• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 536
  • Last Modified:

Cannot Join Domain

I usually setup a new install or XPSP3 as part of a work group to start, and then join it to the domain through the properties>computername>Change dialog.

I put in the domain name, it asks for credential,s and a few seconds later it says Welcom to <domain name>

I have a situation now where I'm trying to join a fresh install to the domain, and then it just hangs with the hour glass for a long time after i put in my credentials. I've repeated it with different Admin accounts and still the same thing. The attached screen cap is the error I finally get.

Changes recently made to the server recently are as follows:
Transfered FSMO Roles over from older DC
Synchronised server with Internet based clock.
Synchronised Each client with the same clock.
Microsoft update last night, needs reboot.
We are running Windows XP Clients and the DC in question is Windows Server 2003 R2

Please help!

Thanks,

JPertchik
JoiningDomainError.bmp
0
jpertchik
Asked:
jpertchik
  • 18
  • 12
  • 2
  • +3
1 Solution
 
cmorffewCommented:
what license model is the server running?
0
 
jpertchikAuthor Commented:
nt sure what you mean... we're taking seats, yes?
0
 
jpertchikAuthor Commented:
Sorry, i have a really lousy keyboard on mt LT
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
bluntTonyHead of ICTCommented:
Some questions for troublehsooting...

How many DCs do you have now? When you say you've sync the clients with the same clock, do you mean the internet time source? You should be syncing clients with your networks internal time source, typically your PDC emulator, which in turn can either use an external source or it's own internal clock.

Is DNS correctly configured on the client to look at the new DC? Is DNS up and running on this DC? Are the DCs DNS records (Host and SRV) registered correctly on the DC (try stop/starting the NETLOGON service on the DC to re-register them).

Have you successfully joined any clients to the domain since making your changes? Is the network traffic getting through to the new DC (try disabling windows firewall on the DC).
0
 
jpertchikAuthor Commented:
Windows Server 2003 Client Access License (Windows CAL)
0
 
aligigiCommented:
It could be a dns problem. On your winXP computer network properties the dns server should be your domain controller's IP.
Is the dns on the domain controller set up correctly?
0
 
bluntTonyHead of ICTCommented:
Further to this, ensure that DNS is not holding any SRV records referring to the old DC, if you have now removed this from the network. If you removed it, did you successfully DCPROMO it before disconnecting it?
0
 
jpertchikAuthor Commented:
Screen Cap on server licenseing
license.bmp
0
 
cmorffewCommented:
jpertchik,
check your DNS settings:

on the machine you are having issues connecting to the domain - run from command prompt - ipconfig /all

make sure the machine has a valid IP address and the settings look correct for your domain.
0
 
jpertchikAuthor Commented:
All i did was transfer the roles. I did not Demote it.
0
 
cmorffewCommented:
Ok - Licensing should not be an issue.
0
 
jpertchikAuthor Commented:
All is as it should be IP wise:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Setup>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : jpertchik
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : owprnetwork.local
                                            hsd1.va.comcast.net

Ethernet adapter Local Area Connection 2:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
        Physical Address. . . . . . . . . : 00-10-18-0C-3F-16
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.1.145
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.1.1
        DHCP Server . . . . . . . . . . . : 192.168.1.1
        DNS Servers . . . . . . . . . . . : 192.168.1.15
                                            192.168.1.14
        Lease Obtained. . . . . . . . . . : Friday, April 17, 2009 9:36:31 AM
        Lease Expires . . . . . . . . . . : Friday, April 17, 2009 10:36:31 AM

Ethernet adapter Wireless Network Connection 2:

        Media State . . . . . . . . . . . : Media disconnected
        Description . . . . . . . . . . . : Compact Wireless-G USB Network Adapt
er
        Physical Address. . . . . . . . . : 00-23-69-0E-E2-29

C:\Documents and Settings\Setup>
0
 
jpertchikAuthor Commented:
I'm worried about the time server issue. I did sync all m,achines in the domain to an external internet server. Not the DCF and then all clients to the DC
0
 
jpertchikAuthor Commented:
In other words, Heirarchical daisy chain from Internet source to DC, to client.

I have everyone synched directly to the internet seerver
0
 
cmorffewCommented:
run this on the machine
w32tm /monitor

it will tell you where it is getting the time from
0
 
cmorffewCommented:
you should really have it set to get the time from the DC and the DC updates from the internet.
0
 
jpertchikAuthor Commented:
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Setup>w32tm /monitor
GetDcList failed with error code:  0x80070057.
Exiting with error 0x80070057

C:\Documents and Settings\Setup>
0
 
jpertchikAuthor Commented:
Looks like perhaps i need to set the time up first
0
 
chatxfalconCommented:
I assume the 2 DNS server are the domain controllers right?


