[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cannot Join Domain

Posted on 2009-04-17
38
Medium Priority
?
533 Views
Last Modified: 2012-05-06
I usually setup a new install or XPSP3 as part of a work group to start, and then join it to the domain through the properties>computername>Change dialog.

I put in the domain name, it asks for credential,s and a few seconds later it says Welcom to <domain name>

I have a situation now where I'm trying to join a fresh install to the domain, and then it just hangs with the hour glass for a long time after i put in my credentials. I've repeated it with different Admin accounts and still the same thing. The attached screen cap is the error I finally get.

Changes recently made to the server recently are as follows:
Transfered FSMO Roles over from older DC
Synchronised server with Internet based clock.
Synchronised Each client with the same clock.
Microsoft update last night, needs reboot.
We are running Windows XP Clients and the DC in question is Windows Server 2003 R2

Please help!

Thanks,

JPertchik
JoiningDomainError.bmp
0
Comment
Question by:jpertchik
  • 18
  • 12
  • 2
  • +3
36 Comments
 
LVL 9

Expert Comment

by:cmorffew
ID: 24167364
what license model is the server running?
0
 

Author Comment

by:jpertchik
ID: 24167545
nt sure what you mean... we're taking seats, yes?
0
 

Author Comment

by:jpertchik
ID: 24167552
Sorry, i have a really lousy keyboard on mt LT
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 27

Expert Comment

by:bluntTony
ID: 24167589
Some questions for troublehsooting...

How many DCs do you have now? When you say you've sync the clients with the same clock, do you mean the internet time source? You should be syncing clients with your networks internal time source, typically your PDC emulator, which in turn can either use an external source or it's own internal clock.

Is DNS correctly configured on the client to look at the new DC? Is DNS up and running on this DC? Are the DCs DNS records (Host and SRV) registered correctly on the DC (try stop/starting the NETLOGON service on the DC to re-register them).

Have you successfully joined any clients to the domain since making your changes? Is the network traffic getting through to the new DC (try disabling windows firewall on the DC).
0
 

Author Comment

by:jpertchik
ID: 24167590
Windows Server 2003 Client Access License (Windows CAL)
0
 
LVL 3

Expert Comment

by:aligigi
ID: 24167598
It could be a dns problem. On your winXP computer network properties the dns server should be your domain controller's IP.
Is the dns on the domain controller set up correctly?
0
 
LVL 27

Expert Comment

by:bluntTony
ID: 24167648
Further to this, ensure that DNS is not holding any SRV records referring to the old DC, if you have now removed this from the network. If you removed it, did you successfully DCPROMO it before disconnecting it?
0
 

Author Comment

by:jpertchik
ID: 24167658
Screen Cap on server licenseing
license.bmp
0
 
LVL 9

Expert Comment

by:cmorffew
ID: 24167668
jpertchik,
check your DNS settings:

on the machine you are having issues connecting to the domain - run from command prompt - ipconfig /all

make sure the machine has a valid IP address and the settings look correct for your domain.
0
 

Author Comment

by:jpertchik
ID: 24167670
All i did was transfer the roles. I did not Demote it.
0
 
LVL 9

Expert Comment

by:cmorffew
ID: 24167674
Ok - Licensing should not be an issue.
0
 

Author Comment

by:jpertchik
ID: 24167696
All is as it should be IP wise:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Setup>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : jpertchik
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : owprnetwork.local
                                            hsd1.va.comcast.net

Ethernet adapter Local Area Connection 2:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
        Physical Address. . . . . . . . . : 00-10-18-0C-3F-16
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.145
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 192.168.1.15
                                            192.168.1.14
        Lease Obtained. . . . . . . . . . : Friday, April 17, 2009 9:36:31 AM
        Lease Expires . . . . . . . . . . : Friday, April 17, 2009 10:36:31 AM

Ethernet adapter Wireless Network Connection 2:

        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : Compact Wireless-G USB Network Adapt
er
        Physical Address. . . . . . . . . : 00-23-69-0E-E2-29

C:\Documents and Settings\Setup>
0
 

Author Comment

by:jpertchik
ID: 24167718
I'm worried about the time server issue. I did sync all m,achines in the domain to an external internet server. Not the DCF and then all clients to the DC
0
 

Author Comment

by:jpertchik
ID: 24167734
In other words, Heirarchical daisy chain from Internet source to DC, to client.

I have everyone synched directly to the internet seerver
0
 
LVL 9

Expert Comment

by:cmorffew
ID: 24167807
run this on the machine
w32tm /monitor

it will tell you where it is getting the time from
0
 
LVL 9

Expert Comment

by:cmorffew
ID: 24167817
you should really have it set to get the time from the DC and the DC updates from the internet.
0
 

Author Comment

by:jpertchik
ID: 24167822
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Setup>w32tm /monitor
GetDcList failed with error code:  0x80070057.
Exiting with error 0x80070057

C:\Documents and Settings\Setup>
0
 

Author Comment

by:jpertchik
ID: 24167826
Looks like perhaps i need to set the time up first
0
 
LVL 4

Expert Comment

by:chatxfalcon
ID: 24167846
I assume the 2 DNS server are the domain controllers right?


