spooky-mulder
asked on
Clients can't join SBS2003 R2 Prem.
Here the deal
I’ve got a newly installed SBS 2003 R2 Prem – everything installed – in perfectly working condition except for the fact that the bloody clients won’t join the domain.
What I experience is this
The join command creates the machineaccount in the AD but then fails to connect the client to the account, ends up disabling the account in AD and drops me an error description like “RPC failed” although RPSS is running smoothly and can be easily reached through telnet.
I’ve tried to join in any possible way I can think of – e.g. using the SBS wizard,from the client including using netdom and even vbs scripts.
Having googled for 2 days now and throwing just about any variation of dcdiag/netdiag at my server I’m at a complete loss.
I’ve narrowed the problem down to 2 things – I guess – but don’t hold back on further suggestions:
Problem 1
Netsetup.log shows terminates after this error:
NetpGetComputerObjectDn: Unable to bind to DS on '\\ABINTFS1': 0x6be
This is weird as dcdiag and netdiag shows no such problems on the server.
Problem 2
netdiag /test:DsGetDc /d:mba-aalborg.local /v
shows that DC’s address as the WAN side of the server .
I’ve tried to disable the WAN Side NIC which solved this problem temporarily but it didn’t fix the joining issue.
I’ve included some documentation from the client as well as the server, hope it’s sufficient otherwise please feel free to request more info.
As for how many points is at stake – well what’s the maximum limit?
Client:
Win XP Pro SP2 - FW disabled
C:\Programmer\Support Tools>nltest /dsgetdc:mba-aalborg.local
DC: \\abintfs1.mba-aalborg.loc
Address: \\10.0.0.2
Dom Guid: f66211d3-4f94-4d83-a729-7b
Dom Name: mba-aalborg.local
Forest Name: mba-aalborg.local
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST
CLOSE_SITE
The command completed successfully
C:\>ipconfig /all
Windows IP-konfiguration
Værtsnavn. . . . . . . . . . . . . . . . . . : Dorthe
Primært DNS-suffiks. . . . . . . . . . . . . :
Nodetype . . . . . . . . . . . . . . . . . . : Hybrid
IP-routing aktiveret . . . . . . . . . . . . : Nej
WINS-proxy aktiveret . . . . . . . . . . . . : Nej
Søgeliste for DNS-suffiks. . . . . . . . . . : mba-aalborg.local
Ethernet-netværkskort Trådløs netværksforbindelse:
Medietilstand. . . . . . . . . . . . . . . . : Mediet afbrudt
Beskrivelse. . . . . . . . . . . . . . . . . : Intel(R) PRO/Wireless 2915A
BG Network Connection
Fysisk adresse . . . . . . . . . . . . . . . : 00-12-F0-7D-5F-89
Ethernet-netværkskort LAN-forbindelse:
Forbindelsesspecifikt DNS-suffiks. . . . . . : mba-aalborg.local
Beskrivelse. . . . . . . . . . . . . . . . . : Marvell Yukon Gigabit Ether
net 10/100/1000Base-T Adapter, Copper RJ-45
Fysisk adresse . . . . . . . . . . . . . . . : 00-13-D4-BF-75-01
Dhcp aktiveret . . . . . . . . . . . . . . . : Ja
Automatisk konfiguration aktiveret . . . . . : Ja
IP-adresse . . . . . . . . . . . . . . . . . : 10.0.0.20
Undernetmaske. . . . . . . . . . . . . . . . : 255.255.255.0
Standardgateway. . . . . . . . . . . . . . . : 10.0.0.2
DHCP-server. . . . . . . . . . . . . . . . . : 10.0.0.2
DNS-servere. . . . . . . . . . . . . . . . . : 10.0.0.2
Primær WINS-server . . . . . . . . . . . . . : 10.0.0.2
Rettigheden opnået . . . . . . . . . . . . . : 1. februar 2007 08:32:28
Rettigheden udløber. . . . . . . . . . . . . : 9. februar 2007 08:32:28
NETSETUP.log
02/01 10:49:36 --------------------------
02/01 10:49:36 NetpDoDomainJoin
02/01 10:49:36 NetpMachineValidToJoin: 'DORTHE'
02/01 10:49:36 NetpGetLsaPrimaryDomain: status: 0x0
02/01 10:49:36 NetpMachineValidToJoin: status: 0x0
02/01 10:49:36 NetpJoinDomain
02/01 10:49:36 Machine: DORTHE
02/01 10:49:36 Domain: mbadom
02/01 10:49:36 MachineAccountOU: (NULL)
02/01 10:49:36 Account: mbadom\administrator
02/01 10:49:36 Options: 0x3
02/01 10:49:36 OS Version: 5.1
02/01 10:49:36 Build number: 2600
02/01 10:49:36 ServicePack: Service Pack 2
02/01 10:49:36 NetpValidateName: checking to see if 'mbadom' is valid as type 3 name
02/01 10:49:36 NetpCheckDomainNameIsValid
02/01 10:49:36 NetpValidateName: name 'mbadom' is valid for type 3
02/01 10:49:36 NetpDsGetDcName: trying to find DC in domain 'mbadom', flags: 0x1020
02/01 10:49:51 NetpDsGetDcName: failed to find a DC having account 'DORTHE$': 0x525
