[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Cannot Join Windows XP SP3 VMs to domain

Posted on 2010-04-02
32
Medium Priority
?
1,974 Views
Last Modified: 2012-05-09
Windows 2003 Native domain
4 Sites
DC is in site with XP installations to join domain.  Local DC is Win2k3 R2, SP2
Adding DC and 4th site was no problem.  Now, creating XP VMs (on Citrix Xen 5.5), they will not join domain.

Keep getting the following error when trying to join the domain
The following error occurred attempting to join the domain "domain":
The specified network name is no longer available.

Entry in NetSetup.log is:
04/02 17:27:01 NetpDoDomainJoin
04/02 17:27:01 NetpMachineValidToJoin: 'HMONOCXP1-VM'
04/02 17:27:01 NetpGetLsaPrimaryDomain: status: 0x0
04/02 17:27:01 NetpMachineValidToJoin: status: 0x0
04/02 17:27:01 NetpJoinDomain
04/02 17:27:01       Machine: HMONOCXP1-VM
04/02 17:27:01       Domain: domain
04/02 17:27:01       MachineAccountOU: (NULL)
04/02 17:27:01       Account: domain\administrator
04/02 17:27:01       Options: 0x27
04/02 17:27:01       OS Version: 5.1
04/02 17:27:01       Build number: 2600
04/02 17:27:01       ServicePack: Service Pack 3
04/02 17:27:01 NetpValidateName: checking to see if 'domain' is valid as type 3 name
04/02 17:27:01 NetpCheckDomainNameIsValid [ Exists ] for 'domain' returned 0x0
04/02 17:27:01 NetpValidateName: name 'domain' is valid for type 3
04/02 17:27:01 NetpDsGetDcName: trying to find DC in domain 'domain', flags: 0x1020
04/02 17:27:01 NetpDsGetDcName: found DC '\\dc05' in the specified domain
04/02 17:28:09 NetUseAdd to \\dc05\IPC$ returned 64
04/02 17:28:09 NetpJoinDomain: status of connecting to dc '\\dc05': 0x40
04/02 17:28:09 NetpDoDomainJoin: status: 0x40

Another interesting thing is that I can use RDP to connect to the DC and the XP VMs, I cannot do that between DC and either XP VM that I'm trying to join to the domain.

I can ping the ip address and the hostname of all three amnongst the machines in question.

Trying to join the XP VMs using the NetBIOS name of the domain as well as the domain.com nomenclature both get the same error and log entries.

Information in MS KB articles 936594 and 555912 did not help to resolve the issue.

0
Comment
Question by:homer_gentry
  • 9
  • 9
  • 6
  • +4
30 Comments
 
LVL 27

Expert Comment

by:Jason Watkins
ID: 29511477
Hello,

Are the workstation host names created before they are attempted in joining the domain? Is their a DC in each site?
0
 
LVL 20

Expert Comment

by:wolfcamel
ID: 29519624
what dns are the XP VMs using? it should be the AD server.
0
 
LVL 7

Expert Comment

by:elawad
ID: 29549698
did u use a ready image on the virtual machines or you install a fresh copy of windows xp os on each machine?
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
LVL 7

Expert Comment

by:bitMASTERS
ID: 29550753
Your either not on the same subnet (check ip addresses), DNS is not set properly--should be the AD server or you have an overzealous firewall between the workstations and the AD server.
0
 
LVL 4

Expert Comment

by:JParker505
ID: 29638489
Is your domain named "domain" or did you just sanitize the logs?
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 29691208
Is windows firewall knocking you down from authenticating with the DC?
0
 

Author Comment

by:homer_gentry
ID: 29822045
To answer each of your questions:

Firebar - the workstation host names were changed to what I wanted them to be before attempting to add them to the domain.  I then added the workstations via ADUC to see if that would help and it did not.

Wolfcamel - the workstations are using the local DC as a DNS

Elawad - fresh copy of the install for the first VM, then copied that VM and performed a sysprep.  Am having the same problem with both.

bitMASTERS - All three (two XP VMs and DC) are on the same subnet, and to my knowledge DNS is setup properly, as i can set the Domain suffix to be what I want and ping hostnames with no issue.  I can also perform nslookup using the DC as the answering server and get the correct information.  I have disabled Windows Firewall on the two XP VMs and disabled SEP and Windows Firewall on the DC while troubleshooting this issue.