Is the transfer of FSMO a succes? Can your 2 domain controllers can perform replication on NTDS settings? (located start --> run type: dssite.msc)


Please check your event logs and paste here errors specifically from "directory services" section.



Falcon
0
 

Accepted Solution

by:
jpertchik earned 0 total points
ID: 24167871
As soon as i ran this:

w32tm /config /manualpeerlist:time-a.nist.gov,0x8 /syncfromflags:MANUAL
net stop w32time
net start w32time
w32tm /resync


My machine immediately joined the domain, I think a reboot is the only thing left to do.

I'll let you know.

Thanks,.

JPertchik
0
 
LVL 9

Expert Comment

by:cmorffew
ID: 24167885
from your time posting - there is something wrong with the DC server setup - i think chatxfalcon is on to something.
Are your other users able to authenticate on the domain?
0
 
LVL 9

Expert Comment

by:cmorffew
ID: 24167900
good that you were able to join the domain - however, this problem might rear its ugly head again if the time gets out of sync.
0
 

Author Comment

by:jpertchik
ID: 24167931
Perhaps i need to figure out a way to sync all clients to the DC. Any ideas?
0
 
LVL 9

Expert Comment

by:cmorffew
ID: 24167953
use a group policy and set the configuration in there.
0
 

Author Comment

by:jpertchik
ID: 24167960
more specifically, clients get time from DC, not outside source, How do i do this?
0
 

Author Comment

by:jpertchik
ID: 24167962
please elaborate
0
 
LVL 9

Expert Comment

by:cmorffew
ID: 24167995
ok.....
first are you group policy manager in your domain? if not then this will be a manual task on all your machines.
0
 

Author Comment

by:jpertchik
ID: 24168017
I can log on administraively to the DC and create whatever we need.
0
 
LVL 9

Expert Comment

by:cmorffew
ID: 24168060
OK make sure you have Group Policy Manager installed on your DC and check out the following article.
http://technet.microsoft.com/en-us/library/cc779145.aspx
0
 
LVL 4

Expert Comment

by:chatxfalcon
ID: 24168105
Normally Windows clients on a domain synced their time on the Domain Controller.


You can do the following approach:

1)  Add on DHCP Settings --> Server Options "TIME SERVER" pointing to active directory

2) Via Group Policy like what cmorffew suggested (search google for more info and more print screens)


I'm quite positive there's more problem other than time sync. Is there error messages on event logs?



Kindly post it here.



0
 

Author Comment

by:jpertchik
ID: 24168180
OK...Your losing me...where do i need to go and what should i do?

Thansk
0
 
LVL 9

Expert Comment

by:cmorffew
ID: 24168272
You will need to run mmc.exe
then add the addin - group policy manager
once in  there you can then change the gp to set your time servers as per the link i posted.

Alternatively, as Falcon said, go into your DHCP server add-in(again in mmc) and "1)  Add on DHCP Settings --> Server Options "TIME SERVER" pointing to active directory"
0
 

Author Comment

by:jpertchik
ID: 24168332
I have group policy object editor, not manager on the DC in my MMC console. As far as DHCP, the confusion might be that i've left that role up to my Firewall Router. Should i be running DHCP from my DC?
0
 

Author Comment

by:jpertchik
ID: 24168465
Oh...I see... I need to download it...I'll get back to you in a bit,.

Thanks,

JPertchik
0
 
LVL 19

Expert Comment

by:PeteJThomas
ID: 24168478
Wow, the posts are coming in thick and fast here!!

The first thing I would do, is check the event logs on the DCs to ensure there aren't any obvious problems in there. If there are, take some screenshots and post them on here.

If you're looking to set up time synchronisation across your domain, read this article - http://articles.techrepublic.com.com/5100-10878_11-6040425.html

Most will have their DC syncing with an internet time source, and all the clients syncing with the DC. The article above explains how to set it all up properly.

Take one step at a time, if you try and do too much at once, you'll only end up tangled and confused... :P

Pete
0
 
LVL 9

Expert Comment

by:cmorffew
ID: 24892407
I believe the Author has 3 options to resolve the problem,
1. manual update the time on each machine that needs to join the domain and then continuously update the time on each machine as it falls out of acceptable time difference parameters.
2. move the DHCP server role away from the Firewall/Router and on to the DC and add the TIME SERVER option as per chatxfalcon
3. Use Group Policy to set the NTP to the desired settings and control ALL machines in the domain.(this would work for static and dynamic IP address reservations/leases)

If the issue really was an out of sync client/server time, then a check of the Timer server setup should be done.  For correct internal time, the domain should reference one source - the DC or another dedicated NTP server.  The NTP server or DC server should sync its time with an internet based time source.  e.g.  Internet Time Server-> DC Time Server-> Client Time.

Suggested Links:
Group Policy overview http://technet.microsoft.com/en-us/library/cc725828(WS.10).aspx
Configuring time server via group policy http://technet.microsoft.com/en-us/library/bb490605.aspx
How to configure an authoritative time server in Windows Server 2003 http://support.microsoft.com/kb/816042


0

Featured Post

Transaction-level recovery for Oracle database

Veeam Explore for Oracle delivers low RTOs and RPOs with agentless transaction log backup and transaction-level recovery of Oracle databases. You can restore the database to a precise point in time, even to a specific transaction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question