02/01 10:49:51 NetpDsGetDcName: found DC '\\ABINTFS1' in the specified domain
02/01 10:49:52 NetpJoinDomain: status of connecting to dc '\\ABINTFS1': 0x0
02/01 10:49:52 NetpGetLsaPrimaryDomain: status: 0x0
02/01 10:49:52 NetpGetDnsHostName: Read NV Hostname: Dorthe
02/01 10:49:52 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: mba-aalborg.local
02/01 10:49:52 NetpLsaOpenSecret: status: 0xc0000034
02/01 10:49:52 NetpManageMachineAccountWi
02/01 10:49:52 NetpManageMachineAccountWi
02/01 10:49:52 NetpJoinDomain: status of creating account: 0x0
02/01 10:49:52 NetpGetComputerObjectDn: Unable to bind to DS on '\\ABINTFS1': 0x6be
02/01 10:49:52 NetpSetDnsHostNameAndSpn: NetpGetComputerObjectDn failed: 0x6be
02/01 10:49:52 ldap_unbind status: 0x0
02/01 10:49:52 NetpJoinDomain: status of setting DnsHostName and SPN: 0x6be
02/01 10:49:52 NetpJoinDomain: initiaing a rollback due to earlier errors
02/01 10:49:52 NetpGetLsaPrimaryDomain: status: 0x0
02/01 10:49:52 NetpManageMachineAccountWi
02/01 10:49:52 NetpJoinDomain: rollback: status of deleting computer account: 0x0
02/01 10:49:52 NetpLsaOpenSecret: status: 0x0
02/01 10:49:52 NetpJoinDomain: rollback: status of deleting secret: 0x0
02/01 10:49:52 NetpJoinDomain: status of disconnecting from '\\ABINTFS1': 0x0
02/01 10:49:52 NetpDoDomainJoin: status: 0x6be
Server:
SBS 2003 R2 Prem
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : abintfs1
Primary Dns Suffix . . . . . . . : mba-aalborg.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : mba-aalborg.local
Ethernet adapter WAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 GT Desktop Adapter
Physical Address. . . . . . . . . : 00-0E-0C-B0-07-C8
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.102
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.100
DNS Servers . . . . . . . . . . . : 10.0.0.2
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter LAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-30-05-C6-13-78
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.0.0.2
Primary WINS Server . . . . . . . : 10.0.0.2
C:\>netdiag /test:DsGetDc /d:mba-aalborg.local /v
Gathering IPX configuration information.
Querying status of the Netcard drivers... Passed
Testing Domain membership... Passed
Gathering NetBT configuration information.
Testing DC discovery.
Looking for a DC
Looking for a PDC emulator
Looking for an Active Directory DC
Tests complete.
Computer Name: ABINTFS1
DNS Host Name: abintfs1.mba-aalborg.local
DNS Domain Name: mba-aalborg.local
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
Hotfixes :
Installed? Name
Yes KB893756
Yes KB896358
Yes KB896424
Yes KB896428
Yes KB898715
Yes KB899587
Yes KB899588
Yes KB899589
Yes KB899591
Yes KB900725
Yes KB901017
Yes KB901214
Yes KB902400
Yes KB904706
Yes KB904942
Yes KB905414
Yes KB908519
Yes KB908531
Yes KB908981
Yes KB909520
Yes KB910437
Yes KB911164
Yes KB911280
Yes KB911562
Yes KB911897
Yes KB911927
Yes KB912812
Yes KB912919
Yes KB914388
Yes KB914389
Yes KB914783
Yes KB917344
Yes KB917422
Yes KB917537
Yes KB917734
Yes KB917953
Yes KB918439
Yes KB918500
Yes KB920213
Yes KB920670
Yes KB920683
Yes KB920685
Yes KB921398
Yes KB921883
Yes KB922582
Yes KB922616
Yes KB922819
Yes KB923191
Yes KB923414
Yes KB923689
Yes KB923694
Yes KB923980
Yes KB924191
Yes KB924496
Yes KB925398_WMP64
Yes KB925454
Yes KB925486
Yes KB925876
Yes KB926247
Yes KB928388
Yes KB929120
Yes KB929969
Yes Q147222
Netcard queries test . . . . . . . : Passed
Information of Netcard drivers:
--------------------------
Description: Intel(R) PRO/1000 GT Desktop Adapter
Device: \DEVICE\{F6D2A97E-77C3-4A2
Media State: Connected
Device State: Connected
Connect Time: 00:14:55
Media Speed: 100 Mbps
Packets Sent: 41
Bytes Sent (Optional): 0
Packets Received: 77
Directed Pkts Recd (Optional): 18
Bytes Received (Optional): 0
Directed Bytes Recd (Optional): 0
--------------------------
Description: Broadcom NetXtreme Gigabit Ethernet
Device: \DEVICE\{5A9AFE79-5B28-493
Media State: Connected
Device State: Connected
Connect Time: 00:14:56
Media Speed: 100 Mbps
Packets Sent: 3419
Bytes Sent (Optional): 0
Packets Received: 3166
Directed Pkts Recd (Optional): 3160
Bytes Received (Optional): 0
Directed Bytes Recd (Optional): 0
--------------------------
[PASS] - At least one netcard is in the 'Connected' state.
