We help IT Professionals succeed at work.

Can't join domain on new SBS2003 R2 installation

Barnabus2006
Barnabus2006 asked
on
4,952 Views
Last Modified: 2009-07-31
We purchased a white box (Intel Core2 duo with Intel motherboard) server from a local OEM who preinstalled Small Business Server 2003 R2.  After finishing the setup, DHCP and DNS work well but AD seems to have some issues.  We tried to "manually" join an XP Pro system to our business.local domain but get the message:
  The following error occured attempting to join the domain "business.local"
  The network path was not found.
The application event log on the server showed event 1030 and event 1058.  We followed links on these events to Knowledge Base article 888943 about Group Policy, installed support tools, and used the ADSIedit.msi snapin.  This showed us the gPCFileSysPath was correct.

Any suggestions?
Comment
Watch Question

Can you ping "business.local" from the command prompt? How about sbsservername.business.local?

If you can't, there are a few reasons for this:
1) In DHCP, your DNS server is not your SBS machine - Change DHCP settings or disable DHCP on your router and enable on server
2) Your SBS machine did not register itself in its own DNS tables - Stop/Start the netlogon service on the server or reboot
3) Firewall/Antivirus on the workstation could be blocking the traffic (unlikely but possible) - disable the firewall and/or antivirus

You may also want to change your WINS server to the SBS machine's IP address and add "business.local" to your DNS Suffix box in TCP/IP Advanced settings.
Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013

Commented:
Your DNS is probably wrong.  Run IPCONFIG /ALL and post the the results here - run that on both the server and the XP workstation.

In Active Directory (Which SBS 2003 uses) DNS is VITAL to a properly working network - just because you can browse web sites doesn't mean you have it correct.  In my experience, I would estimate 4 out of 5 people who THINK they have DNS right, DON'T.

Now, WHY are you MANUALLY trying to connect it to the domain - you SHOULD be using the http://server/connectcomputer wizard.  SBS was designed to be managed by non-administrators and use of the wizards is almost mandatory if you don't want problems with the installation now or later.

For more SBS information, you might want to check out the SBS links page I setup here:
http://www.lwcomputing.com/tips/static/sbs.asp

Also, if possible, I'd return the whitebox PC - Servers run your business - you would be wise to get one from a major vendor (like Dell, Gateway, HP, IBM) - these vendors offer support that is almost always better, more available, and more reliable than a local vendor.  And a 3 year, 4 hour respons should be considered mandatory.  For workstations, the local vendor is fine, but for servers, it's usually not the best solution - only the cheapest - which, the first time it fails, will make it go from cheapest to most expensive.
Top Expert 2006

Commented:
the client machine should point to the server for dns.

And Ease up Leew...but he is right, did you try the wizards? either way, the client needs to be able to resolve the server name.

Good Luck,

Hypercat (Deb)President
CERTIFIED EXPERT

Commented:
Although many SBS2003 wizards are very helpful, I have to agree with dooleydog on the "ease up" comment - they are not the be-all and end-all of the universe and personally I still prefer to do a lot of things manually as the wizards often do not meet the needs of my clients.  You do need to be able to  understand what the wizards are doing, though, to understand SBS.  That said, you should be able to join a workstation to the domain manually without any problems.  Since SBS 2003 was installed by someone else, there may be some group policy or security settings that are preventing you from adding a computer to the domain.  

What user ID are you using to do this?  Since those are group policy processing errors, this might indicate that the user ID you used doesn't have the appropriate NTFS permissions to process group policies. If you were trying to join the domain with a non-administrative user ID, try using the domain admin user ID and see if that works.

One thing I would try is to turn off ALL of the group policies that are automatically created by SBS (there are quite a few), and then try joining the domain again.  If this works, you'll need to check through the group policies to find the setting that was causing the problem.
Can you post an IPconfig/all from server and workstation?
Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013

Commented:
dooleydog, hypercat

I used to manage a large network of 30+ Windows servers, NONE SBS.  Then I went off as a consultant.  My first major gig after leaving the day job was a small company using SBS 4.5.  We bought them a new server and installed it - using Enterprise class "thinking" in the setup - meaning we didn't use the wizards at all.  We wanted the OUs named more logically, we wanted US to do everything, NOT the SBS wizards.  I learned over time this causes TREMENDOUS problems.  The first of which was the changed OU names - it resulted in XP Pro logons taking literally an HOUR to complete.  Since then, I've done several more SBS installs and learned much.  And with FEW EXCEPTIONS, SBS REALLY SHOULD BE MANAGED THROUGH THE WIZARDS.  (For me, the only exception is the backup - and that's only because the backup wizard has no option for differentials - it's full or nothing).  Quite simply, in most instances, SBS systems that are not properly installed will result - sooner or later - in otherwise avoidable network and server problems.  I've experienced this first hand and I've seen other people's issues first hand when they don't use the wizards.