Is the transfer of FSMO a succes? Can your 2 domain controllers can perform replication on NTDS settings? (located start --> run type: dssite.msc)


Please check your event logs and paste here errors specifically from "directory services" section.



Falcon
0
 
jpertchikAuthor Commented:
As soon as i ran this:

w32tm /config /manualpeerlist:time-a.nist.gov,0x8 /syncfromflags:MANUAL
net stop w32time
net start w32time
w32tm /resync


My machine immediately joined the domain, I think a reboot is the only thing left to do.

I'll let you know.

Thanks,.

JPertchik
0
 
cmorffewCommented:
from your time posting - there is something wrong with the DC server setup - i think chatxfalcon is on to something.
Are your other users able to authenticate on the domain?
0
 
cmorffewCommented:
good that you were able to join the domain - however, this problem might rear its ugly head again if the time gets out of sync.
0
 
jpertchikAuthor Commented:
Perhaps i need to figure out a way to sync all clients to the DC. Any ideas?
0
 
cmorffewCommented:
use a group policy and set the configuration in there.
0
 
jpertchikAuthor Commented:
more specifically, clients get time from DC, not outside source, How do i do this?
0
 
jpertchikAuthor Commented:
please elaborate
0
 
cmorffewCommented:
ok.....
first are you group policy manager in your domain? if not then this will be a manual task on all your machines.
0
 
jpertchikAuthor Commented:
I can log on administraively to the DC and create whatever we need.
0
 
cmorffewCommented:
OK make sure you have Group Policy Manager installed on your DC and check out the following article.
http://technet.microsoft.com/en-us/library/cc779145.aspx
0
 
chatxfalconCommented:
Normally Windows clients on a domain synced their time on the Domain Controller.


You can do the following approach:

1)  Add on DHCP Settings --> Server Options "TIME SERVER" pointing to active directory

2) Via Group Policy like what cmorffew suggested (search google for more info and more print screens)


I'm quite positive there's more problem other than time sync. Is there error messages on event logs?



Kindly post it here.



0
 
jpertchikAuthor Commented:
OK...Your losing me...where do i need to go and what should i do?

Thansk
0
 
cmorffewCommented:
You will need to run mmc.exe
then add the addin - group policy manager
once in  there you can then change the gp to set your time servers as per the link i posted.

Alternatively, as Falcon said, go into your DHCP server add-in(again in mmc) and "1)  Add on DHCP Settings --> Server Options "TIME SERVER" pointing to active directory"
0
 
jpertchikAuthor Commented:
I have group policy object editor, not manager on the DC in my MMC console. As far as DHCP, the confusion might be that i've left that role up to my Firewall Router. Should i be running DHCP from my DC?
0
 
jpertchikAuthor Commented:
Oh...I see... I need to download it...I'll get back to you in a bit,.

Thanks,

JPertchik
0
 
PeteJThomasCommented:
Wow, the posts are coming in thick and fast here!!

The first thing I would do, is check the event logs on the DCs to ensure there aren't any obvious problems in there. If there are, take some screenshots and post them on here.

If you're looking to set up time synchronisation across your domain, read this article - http://articles.techrepublic.com.com/5100-10878_11-6040425.html

Most will have their DC syncing with an internet time source, and all the clients syncing with the DC. The article above explains how to set it all up properly.

Take one step at a time, if you try and do too much at once, you'll only end up tangled and confused... :P

Pete
0
 
cmorffewCommented:
I believe the Author has 3 options to resolve the problem,
1. manual update the time on each machine that needs to join the domain and then continuously update the time on each machine as it falls out of acceptable time difference parameters.
2. move the DHCP server role away from the Firewall/Router and on to the DC and add the TIME SERVER option as per chatxfalcon
3. Use Group Policy to set the NTP to the desired settings and control ALL machines in the domain.(this would work for static and dynamic IP address reservations/leases)

If the issue really was an out of sync client/server time, then a check of the Timer server setup should be done.  For correct internal time, the domain should reference one source - the DC or another dedicated NTP server.  The NTP server or DC server should sync its time with an internet based time source.  e.g.  Internet Time Server-> DC Time Server-> Client Time.

Suggested Links:
Group Policy overview http://technet.microsoft.com/en-us/library/cc725828(WS.10).aspx
Configuring time server via group policy http://technet.microsoft.com/en-us/library/bb490605.aspx
How to configure an authoritative time server in Windows Server 2003 http://support.microsoft.com/kb/816042


0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 18
  • 12
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now