Per interface results:
Adapter : LAN
Adapter ID . . . . . . . . : {5A9AFE79-5B28-493D-B548-D
Netcard queries test . . . : Passed
Adapter : WAN
Adapter ID . . . . . . . . : {F6D2A97E-77C3-4A23-8595-5
Netcard queries test . . . : Passed
Global results:
Domain membership test . . . . . . : Passed
Machine is a . . . . . . . . . : Primary Domain Controller Emulator
Netbios Domain name. . . . . . : MBADOM
Dns domain name. . . . . . . . : mba-aalborg.local
Dns forest name. . . . . . . . : mba-aalborg.local
Domain Guid. . . . . . . . . . : {F66211D3-4F94-4D83-A729-7
Domain Sid . . . . . . . . . . : S-1-5-21-574694495-3920518
Logon User . . . . . . . . . . : Administrator
Logon Domain . . . . . . . . . : MBADOM
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{5A9AFE79-5B28
1 NetBt transport currently configured.
DC discovery test. . . . . . . . . : Passed
Find DC in domain 'MBADOM':
Found this DC in domain 'MBADOM':
DC. . . . . . . . . . . : \\abintfs1.mba-aalborg.loc
Address . . . . . . . . : \\192.168.1.102
Domain Guid . . . . . . : {F66211D3-4F94-4D83-A729-7
Domain Name . . . . . . : mba-aalborg.local
Forest Name . . . . . . : mba-aalborg.local
DC Site Name. . . . . . : Default-First-Site-Name
Our Site Name . . . . . : Default-First-Site-Name
Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV WRITABLE DNS_D
C DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8
Find PDC emulator in domain 'MBADOM':
Found this PDC emulator in domain 'MBADOM':
DC. . . . . . . . . . . : \\abintfs1.mba-aalborg.loc
Address . . . . . . . . : \\192.168.1.102
Domain Guid . . . . . . : {F66211D3-4F94-4D83-A729-7
Domain Name . . . . . . : mba-aalborg.local
Forest Name . . . . . . : mba-aalborg.local
DC Site Name. . . . . . : Default-First-Site-Name
Our Site Name . . . . . : Default-First-Site-Name
Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV WRITABLE DNS_D
C DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8
Find Active Directory DC in domain 'MBADOM':
Found this Active Directory DC in domain 'MBADOM':
DC. . . . . . . . . . . : \\abintfs1.mba-aalborg.loc
Address . . . . . . . . : \\192.168.1.102
Domain Guid . . . . . . : {F66211D3-4F94-4D83-A729-7
Domain Name . . . . . . : mba-aalborg.local
Forest Name . . . . . . : mba-aalborg.local
DC Site Name. . . . . . : Default-First-Site-Name
Our Site Name . . . . . : Default-First-Site-Name
Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV WRITABLE DNS_D
C DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8
The command completed successfully
C:\>dcdiag /test:registerindns /dnsdomain:mba-aalborg.loc
Starting test: RegisterInDNS
DNS configuration is sufficient to allow this domain controller to
dynamically register the domain controller Locator records in DNS.
The DNS configuration is sufficient to allow this computer to dynamically
register the A record corresponding to its DNS name.
......................... abintfs1 passed test RegisterInDNS
I’ve got a newly installed SBS 2003 R2 Prem – everything installed – in perfectly working condition except for the fact that the bloody clients won’t join the domain.
What I experience is this
The join command creates the machineaccount in the AD but then fails to connect the client to the account, ends up disabling the account in AD and drops me an error description like “RPC failed” although RPSS is running smoothly and can be easily reached through telnet.
I’ve tried to join in any possible way I can think of – e.g. using the SBS wizard,from the client including using netdom and even vbs scripts.
Having googled for 2 days now and throwing just about any variation of dcdiag/netdiag at my server I’m at a complete loss.
