Machine will not recognize domain and cannot rejoin domain
BACKGROUND:
The network in question has 3 domain controllers 2 are Windows 2003 Server and 1 is Windows 2000 Server. The W2k Server DC is in a remote location we will call T-Town, and has a Frame Realay connection to a location we will call W-Town. The other 2 W2k3 DC servers are in W-Town and on the same subnet. T-Town uses different subnet than W-Town but the DCs all work together to service requests for both locations and the Domain Name is the same at both locations. Basically the T-Town network is a remote extension of the W-Town network and has a DC in case the Frame Relay were to go down that way the networks could function independantly. The client machines all run Windows XP SP2 Pro.
THE PROBLEM:
In both T-Town and W-Town I can add machines to the domain and currently have no known issues whith the networks nor any of their resources. However it has happened twice now that two different users who from time to time take their Domain Joined Laptop home to do some work; have come back into the network to find that none of their network drives will map and no network resources are available to them. Also their computer no longer recognizes that the domain nor it's resources exists; However the machine can use the internet and I can use VNC to access the machine remotely, so the network card appears to be functioning properally.
TROUBLE SHOOTING:
I verified that the user was logged on to their machine with Domain Cerdentials. They were and were able to loginto the machine but likely using cached credentials, since I could not use a Domain account to loginto the machine that had not logged in there before.
I preformed a reboot of the machine and had the user logon (with Domain Credentials), log off and then back on again, attempting to ensure network card had properally initialized before login process began; This made no differance.
While logged in with User's Domain Credentials I was able to use the internet and ping network IP addresses sucessfully even those of the domain controllers.
While logged in as User I attempted to access several Network Shares. I was not able to and was not prompted to authenticate as one may expect you would be if the resource existed and there was problem with a security token or something of that nature, rather it could not find the resource as though it didn't exist.
I dropped the machine from the Domain and then attempted to re-add it to the domain. Upon rejoin attempt I would get an error stating that the domain controller did not exist.
I tried many other things that may not be relavent...
Then I booted the computer on the Windows install CD and did a repair on the OS, the first repair didn't work, the second level of the repair process did fix the issue and I was able to re-join the domain; however after a week of use the same thing happened again to the same computer. At this point I assumed that it could be a Virus because the machine had left the network both times. I ran several different AntiVirus and SpyWare remover tools and the computer came up clean every time. Finally I formatted and reloaded the system and it has been functioning fine since (about 2 months).
Now I have another computer that is doing the same thing and there seems to be no reason for it and it seems not to be fixable except for an OS Reload. This doesn't seem to be just a fluke and I am dumbfounded as to what can be causing it outside of a possible unidentified computer virus.
THE QUESTION:
Assuming that a virus is not to blame, what is causing this, how can it be prevented and how do I fix it without rebuilding the OS?
The network in question has 3 domain controllers 2 are Windows 2003 Server and 1 is Windows 2000 Server. The W2k Server DC is in a remote location we will call T-Town, and has a Frame Realay connection to a location we will call W-Town. The other 2 W2k3 DC servers are in W-Town and on the same subnet. T-Town uses different subnet than W-Town but the DCs all work together to service requests for both locations and the Domain Name is the same at both locations. Basically the T-Town network is a remote extension of the W-Town network and has a DC in case the Frame Relay were to go down that way the networks could function independantly. The client machines all run Windows XP SP2 Pro.
THE PROBLEM:
In both T-Town and W-Town I can add machines to the domain and currently have no known issues whith the networks nor any of their resources. However it has happened twice now that two different users who from time to time take their Domain Joined Laptop home to do some work; have come back into the network to find that none of their network drives will map and no network resources are available to them. Also their computer no longer recognizes that the domain nor it's resources exists; However the machine can use the internet and I can use VNC to access the machine remotely, so the network card appears to be functioning properally.
TROUBLE SHOOTING:
I verified that the user was logged on to their machine with Domain Cerdentials. They were and were able to loginto the machine but likely using cached credentials, since I could not use a Domain account to loginto the machine that had not logged in there before.
I preformed a reboot of the machine and had the user logon (with Domain Credentials), log off and then back on again, attempting to ensure network card had properally initialized before login process began; This made no differance.
While logged in with User's Domain Credentials I was able to use the internet and ping network IP addresses sucessfully even those of the domain controllers.
