pc's joined the windows domain with no problem and the other half did not. Taking Crow's suggestion and some last minute information I got from the person who joined these pc's to the linux domain, I decided to reapply the local security policy. Unfortunately, this in and of itself did not fix the problem. I have been able to find a fix for the problem though. Using a combination of reapplying local security policy and then doing an operating system repair I was able to get them to join. There may have been an easier way to do this but I was completely stumped. I'm not sure what doing both of these in conjunction changed and allowed the pc's to join the windows domain. I am only glad that it did allow them to work.

Thanks for your input! This is my first post to experts exchange so I'm not entirely sure how to award the points. I suppose they will go to Crow as the suggestion's atleast helped to fix the problem.
0
 
LVL 1

Author Comment

by:snyderpaper
ID: 17067749
OK... I'm not sure how that happened. I clicked to give the points to Crow (or atleast I thought I did) can this be fixed???
0
 
LVL 51

Expert Comment

by:Netman66
ID: 17069660
Yes, post a Q in Community Support linking to this one asking them for assistance.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
On July 14th 2015, Windows Server 2003 will become End of Support, leaving hundreds of thousands of servers around the world that still run this 12 year old operating system vulnerable and potentially out of compliance in many organisations around t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now