I’ve narrowed the problem down to 2 things – I guess – but don’t hold back on further suggestions:
Problem 1
Netsetup.log shows terminates after this error:
NetpGetComputerObjectDn: Unable to bind to DS on '\\ABINTFS1': 0x6be
This is weird as dcdiag and netdiag shows no such problems on the server.
Problem 2
netdiag /test:DsGetDc /d:mba-aalborg.local /v
shows that DC’s address as the WAN side of the server .
I’ve tried to disable the WAN Side NIC which solved this problem temporarily but it didn’t fix the joining issue.
I’ve included some documentation from the client as well as the server, hope it’s sufficient otherwise please feel free to request more info.
As for how many points is at stake – well what’s the maximum limit?
Client:
Win XP Pro SP2 - FW disabled
C:\Programmer\Support Tools>nltest /dsgetdc:mba-aalborg.local
DC: \\abintfs1.mba-aalborg.loc
Address: \\10.0.0.2
Dom Guid: f66211d3-4f94-4d83-a729-7b
Dom Name: mba-aalborg.local
Forest Name: mba-aalborg.local
Dc Site Name: Default-First-Site-Name
Our Site Name: Default-First-Site-Name
Flags: PDC GC DS LDAP KDC TIMESERV WRITABLE DNS_DC DNS_DOMAIN DNS_FOREST
CLOSE_SITE
The command completed successfully
C:\>ipconfig /all
Windows IP-konfiguration
Værtsnavn. . . . . . . . . . . . . . . . . . : Dorthe
Primært DNS-suffiks. . . . . . . . . . . . . :
Nodetype . . . . . . . . . . . . . . . . . . : Hybrid
IP-routing aktiveret . . . . . . . . . . . . : Nej
WINS-proxy aktiveret . . . . . . . . . . . . : Nej
Søgeliste for DNS-suffiks. . . . . . . . . . : mba-aalborg.local
Ethernet-netværkskort Trådløs netværksforbindelse:
Medietilstand. . . . . . . . . . . . . . . . : Mediet afbrudt
Beskrivelse. . . . . . . . . . . . . . . . . : Intel(R) PRO/Wireless 2915A
BG Network Connection
Fysisk adresse . . . . . . . . . . . . . . . : 00-12-F0-7D-5F-89
Ethernet-netværkskort LAN-forbindelse:
Forbindelsesspecifikt DNS-suffiks. . . . . . : mba-aalborg.local
Beskrivelse. . . . . . . . . . . . . . . . . : Marvell Yukon Gigabit Ether
net 10/100/1000Base-T Adapter, Copper RJ-45
Fysisk adresse . . . . . . . . . . . . . . . : 00-13-D4-BF-75-01
Dhcp aktiveret . . . . . . . . . . . . . . . : Ja
Automatisk konfiguration aktiveret . . . . . : Ja
IP-adresse . . . . . . . . . . . . . . . . . : 10.0.0.20
Undernetmaske. . . . . . . . . . . . . . . . : 255.255.255.0
Standardgateway. . . . . . . . . . . . . . . : 10.0.0.2
DHCP-server. . . . . . . . . . . . . . . . . : 10.0.0.2
DNS-servere. . . . . . . . . . . . . . . . . : 10.0.0.2
Primær WINS-server . . . . . . . . . . . . . : 10.0.0.2
Rettigheden opnået . . . . . . . . . . . . . : 1. februar 2007 08:32:28
Rettigheden udløber. . . . . . . . . . . . . : 9. februar 2007 08:32:28
NETSETUP.log
02/01 10:49:36 --------------------------
02/01 10:49:36 NetpDoDomainJoin
02/01 10:49:36 NetpMachineValidToJoin: 'DORTHE'
02/01 10:49:36 NetpGetLsaPrimaryDomain: status: 0x0
02/01 10:49:36 NetpMachineValidToJoin: status: 0x0
02/01 10:49:36 NetpJoinDomain
02/01 10:49:36 Machine: DORTHE
02/01 10:49:36 Domain: mbadom
02/01 10:49:36 MachineAccountOU: (NULL)
02/01 10:49:36 Account: mbadom\administrator
02/01 10:49:36 Options: 0x3
02/01 10:49:36 OS Version: 5.1
02/01 10:49:36 Build number: 2600
02/01 10:49:36 ServicePack: Service Pack 2
02/01 10:49:36 NetpValidateName: checking to see if 'mbadom' is valid as type 3 name
02/01 10:49:36 NetpCheckDomainNameIsValid
02/01 10:49:36 NetpValidateName: name 'mbadom' is valid for type 3
02/01 10:49:36 NetpDsGetDcName: trying to find DC in domain 'mbadom', flags: 0x1020
02/01 10:49:51 NetpDsGetDcName: failed to find a DC having account 'DORTHE$': 0x525
02/01 10:49:51 NetpDsGetDcName: found DC '\\ABINTFS1' in the specified domain
02/01 10:49:52 NetpJoinDomain: status of connecting to dc '\\ABINTFS1': 0x0
02/01 10:49:52 NetpGetLsaPrimaryDomain: status: 0x0
02/01 10:49:52 NetpGetDnsHostName: Read NV Hostname: Dorthe
02/01 10:49:52 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: mba-aalborg.local
02/01 10:49:52 NetpLsaOpenSecret: status: 0xc0000034