If you're working flawlessly without using the wizards, great... but you are by far the exception, not the rule.
Hypercat (Deb)President
CERTIFIED EXPERT

Commented:
Well, then, I guess I'm one of the exceptions.  I've had the opposite experience from yours, having found the wizards often causing more problems than they were worth, esp. in older versions of SBS.  They are much improved in SBS 2003.  Depends on your clients' requirements, probably.  Anyway, we'll agree to disagree or, maybe put it better by saying that we agree that diversity is a good thing...and if you ask two consultants the same question you'll get at least two different answers.
Top Expert 2006

Commented:
Leew,

This is supposed to be a friendly place, it sounds like you are attacking him and not really being helpful, BTW, it doesn't matter how many servers you manage, i help to manage 1800 DCs alone, not to mention member servers and such which together total more than 4000.

Author

Commented:
Some progress has been made, thanks for the help so far, but we need more advise.

NEW DISCOVERY:
We’ve noticed that WINS isn’t running and won’t start.  I haven’t used WINS in a domain for about four years and would just a soon not use it.  HOWEVER, this is SBS and we would like to get WINS running (if appropriate) and do things in the best SBS style.

We’re willing to go with the SBS wizard approach (we are Enterprise sysadmins by experience).  There is a certain sense of loss of control, however.  The reason we tried the manual approach was that the //server/connectcomputer didn’t understand installed CICSO and CheckPoint VPN clients.  We uninstalled those clients and made some progress.

The //server/connectcomputer wizard fails with the meaningless message, “An error occurred when configuring network settings.  See your network administrator”.  (It failed to migrate the user settings but, we skipped that).

PING and NSLOOKUP both work well for any name or IP mentioned in the responses and for all external references.

Netlogon service was restarted.

We’ve been looking at the lwcomputing site tips.  THANKS!

We haven’t yet tried turning off the automatically created SBS Group Policies.

As for brand name versus white box.  I agree, “ceteris paribus”, that something like a Dell with a great service contract can’t be beat.  But, alas, sometimes it is necessary to work under less than ideal conditions because of outside influences.

---------------------------------------------------
Windows IP Configuration

        Host Name . . . . . . . . . . . . : workstation
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : business.local

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : business.local
        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
        Physical Address. . . . . . . . . : 00-11-43-7E-F2-01
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.0.101
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.1
        DHCP Server . . . . . . . . . . . : 192.168.0.2
        DNS Servers . . . . . . . . . . . : 192.168.0.2
        Primary WINS Server . . . . . . . : 192.168.0.2
        Lease Obtained. . . . . . . . . . : Thursday, January 04, 2007 6:02:53 PM
        Lease Expires . . . . . . . . . . : Thursday, January 12, 2007 6:11:53 PM

---------------------------------------------------
Windows IP Configuration

   Host Name . . . . . . . . . . . . : SERVER
   Primary Dns Suffix  . . . . . . . : business.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : business.local

Ethernet adapter Network Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 PM Network Connection
   Physical Address. . . . . . . . . : 00-15-17-03-07-22
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.2
   Primary WINS Server . . . . . . . : 192.168.0.2
What error messages do you see in the event log when you try to start the WINS process? Or does it just hang in the "Starting" state?
To fix Wins: http://support.microsoft.com/kb/822048
After that following the links leew has supplied.
Turn off any other dhcp's other than SBS,
Make sure dhcp is running and configured properly.
In server console> Internet> change server IP address. Reset that (I always use the default 192.168.16.2 but you can use whatever.)
Run the Internet connection wizard (under to do in the server console)
On your server lan: remove default gateway address.

On the workstation Lan: Make sure you have the following enabled under tcp/ip :Automatic IP, dhcp enabled, enable netbios over tcp/ip.

Join a workgroup with workstation>restart.

On server console>computers>configure a computer>(add a unique new account)> don't set up a computer at this time.

Go back to workstation: in IE: type, http://your server name or IP/connectcomputer and follow the prompts.
Hope that helps.
OlafDC
Lee W, MVPTechnology and Business Process Advisor
CERTIFIED EXPERT
Most Valuable Expert 2013
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
Okay, I'll chime in here since leew has gotten the "ease up" comment that he once said to me!  He even started using CAPS to emphasize stuff, which I have been accused of as well... since there is no other option here at EE.

I really just want to second everything that leew has stated above.  There is no room for egos in deploying and configuring a server for small business.  Therefore, it only makes sense to look around and see that, in fact, SBS 2003 is not like it's predecessors, and it actually WORKS when configured as it was designed.  Only when you try to make SBS fit an enterprise server model will it resist and cause you innumerable headaches.  

Barnabus2006, since this is your question, I'll attempt to give you a proper answer.  Your question has two points which I think are the problem:

1.  "AD seems to have some issues."
2.  "We tried to "manually" join an XP Pro system"

If you've monkeyed at all with the default configuration of AD, such as renaming the MyBusiness OU or creating users that aren't in the MyBusiness\Users\SBSUsers OU or computers that aren't in the MyBusiness\Computers\SBSComputers OU, then you'll have problems and will need to undo any of those configurations you made.