While logged in as User I attempted to access several Network Shares. I was not able to and was not prompted to authenticate as one may expect you would be if the resource existed and there was problem with a security token or something of that nature, rather it could not find the resource as though it didn't exist.
I dropped the machine from the Domain and then attempted to re-add it to the domain. Upon rejoin attempt I would get an error stating that the domain controller did not exist.
I tried many other things that may not be relavent...
Then I booted the computer on the Windows install CD and did a repair on the OS, the first repair didn't work, the second level of the repair process did fix the issue and I was able to re-join the domain; however after a week of use the same thing happened again to the same computer. At this point I assumed that it could be a Virus because the machine had left the network both times. I ran several different AntiVirus and SpyWare remover tools and the computer came up clean every time. Finally I formatted and reloaded the system and it has been functioning fine since (about 2 months).
Now I have another computer that is doing the same thing and there seems to be no reason for it and it seems not to be fixable except for an OS Reload. This doesn't seem to be just a fluke and I am dumbfounded as to what can be causing it outside of a possible unidentified computer virus.
THE QUESTION:
Assuming that a virus is not to blame, what is causing this, how can it be prevented and how do I fix it without rebuilding the OS?
samirise
To me it almost sounds like there is a TCP/IP setting or corruption. You might try running winsock fix and the netsh commands. I can provide more info if you want. If they are joining another network elsewhere, they may also be mucking about with the settings.
ASKER
Samirise thanks for your comment.
Their IP addressing is set to Dynamic and the network they are using outside of the Corporate one is little more than a store bought router plugged into a cable modem if even that.
I will try the winsock fix that you recomend tomorrow when the PC is in my possession.
As far as netsh which netsh commands do you recomend?
Their IP addressing is set to Dynamic and the network they are using outside of the Corporate one is little more than a store bought router plugged into a cable modem if even that.
I will try the winsock fix that you recomend tomorrow when the PC is in my possession.
As far as netsh which netsh commands do you recomend?
I suspect it could be a issue with the computer name on the ADS. If you have a domain where you create a computername on ADS before adding the system to the Domain. Then try to disjoin the computer from domain, then delete the computer name from the ADS and recreate the computer name and try joining the computer to domain.
Also try domainname.com while adding the system to the domain.
Also try domainname.com while adding the system to the domain.
ASKER
Yogalingam thanks for the comment.
I have already tried all of the things you mentioned and that did not work.
I even went as far as to remove all traces of the machine in AD, DNS and it's DHCP lease and that did not work.
I also tried using the two methods for refering to the domain and neither one worked. Both methods claimed that No Domain Controller Existed and/or Could be contacted.
I have already tried all of the things you mentioned and that did not work.
I even went as far as to remove all traces of the machine in AD, DNS and it's DHCP lease and that did not work.
I also tried using the two methods for refering to the domain and neither one worked. Both methods claimed that No Domain Controller Existed and/or Could be contacted.
Then i suspect its a NetBIOS issue, i dont know if you have tried this.
You can try this if you have not tried already. Try Enabling NetBIOS over TCP/IP on the WINS tab in the TCP/IP Properties dialog box
You can try this if you have not tried already. Try Enabling NetBIOS over TCP/IP on the WINS tab in the TCP/IP Properties dialog box
ASKER
Yogalingam,
I had not tried Enabling the NetBIOS over TCP/IP on the WINS tab.
I will give that a try tomorrow when I have the laptop.
Thanks.
I had not tried Enabling the NetBIOS over TCP/IP on the WINS tab.
I will give that a try tomorrow when I have the laptop.
Thanks.
ASKER
Yogalingam,
I tried Enabling the NetBIOS over TCP/IP on the WINS tab and that did not work.
I tried Enabling the NetBIOS over TCP/IP on the WINS tab and that did not work.
ASKER
Samirise,
I ran winsock fix and that did not work. Still having the same problem.
I also went through some things on the netsh command and did not find anything usefull.
I ran winsock fix and that did not work. Still having the same problem.
I also went through some things on the netsh command and did not find anything usefull.