02/01 10:49:52 NetpManageMachineAccountWi
02/01 10:49:52 NetpManageMachineAccountWi
02/01 10:49:52 NetpJoinDomain: status of creating account: 0x0
02/01 10:49:52 NetpGetComputerObjectDn: Unable to bind to DS on '\\ABINTFS1': 0x6be
02/01 10:49:52 NetpSetDnsHostNameAndSpn: NetpGetComputerObjectDn failed: 0x6be
02/01 10:49:52 ldap_unbind status: 0x0
02/01 10:49:52 NetpJoinDomain: status of setting DnsHostName and SPN: 0x6be
02/01 10:49:52 NetpJoinDomain: initiaing a rollback due to earlier errors
02/01 10:49:52 NetpGetLsaPrimaryDomain: status: 0x0
02/01 10:49:52 NetpManageMachineAccountWi
02/01 10:49:52 NetpJoinDomain: rollback: status of deleting computer account: 0x0
02/01 10:49:52 NetpLsaOpenSecret: status: 0x0
02/01 10:49:52 NetpJoinDomain: rollback: status of deleting secret: 0x0
02/01 10:49:52 NetpJoinDomain: status of disconnecting from '\\ABINTFS1': 0x0
02/01 10:49:52 NetpDoDomainJoin: status: 0x6be
Server:
SBS 2003 R2 Prem
C:\>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : abintfs1
Primary Dns Suffix . . . . . . . : mba-aalborg.local
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : mba-aalborg.local
Ethernet adapter WAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 GT Desktop Adapter
Physical Address. . . . . . . . . : 00-0E-0C-B0-07-C8
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.102
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.100
DNS Servers . . . . . . . . . . . : 10.0.0.2
NetBIOS over Tcpip. . . . . . . . : Disabled
Ethernet adapter LAN:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-30-05-C6-13-78
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.2
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 10.0.0.2
Primary WINS Server . . . . . . . : 10.0.0.2
C:\>netdiag /test:DsGetDc /d:mba-aalborg.local /v
Gathering IPX configuration information.
Querying status of the Netcard drivers... Passed
Testing Domain membership... Passed
Gathering NetBT configuration information.
Testing DC discovery.
Looking for a DC
Looking for a PDC emulator
Looking for an Active Directory DC
Tests complete.
Computer Name: ABINTFS1
DNS Host Name: abintfs1.mba-aalborg.local
DNS Domain Name: mba-aalborg.local
System info : Microsoft Windows Server 2003 (Build 3790)
Processor : x86 Family 15 Model 4 Stepping 3, GenuineIntel
Hotfixes :
Installed? Name
Yes KB893756
Yes KB896358
Yes KB896424
Yes KB896428
Yes KB898715
Yes KB899587
Yes KB899588
Yes KB899589
Yes KB899591
Yes KB900725
Yes KB901017
Yes KB901214
Yes KB902400
Yes KB904706
Yes KB904942
Yes KB905414
Yes KB908519
Yes KB908531
Yes KB908981
Yes KB909520
Yes KB910437
Yes KB911164
Yes KB911280
Yes KB911562
Yes KB911897
Yes KB911927
Yes KB912812
Yes KB912919
Yes KB914388
Yes KB914389
Yes KB914783
Yes KB917344
Yes KB917422
Yes KB917537
Yes KB917734
Yes KB917953
Yes KB918439
Yes KB918500
Yes KB920213
Yes KB920670
Yes KB920683
Yes KB920685
Yes KB921398
Yes KB921883
Yes KB922582
Yes KB922616
Yes KB922819
Yes KB923191
Yes KB923414
Yes KB923689
Yes KB923694
Yes KB923980
Yes KB924191
Yes KB924496
Yes KB925398_WMP64
Yes KB925454
Yes KB925486
Yes KB925876
Yes KB926247
Yes KB928388
Yes KB929120
Yes KB929969
Yes Q147222
Netcard queries test . . . . . . . : Passed
Information of Netcard drivers:
--------------------------
Description: Intel(R) PRO/1000 GT Desktop Adapter
Device: \DEVICE\{F6D2A97E-77C3-4A2
Media State: Connected
Device State: Connected
Connect Time: 00:14:55
Media Speed: 100 Mbps
Packets Sent: 41
Bytes Sent (Optional): 0
Packets Received: 77
Directed Pkts Recd (Optional): 18
Bytes Received (Optional): 0
Directed Bytes Recd (Optional): 0
--------------------------
Description: Broadcom NetXtreme Gigabit Ethernet
Device: \DEVICE\{5A9AFE79-5B28-493
Media State: Connected
Device State: Connected
Connect Time: 00:14:56
Media Speed: 100 Mbps
Packets Sent: 3419
Bytes Sent (Optional): 0
Packets Received: 3166
Directed Pkts Recd (Optional): 3160
Bytes Received (Optional): 0
Directed Bytes Recd (Optional): 0
--------------------------
[PASS] - At least one netcard is in the 'Connected' state.
