JustinGSEIWI
asked on
Cannot join workstation to domain.
I just deployed a workstation to one of my sites. When I tried to join the domain, I received the following error.
Title of error box "Computer Name Changes"
"The following error occurred attempting to join the domain "girlscouts":
The specified server cannot perform the requested operation."
I checked the computer container in AD and the account is created but it has a red X over the computer account.
Any help is appreciated. Thanks,
Justin
Title of error box "Computer Name Changes"
"The following error occurred attempting to join the domain "girlscouts":
The specified server cannot perform the requested operation."
I checked the computer container in AD and the account is created but it has a red X over the computer account.
Any help is appreciated. Thanks,
Justin
Try removing the computer account in AD and then add the machine to the domain. You will have the option to create a computer account as part of teh add and then you can move it to a different OU later if you desire.
This most likely means the workstation is disabled.
You should be able to right click the workstation and choose the option to enable.
Try to rejoin again once enabled.
You should be able to right click the workstation and choose the option to enable.
Try to rejoin again once enabled.
ASKER
I tried removing the computer account and then adding it to the correct AD container manually but that received the same error.
I tried enabling the workstation once it was added and restarted the workstation. It still didn't attach to the domain.
Thanks,
Justin
I tried enabling the workstation once it was added and restarted the workstation. It still didn't attach to the domain.
Thanks,
Justin
Hello Justin. Chilids solution must work OK. Just keep in mind that when you join a computer to a domain and the account already exists in the domain the computer have to be named before the join, when it is still in a workgroup. In that case you receive a message "The computer already have an account in the domain. Do you want to use it?"
ASKER
I did try to join the computer to the domain after creating the computer account in AD manually and I double checked to make sure the computer name was changed before I attempted to join the domain. While doing this, I still receive the error message that I put in the initial post.
Thanks,
Justin
Thanks,
Justin
Is the firewall enabled on the server?
If it is disable the firewall on the server and try to rejoin the workstation
If it is disable the firewall on the server and try to rejoin the workstation
ASKER
The firewall is disabled on the server.
Did you try adding it to the domain when there was no computer account in AD?
You might want to try running dcdiag (http://technet.microsoft.com/en-us/library/cc776854(WS.10).aspx) from the workstation to see if it can communicate with the domain. It's included as part of the Windows Server 2003 Support Tools Pack (http://support.microsoft.com/kb/892777). Otherwise, try renaming to computer to something else. If you are naming it PC1, try PC2. PC1 might already exist on their network: PCs should not share the same NETBIOS name either in a work group or domain.
ASKER
I tried adding the computer to the domain when their was no computer account in AD. I also tried manually creating the account and then trying to join. No luck with either.
Their are a tone of DNS error on the server event log. They are listed below. Could these be related? I think they need attention either way. If they aren't related, where might I find events specific to joining the domain?
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4015
Date: 1/6/2010
Time: 10:21:46 PM
User: N/A
Computer: GSCRDC1
Description:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "000020EF: SvcErr: DSID-020800E0, problem 5012 (DIR_ERROR), data -1014". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 01 00 00 00 ....
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4011
Date: 1/4/2010
Time: 10:22:00 PM
User: N/A
Computer: GSCRDC1
Description:
The DNS server was unable to add or write an update of domain name ad in zone ad.girlscouts-mvc.org to the Active Directory. Check that the Active Directory is functioning properly and add or update this domain name using the DNS console. The extended error debug information (which may be empty) is "000020EF: SvcErr: DSID-02050344, problem 5012 (DIR_ERROR), data -1014". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00 *#..
Thanks,
Justin
Their are a tone of DNS error on the server event log. They are listed below. Could these be related? I think they need attention either way. If they aren't related, where might I find events specific to joining the domain?
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4015
Date: 1/6/2010
Time: 10:21:46 PM
User: N/A
Computer: GSCRDC1
Description:
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "000020EF: SvcErr: DSID-020800E0, problem 5012 (DIR_ERROR), data -1014". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 01 00 00 00 ....
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4011
Date: 1/4/2010
Time: 10:22:00 PM
User: N/A
Computer: GSCRDC1
Description:
The DNS server was unable to add or write an update of domain name ad in zone ad.girlscouts-mvc.org to the Active Directory. Check that the Active Directory is functioning properly and add or update this domain name using the DNS console. The extended error debug information (which may be empty) is "000020EF: SvcErr: DSID-02050344, problem 5012 (DIR_ERROR), data -1014". The event data contains the error.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00 *#..
Thanks,
Justin
Is this a read only Domain controller?