Deoji, Run this command and see if it helps:
netsh int ip reset c:\resetlog.txt from a command prompt. Try rebooting afterwards, or disabling and re-enabling NIC.
netsh int ip reset c:\resetlog.txt from a command prompt. Try rebooting afterwards, or disabling and re-enabling NIC.
oh Sorry, you posted at the same time I did. That answers that, unless you did not reboot afterwards.
Also, please indicate which AV programs and AS you are using?
ASKER
ADDITIONAL TROUBLESHOOTING:
Here is the dump from a NETDIAG Command, I removed some unnessicery information:
--------------------------
Adapter : Local Area Connection
Netcard queries test . . . : Passed
IP Address . . . . . . . . : 10.30.111.163
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.30.111.1
Dns Servers. . . . . . . . : 10.30.111.10
10.30.111.247
10.30.110.10
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
Dns domain name is not specified.
Dns forest name is not specified.
NetBT transports test. . . . . . . : Failed
List of NetBt transports currently configured:
[FATAL] Unable to retrieve transport list from Redir. [ERROR_NETWORK_UNREACHABLE
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Failed
[FATAL] Failed to read NBT interface info from the registry.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
Redir and Browser test . . . . . . : Failed
List of NetBt transports currently bound to the Redir
[FATAL] Unable to retrieve transport list from Redir. [ERROR_NETWORK_UNREACHABLE
List of NetBt transports currently bound to the browser
[FATAL] The browser isn't bound to any NetBt transports.
[FATAL] Cannot send mailslot message to '\\TC-PM113-00\MAILSLOT\NE
DC discovery test. . . . . . . . . : Skipped
DC list test . . . . . . . . . . . : Skipped
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Skipped
LDAP test. . . . . . . . . . . . . : Skipped
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
Service status is: Started
Service startup is: Automatic
IPSec service is available, but no policy is assigned or active
Note: run "ipseccmd /?" for more detailed information
The command completed successfully
--------------------------
It appears that the problem could be related to NetBT, but I am not for sure.
I ran nbtstat at the command prompt and I got the following message:
Failed to access NetBT Driver -- NetBT May not be loaded.
Any ideas?
Here is the dump from a NETDIAG Command, I removed some unnessicery information:
--------------------------
Adapter : Local Area Connection
Netcard queries test . . . : Passed
IP Address . . . . . . . . : 10.30.111.163
Subnet Mask. . . . . . . . : 255.255.255.0
Default Gateway. . . . . . : 10.30.111.1
Dns Servers. . . . . . . . : 10.30.111.10
10.30.111.247
10.30.110.10
AutoConfiguration results. . . . . . : Passed
Default gateway test . . . : Passed
WINS service test. . . . . : Skipped
There are no WINS servers configured for this interface.
Global results:
Domain membership test . . . . . . : Passed
Dns domain name is not specified.
Dns forest name is not specified.
NetBT transports test. . . . . . . : Failed
List of NetBt transports currently configured:
[FATAL] Unable to retrieve transport list from Redir. [ERROR_NETWORK_UNREACHABLE
Autonet address test . . . . . . . : Passed
IP loopback ping test. . . . . . . : Passed
Default gateway test . . . . . . . : Passed
NetBT name test. . . . . . . . . . : Failed
[FATAL] Failed to read NBT interface info from the registry.
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
Redir and Browser test . . . . . . : Failed
List of NetBt transports currently bound to the Redir
[FATAL] Unable to retrieve transport list from Redir. [ERROR_NETWORK_UNREACHABLE
List of NetBt transports currently bound to the browser
[FATAL] The browser isn't bound to any NetBt transports.
[FATAL] Cannot send mailslot message to '\\TC-PM113-00\MAILSLOT\NE
DC discovery test. . . . . . . . . : Skipped
DC list test . . . . . . . . . . . : Skipped
Trust relationship test. . . . . . : Skipped
Kerberos test. . . . . . . . . . . : Skipped
LDAP test. . . . . . . . . . . . . : Skipped
Bindings test. . . . . . . . . . . : Passed
WAN configuration test . . . . . . : Skipped
No active remote access connections.
Modem diagnostics test . . . . . . : Passed
IP Security test . . . . . . . . . : Passed
Service status is: Started
Service startup is: Automatic
IPSec service is available, but no policy is assigned or active
Note: run "ipseccmd /?" for more detailed information
The command completed successfully
--------------------------
It appears that the problem could be related to NetBT, but I am not for sure.