Per interface results:
Adapter : LAN
Adapter ID . . . . . . . . : {5A9AFE79-5B28-493D-B548-D
Netcard queries test . . . : Passed
Adapter : WAN
Adapter ID . . . . . . . . : {F6D2A97E-77C3-4A23-8595-5
Netcard queries test . . . : Passed
Global results:
Domain membership test . . . . . . : Passed
Machine is a . . . . . . . . . : Primary Domain Controller Emulator
Netbios Domain name. . . . . . : MBADOM
Dns domain name. . . . . . . . : mba-aalborg.local
Dns forest name. . . . . . . . : mba-aalborg.local
Domain Guid. . . . . . . . . . : {F66211D3-4F94-4D83-A729-7
Domain Sid . . . . . . . . . . : S-1-5-21-574694495-3920518
Logon User . . . . . . . . . . : Administrator
Logon Domain . . . . . . . . . : MBADOM
NetBT transports test. . . . . . . : Passed
List of NetBt transports currently configured:
NetBT_Tcpip_{5A9AFE79-5B28
1 NetBt transport currently configured.
DC discovery test. . . . . . . . . : Passed
Find DC in domain 'MBADOM':
Found this DC in domain 'MBADOM':
DC. . . . . . . . . . . : \\abintfs1.mba-aalborg.loc
Address . . . . . . . . : \\192.168.1.102
Domain Guid . . . . . . : {F66211D3-4F94-4D83-A729-7
Domain Name . . . . . . : mba-aalborg.local
Forest Name . . . . . . : mba-aalborg.local
DC Site Name. . . . . . : Default-First-Site-Name
Our Site Name . . . . . : Default-First-Site-Name
Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV WRITABLE DNS_D
C DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8
Find PDC emulator in domain 'MBADOM':
Found this PDC emulator in domain 'MBADOM':
DC. . . . . . . . . . . : \\abintfs1.mba-aalborg.loc
Address . . . . . . . . : \\192.168.1.102
Domain Guid . . . . . . : {F66211D3-4F94-4D83-A729-7
Domain Name . . . . . . : mba-aalborg.local
Forest Name . . . . . . : mba-aalborg.local
DC Site Name. . . . . . : Default-First-Site-Name
Our Site Name . . . . . : Default-First-Site-Name
Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV WRITABLE DNS_D
C DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8
Find Active Directory DC in domain 'MBADOM':
Found this Active Directory DC in domain 'MBADOM':
DC. . . . . . . . . . . : \\abintfs1.mba-aalborg.loc
Address . . . . . . . . : \\192.168.1.102
Domain Guid . . . . . . : {F66211D3-4F94-4D83-A729-7
Domain Name . . . . . . : mba-aalborg.local
Forest Name . . . . . . : mba-aalborg.local
DC Site Name. . . . . . : Default-First-Site-Name
Our Site Name . . . . . : Default-First-Site-Name
Flags . . . . . . . . . : PDC emulator GC DS KDC TIMESERV WRITABLE DNS_D
C DNS_DOMAIN DNS_FOREST CLOSE_SITE 0x8
The command completed successfully
C:\>dcdiag /test:registerindns /dnsdomain:mba-aalborg.loc
Starting test: RegisterInDNS
DNS configuration is sufficient to allow this domain controller to
dynamically register the domain controller Locator records in DNS.
The DNS configuration is sufficient to allow this computer to dynamically
register the A record corresponding to its DNS name.
......................... abintfs1 passed test RegisterInDNS
ASKER
Hi Olafdc,
Been there, done that
When I restarted after having disabled the WAN card the DC connected properly but that didn’t solve the joining issue. And after having enabled the WAN card and restarted the server I’m back to square one.
I’ve just placed a support call at Microsoft on the problem, but hopefully You Guys will be able to solve it sooner.
Been there, done that
When I restarted after having disabled the WAN card the DC connected properly but that didn’t solve the joining issue. And after having enabled the WAN card and restarted the server I’m back to square one.