Since you've tried to manually joine the system, you now have to change it's name.  This is because SBS uses a number of config files to help manage client workstations and while it's technically possible to go into all of those files and modify them, it's much easier to just use a different name.  You will also need to remove the workstation from the domain before you can use connectcomputer.  So the steps are thus:

At the client machine:
1.  Log in with THAT machine's LOCAL administrator account.
2.  Unjoin the domain into a WORKGROUP
3.  Change the name of the computer (this is not an option, you must use a name that is unique and hasn't been used before on your SBS)
4.  Delete or rename the following directory C:\Program Files\Microsoft Windows Small Business Server\Clients if it exists
5.  Make sure that the network settings are configured to get an IP address automatically (DHCP enabled)
6.  Reboot

Then on the server, from the Server Management Console:
1.  Remove the client computers if it still shows in the Client Computer screen on the Server Management Console
2.  Add the client with it's NEW name using the Add Computer wizard

Then, go back to the client machine, log back in with the local Administrator account and join the domain by opening Internet Explorer and navigating to http://<servername>/connectcomputer

For those of you that want to know how the wizards actually work... you can review my answer to leews pressing question about SBS's "Unified" architechture;  http:Q_21831460.html.  At the bottom of that question is a link to download the Installation Guide which is no longer available but has a complete detailed explanation of the wizard architecture, that will help you to understand how powerful these things are.

Jeff
TechSoEasy
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
One other thing that I see is that it looks like you manually created your DHCP Scope instead of allowing SBS to do it.  If that's the case, you want to make sure that the following options are configured:

Address Pool: 192.168.0.1 to 192.168.0.254
Scope Options:
003 Router 192.168.0.1
006 DNS Servers 192.168.0.2
015 DNS Domain Name business.local
044 WINS/NBNS Servers 192.168.0.2
046 WINS/NBT Node Type 0x8

Then, make sure that there is an exclusion range of 192.168.0.1 - 192.168.0.9.  

Run the CEICW followed by the Remote Access Configuration Wizard which will then set up the proper RRAS reservations.

Jeff
TechSoEasy

Author

Commented:
Whew! That is a lot of information to process.

We appreciate the professional nature of your comments and the education about taking an SBS approach to this matter.  This is a paradigm shift when it comes to systems administration.  From our SBS initiates’ perspective, it is difficult to debug an install when the management is wizard driven.  Obviously, we messed up somewhere and the mechanism to rectify the situation isn’t wizard driven.  Toward this end we agree it would be best to bench test the installation a few times (given a perfect world and adequate time).  SO…, we will definitely go back and take the time to do this AFTER this installation works. [We’re rather under gun right now to get this installation to work, however]

Right now, we’ll check out WINS (event log entries) and DHCP (we did trash the original and “roll our own”) and then pick up on some of the other guidance everyone has provided.

TechSoEasy
We have yet to join anything to the domain.  But we will make sure of the uniqueness of our next attempt.  This attempt will use the wizard approach. [We want to adopt the SBS way of administration].  

QUESTION: It appears we must first have a user and computer set up on the SBS server (through the server wizards), RIGHT?

TechSoEasy
We were assuming we had AD issues. But we haven’t manually changed any AD settings (via ADSIedit or other direct means).  So at least we haven’t shot ourselves in the foot there.

THANKS AGAIN for everyone’s input!!!
Principal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
Lastly, I didn't see it linked here specifically.... but you MUST check out http://sbsurl.com/itpro for an overview of SBS for Enterprise Admins.

Jeff
TechSoEasy

Commented:
Make sure that you have File and Printer Sharing checked on the Network Interface Properties.

I ran into this same problem last night.  We specialize in SBS and have done many installations.  We used all of the Wizards, and aside from attempting to restore some Exchange Mailboxes from their old server, didn't depart from the text at all.  After a long night, I discovered this morning that File and Printer Sharing was not checked on the Network Interface.  Solved all of our problems so far...  

I don't have any idea why it was not selected, we didn't turn it off.

Hopefully this helps.

Cheers!

Author

Commented:
We've rarely run across a more compelling reason to Read That Fine Manual (RTFM) than installing SBS. TechSoEasy has provided some good links. We have looked at some publications but none have been revised for Release 2 of SBS.  We assume the general concepts will apply.  We have reloaded and resolved the issues related to this question.  Now we have MS Exchange and firewall issues.  It appears the wizards are a must!
Jeffrey Kane - TechSoEasyPrincipal Consultant
CERTIFIED EXPERT
Most Valuable Expert 2016
Top Expert 2014

Commented:
Yes, the wizards are a must!  I can't say that enough!  The general concepts do still apply and R2 basically has additional features which are well documented elsewhere, so you would still follow the methodology provided in those books.

Jeff
TechSoEasy
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.