I ran nbtstat at the command prompt and I got the following message:
Failed to access NetBT Driver -- NetBT May not be loaded.
Any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If so, the last fix is to remove TCP/IP, replace with NWLink or similar. Reboot and Reinstall TCP/IP. That nearly always fixes these issues.
ASKER
Samirise,
I thought I did reboot after running the NETSH command but I think I must not have because I did it again and made sure I rebooted the machine and was able to join the machine to the domain...
I was very excited to see that but the excitement was short lived.
Joining a machine to the domain requires a reboot.
Well after the reboot that was needed after the join the computer came up and let me login as a domain account but then when windows had fully loaded I could not access any network resources.
So I disjoined the computer from the domain (Sucessfully) and then attempted to rejoin the domain and found I was back to my original problem.
I again ran the Netsh command and rebooted and again was able to join the domain and then again after the reboot following the join was not able to contact the domain. I did this several times every time the exact samething.
At this point I am wondering if a Virus could be to blame.
I found very suspicious keys in the registry and when I tried to remove those keys (even in safe mode) they kept reappearing. I even tried MSCONFIG to keep things from running that may be potentially putting the keys back in and still they would reappear.
The machine did have Symantec AV (I'm not a Symantec AV fan) but upon further investigation I belive the AV was corrupted and is no longer capable of finding anything.
I will give the ReInstall of TCP/IP a try.
Weather or not that works Samirise you have helped me repair the problem even though something else is recausing it shortly after. I am needing this laptop fixed by the end of the day so if it is Viral at this point I would rather rebuild the system because I know that will fix that issue.
Last time I had this problem with a computer I installed several different AV softwares and none of them found anything so Rebuild seems the safest bet.
Samirise you will get credit for the solution I am just going to wait til I try the reinstall of TCP/IP so I know which of your two solutions to credit as the best answer.
Thanks for all your help.
I thought I did reboot after running the NETSH command but I think I must not have because I did it again and made sure I rebooted the machine and was able to join the machine to the domain...
I was very excited to see that but the excitement was short lived.
Joining a machine to the domain requires a reboot.
Well after the reboot that was needed after the join the computer came up and let me login as a domain account but then when windows had fully loaded I could not access any network resources.
So I disjoined the computer from the domain (Sucessfully) and then attempted to rejoin the domain and found I was back to my original problem.
I again ran the Netsh command and rebooted and again was able to join the domain and then again after the reboot following the join was not able to contact the domain. I did this several times every time the exact samething.
At this point I am wondering if a Virus could be to blame.
I found very suspicious keys in the registry and when I tried to remove those keys (even in safe mode) they kept reappearing. I even tried MSCONFIG to keep things from running that may be potentially putting the keys back in and still they would reappear.
The machine did have Symantec AV (I'm not a Symantec AV fan) but upon further investigation I belive the AV was corrupted and is no longer capable of finding anything.
I will give the ReInstall of TCP/IP a try.
Weather or not that works Samirise you have helped me repair the problem even though something else is recausing it shortly after. I am needing this laptop fixed by the end of the day so if it is Viral at this point I would rather rebuild the system because I know that will fix that issue.
Last time I had this problem with a computer I installed several different AV softwares and none of them found anything so Rebuild seems the safest bet.
Samirise you will get credit for the solution I am just going to wait til I try the reinstall of TCP/IP so I know which of your two solutions to credit as the best answer.
Thanks for all your help.
I have had multiple TCP/IP stack corruptions on systems running Sym NAV. I dont know if it is specifically to blame or not. I would definitely try uninstalling that particular program, then try something like AVG, free.grisoft.com for the time being. I am glad it at least worked a little bit... it definitely narrows down the problem.
ASKER
THE ANSWER: (clarification for those with simmilar problems)
Run the following at the command prompt then reboot computer right after:
netsh interface ip reset c:\resetlog.txt
(command provided by Samirise, syntax needed slight correction; 'int' substituted for 'interface')
After reboot login as local administrator and join computer to the domain.
Thanks again, Samirise.
Run the following at the command prompt then reboot computer right after:
netsh interface ip reset c:\resetlog.txt
(command provided by Samirise, syntax needed slight correction; 'int' substituted for 'interface')
After reboot login as local administrator and join computer to the domain.
Thanks again, Samirise.