I’ve just placed a support call at Microsoft on the problem, but hopefully You Guys will be able to solve it sooner.
Are you using the wizards? Server Managemet> All the items in the TO DO List?
How did you create your users and computer accounts? Directly in AD? Try using add computer and new user wizards and than join with connect computer wizard?
Try doing this with wan NIC disabled for now. http://msmvps.com/blogs/bradley/archive/2005/01/23/33632.aspx
You might also have a faulty install.
OlafDC
How did you create your users and computer accounts? Directly in AD? Try using add computer and new user wizards and than join with connect computer wizard?
Try doing this with wan NIC disabled for now. http://msmvps.com/blogs/bradley/archive/2005/01/23/33632.aspx
You might also have a faulty install.
OlafDC
ASKER
Again … Been there, done that
I’ve tried it with and without wizards, the SBS way and from the client including netdom and vbs scripts.
I dread all this ends up with a FUBAR installation, although everything else seems to be in tip-top working condition.
I’ve tried it with and without wizards, the SBS way and from the client including netdom and vbs scripts.
I dread all this ends up with a FUBAR installation, although everything else seems to be in tip-top working condition.
See what MS Support says but it's not sounding good.
Can you ping server from workstations and nslookup server?
Can you post back with their findings?
Sorry but unless sitting in front of the machine it's hard to diagnose.
OlafDC
Can you ping server from workstations and nslookup server?
Can you post back with their findings?
Sorry but unless sitting in front of the machine it's hard to diagnose.
OlafDC
ASKER
ping and nslookup works like a charm to and from the client
seems like if it's DNS related it's between the dns and the AD
seems like if it's DNS related it's between the dns and the AD
Does the server have the 5 FSMO roles?
ASKER
have to run ntdsutil to check up on that.
But since it wasn't a migration what are the odds of it missing the roles - have you experienced that before?
What about the faulty registration of the WAN address as the DC adress, could that have f***** up the relation between DNS and AD in a way that doesn't allow for the server to fix it even when disabling the WAN NIC? And how wierd is that anyway with the LAN being on the top of the list for the NIC's binding order???
But since it wasn't a migration what are the odds of it missing the roles - have you experienced that before?
What about the faulty registration of the WAN address as the DC adress, could that have f***** up the relation between DNS and AD in a way that doesn't allow for the server to fix it even when disabling the WAN NIC? And how wierd is that anyway with the LAN being on the top of the list for the NIC's binding order???
Did you have a good look at your DNS? Done a reload? Is there any reference to your wan NIC in there, if so delete them. http://technet2.microsoft.com/WindowsServer/en/library/4e1c7b17-16ab-4e7d-a333-15befb15c82e1033.mspx?mfr=true
Re the FSMO roles: just wanted to see if your install was complete.
Olaf
Re the FSMO roles: just wanted to see if your install was complete.
Olaf
ASKER
no ref in the DNS to WAN NIC
will get back with the ntdsutil results
will get back with the ntdsutil results
ASKER
fsmo maintenance: select operation target
select operation target: list roles for connected server
Server "abintfs1" knows about 5 roles
Schema - CN=NTDS Settings,CN=ABINTFS1,CN=Se
ites,CN=Configuration,DC=m
Domain - CN=NTDS Settings,CN=ABINTFS1,CN=Se
ites,CN=Configuration,DC=m
PDC - CN=NTDS Settings,CN=ABINTFS1,CN=Se
s,CN=Configuration,DC=mba-
RID - CN=NTDS Settings,CN=ABINTFS1,CN=Se
s,CN=Configuration,DC=mba-
Infrastructure - CN=NTDS Settings,CN=ABINTFS1,CN=Se
ame,CN=Sites,CN=Configurat
select operation target: list roles for connected server
Server "abintfs1" knows about 5 roles
Schema - CN=NTDS Settings,CN=ABINTFS1,CN=Se
ites,CN=Configuration,DC=m
Domain - CN=NTDS Settings,CN=ABINTFS1,CN=Se
ites,CN=Configuration,DC=m
PDC - CN=NTDS Settings,CN=ABINTFS1,CN=Se
s,CN=Configuration,DC=mba-
RID - CN=NTDS Settings,CN=ABINTFS1,CN=Se
s,CN=Configuration,DC=mba-
Infrastructure - CN=NTDS Settings,CN=ABINTFS1,CN=Se
ame,CN=Sites,CN=Configurat
Hi Spooky,
This is all very spooky :). Have you heard from MS Support. If so what did they say.
Me personally I would reformat but I'll send an email to Jeff from TechSoEasy asking him to have a look. If he doesn't know I suspect not many people would.
Olaf
This is all very spooky :). Have you heard from MS Support. If so what did they say.