ASKER
All of my DC's are read/write.
When you said "I tried enabling the workstation once it was added" do you mean you added the computer account from the server? The account must be created when you join the domain, not manually from the server. Delete the account (save before the information of any field you may need, like Location, Managed by, etc). Then join the workstation again.
Do you have only one domain controller? It they are more than one check all servers are ok and that replication is working. The roles to create new accounts (RID Master) may be in a inaccessible server.
Do you have only one domain controller? It they are more than one check all servers are ok and that replication is working. The roles to create new accounts (RID Master) may be in a inaccessible server.
ASKER
I tried changing the computer name to something it could not possibly be in AD already. I restarted and then tried joining the domain. I received the same error message.
I downloaded and tried to run dcdiag on the workstation and received the following error.
Domain Controller Diagnosis
Performing initial setup:
***Error: desktop1 is not a DC. Must specify /s:<Domain
/n:<Naming Context> or nothing to use the local machine.
When I said " I tried enabling the workstation once it was added," I meant that when I tried to join the computer to the domain without manually creating the computer in AD first, a computer account was created but their was a large X over it. It was suggested above that I try enabling that disabled computer account that was created. I tried that and it didn't work.
I have six domain controllers. As far as I can tell, everything is replicating. I went into ADSS and selected the DC of the site I am having trouble with and selected replicate now. I didn't receive an error. As far as I can tell, everything is replicating. How can I confirm that everything is replicating fine?
Thanks,
Justin
I downloaded and tried to run dcdiag on the workstation and received the following error.
Domain Controller Diagnosis
Performing initial setup:
***Error: desktop1 is not a DC. Must specify /s:<Domain
/n:<Naming Context> or nothing to use the local machine.
When I said " I tried enabling the workstation once it was added," I meant that when I tried to join the computer to the domain without manually creating the computer in AD first, a computer account was created but their was a large X over it. It was suggested above that I try enabling that disabled computer account that was created. I tried that and it didn't work.
I have six domain controllers. As far as I can tell, everything is replicating. I went into ADSS and selected the DC of the site I am having trouble with and selected replicate now. I didn't receive an error. As far as I can tell, everything is replicating. How can I confirm that everything is replicating fine?
Thanks,
Justin
try dcdiag /s:name_of_dc_server
For replication, try ReplMon->
http://technet.microsoft.com/en-us/library/cc772954(WS.10).aspx
For replication, try ReplMon->
http://technet.microsoft.com/en-us/library/cc772954(WS.10).aspx
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have also noticed that the new workstation is not listed under the reverse lookup zone on the local DC.
I have to go now but i'll be back in about an hour.
Thanks,
Justin
I have to go now but i'll be back in about an hour.
Thanks,
Justin
Before you applied the fix above what was your primary DNS on the client? In the post above it had you add the DC as the primary which is absolutely correct, that is a must. But I have never had to add the DNS suffix in the advanced settings to join a domain. Also to get a ptr record you can try an ipconfig /registerdns from the command prompt or go into the same advanced settings as above and make sure the check box is set to register with dns.
Make sure your DHCP server is giving out the DC as the primary DNS server if it isn't already.
Make sure your DHCP server is giving out the DC as the primary DNS server if it isn't already.
ASKER
The primary DNS on the client was set to the local DC before I applied the fix. It was set to get DNS from the DHCP server. I just checked DHCP and it is set correctly. It has itself set as the primary DNS and another off site DC as the secondary.
I checked that register DNS was set in the advanced settings and it was. Still no DNS entry. I just did a ipconfig /registerdns and we will see if it shows up in the next few minutes.
I also noticed that my DHCP server has the DNS domain name set but it is not the FQDN, such as domain.local. Instead, it is just set as domain. Should I change that?
Thanks,
Justin
I checked that register DNS was set in the advanced settings and it was. Still no DNS entry. I just did a ipconfig /registerdns and we will see if it shows up in the next few minutes.
I also noticed that my DHCP server has the DNS domain name set but it is not the FQDN, such as domain.local. Instead, it is just set as domain. Should I change that?
Thanks,
Justin
Are you refearing to option 015 in the DHCP Scope? If you are then I would change that to domain.local
ASKER
Yes I was, I just changed it. I checked my other DHCP servers and they were setup as domain.local. That may of been why but I am sure I added machines to the domain with those settings.
Also, I just checked reverse DNS and the newly added workstation is now registered.
Thanks,
Justin
Also, I just checked reverse DNS and the newly added workstation is now registered.
Thanks,
Justin