Me personally I would reformat but I'll send an email to Jeff from TechSoEasy asking him to have a look. If he doesn't know I suspect not many people would.
Olaf
Any errors in your event logs?
ASKER
Hi olafdc,
You're damn straight ;-) this one has got me all baffled as well.
MS tried to contact me today but I was unreachable at the time so I won't hear from them till monday.
Ofcourse I should reinstall, but besides the fact that it would cost me atleast 2 days of reconfiguring, I will not give it the satisfaction ;-) after all that doesn't kill you, makes you stronger
Spooky
You're damn straight ;-) this one has got me all baffled as well.
MS tried to contact me today but I was unreachable at the time so I won't hear from them till monday.
Ofcourse I should reinstall, but besides the fact that it would cost me atleast 2 days of reconfiguring, I will not give it the satisfaction ;-) after all that doesn't kill you, makes you stronger
Spooky
Looks to me like port 135 is blocked between your clients and the server. What kind of connection is there between those?
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
One other comment... make sure that any wireless interface is DISABLED during the connectcomputer phase.
It can be reenabled afterwards.
Jeff
TechSoEasy
It can be reenabled afterwards.
Jeff
TechSoEasy
ASKER
Hi Jeff,
Already been there, and done that.
- I can telnet port 135 back and forth
- the ISA is patched up
- The Wireless was disabled during the trial and error process, anyway I've tried it with various computers and the same result everytime.
I'm realy at a loss here ????
Spooky
Already been there, and done that.
- I can telnet port 135 back and forth
- the ISA is patched up
- The Wireless was disabled during the trial and error process, anyway I've tried it with various computers and the same result everytime.
I'm realy at a loss here ????
Spooky
What service pack do you have installed on ISA?
Jeff
TechSoEasy
Jeff
TechSoEasy
Also... you have gigabit adapters on each end, yet the speed shows only 100mbps. Are these set for "auto"? or 100Mbps? They should be set for "auto".
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER
This ISA runs 4.0.2163.213
The NIC's run auto the screen dumps are from a trial I did with a different switch (a 10/100) just to see if that did any difference.
The NIC's run auto the screen dumps are from a trial I did with a different switch (a 10/100) just to see if that did any difference.
Do you have more than one server in your network?
ASKER
Dear everyone,
The Problem has been solved by Microsoft.
The main problem was this:
887222 The ISA Server RPC filter blocks RPC traffic after Windows Server 2003 Service Pack 1 is installed on a computer that is running ISA Server 2004 or ISA Server 2000
http://support.microsoft.com/default.aspx?scid=kb;EN-US;887222
The tricky part was that the SP2 for ISA 2004 had been applied and showed up in the WSUS and under Help\about MS ISA Server 2004. But under ISA SVR ADM\View ISA SVR details it didn’t ??? as you can see by the patch level I posted earlier – didn’t catch it at the time though.
So basically the problem was due to a faulty patching of the ISA.
As for the points … suggestions anyone?
The Problem has been solved by Microsoft.
The main problem was this:
887222 The ISA Server RPC filter blocks RPC traffic after Windows Server 2003 Service Pack 1 is installed on a computer that is running ISA Server 2004 or ISA Server 2000
http://support.microsoft.com/default.aspx?scid=kb;EN-US;887222
The tricky part was that the SP2 for ISA 2004 had been applied and showed up in the WSUS and under Help\about MS ISA Server 2004. But under ISA SVR ADM\View ISA SVR details it didn’t ??? as you can see by the patch level I posted earlier – didn’t catch it at the time though.
So basically the problem was due to a faulty patching of the ISA.
As for the points … suggestions anyone?
Well, that's exactly the KB article that I recommended a couple of days ago.
Jeff
TechSoEasy
Jeff
TechSoEasy
ASKER
Correct,
If no one has any objections Jeff is now the proud owner of another 500 well earned credits - don't blow them all at once ;-)
Now to figure out what went wrong with the patching of the ISA Server....
If no one has any objections Jeff is now the proud owner of another 500 well earned credits - don't blow them all at once ;-)
Now to figure out what went wrong with the patching of the ISA Server....
1: Check your binding order in: Network Connections>Advanced> Advanced settings. Make sure your server NIC is first.
2: Disable your Wan NIC and restart server.
3: In Server Management>Internet and Email> Change server IP and enter same IP: 10.0.02 and run the wizard
4: Make sure you use the SBS DHCP :http://www.microsoft.com/technet/prodtechnol/sbs/2003/plan/gsg/appx_c.mspx
and turn off any other DHCP's from router or modem.
5: Enable your Wan NIC and run the Internet connection wizard in the server Management TO DO list.
http://www.sbs-rocks.com/sbs2k3/sbs2k3-n2.htm
If still issues post a new Netdiag.
Hope that helps,
OlafDC