JParker505 - yes, I sanitized the logs

ChiefIT - I've disabled Windows Firewall (and SEP on the DC) while trying to troubleshoot this issue...

Thank you all for your comments any other suggestions are extremely welcome.
0
 
LVL 4

Expert Comment

by:JParker505
ID: 29824608
Check the firewall status on the machines in the services snapin sometimes the GUI says the firewall is off but the service is still running
0
 
LVL 7

Expert Comment

by:elawad
ID: 29826750
Make sure that in your site that your trying to join these computers to you have a global catalogue DC server.
0
 
LVL 7

Expert Comment

by:bitMASTERS
ID: 29827079
take a look at your DNS server on the domain controller and verify there are no dupliate entries for ip addresses pointing to different computers or multiple entires of the same computer pointing to different ips.  Look in both the forward and reverse zones.  If you find any, delete at least the bad entries and it wouldn't hurt to restart DNS.  If there are no duplicate entires, let me know.
0
 

Author Comment

by:homer_gentry
ID: 29850697
JParker505 - Firewall is disabled on XP VMs, and SEP is turned off via the client

elawad - confirmed that local DC is a GC

bitMASTERS - At the very least, there are not duplicate entries for the t XP VMs in question in either the reverse for forward zones
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 29869643
on the problem child client, can you provide an IPconfig /all.

0
 

Author Comment

by:homer_gentry
ID: 29947413
ChiefIT - per your request -
NOTE actual domain name has been altered, and DNS server is also the site's DC

Windows IP Configuration

        Host Name . . . . . . . . . . . . : hmonocxp1-vm
        Primary Dns Suffix  . . . . . . . : domain.win
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : domain.win

Ethernet adapter Local Area Connection 2:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Citrix XenServer PV Ethernet Adapter

        Physical Address. . . . . . . . . : 72-11-D2-09-BB-F8
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.10.239
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.10.254
        DNS Servers . . . . . . . . . . . : 192.168.10.42
0
 
LVL 7

Expert Comment

by:bitMASTERS
ID: 29947677
DHCP is not enabled indicating you assigned the addresses which is ok but doesn't help us find out why they are not communicationg.  Can you enable DHCP? I suspect it won't get an address based on the problems you are having but can you try it and post results?  I am thinking your VM is not asigned to the proper virtual NIC/switch.  Can you verify that?
0
 

Author Comment

by:homer_gentry
ID: 29947923
bitMASTERS
No I cannot enable DHCP, as I do not have a DHCP server in that site ( that was the network design for that site, which I had no input on).

As far as being assigned to the correct switch, there is only one active switch on the VM Host server, and all three VMs (DC and XP VMs) are on it.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 29950370
...42 is the domain controller with DNS??
0
 
LVL 7

Expert Comment

by:bitMASTERS
ID: 29950844
Does your DNS server at 192.168.10.42 show hmonocxp1-vm at 192.168.10.239 in forward and reverse zones?  Check that there are no other entries in DNS for 192.168.10.239.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 29950847
Well, looks like either a driver problem or a problem with the TCPIP.sys kernel driver.

To fix a driver problem, go to divice manager, under the view drop-down menu select "show hidden devices".  Do you have a bad driver. If so, you will see he yellow Exclamation point.

Now, if it is a TCPIP.sys problem, to fix go to the command prompt and type "SFC /Scannow"  

Have your install disk handy. SFC stands for system file checker and will locate system files that are corrupt or the wrong version. SFC checks for those discrepancies and fixes them. Upon fixing them, it will ask for your install disk. If no discrepancies, then no install disk needed.
0
 

Author Comment

by:homer_gentry
ID: 29951670
ChiefIT - "...42 is the domain controller with DNS??" - yes

bitMASTERS - no, the vm does not show up in DNS (name or IP) in forward or reverse...

ChiefIT - 2nd comment - Device manager - one exclamation point - VgaSave under Non-Plug and Play drivers.  Running SFC /scannow presently.  Will returnwith the results when it is finished.
0
 
LVL 7

Expert Comment

by:bitMASTERS
ID: 29954240
Did you assign a VIF on the virtual machine and assign it to your virtual switch.  From your previous message it sounds like you did but would like to confirmi.  I am guessing you have this document already but just in case here is the admin guide.  It explains how to network virtual machines starting on page 57 (chapter 4).

It appears your VMs have external access (you can connect remotely from outside the physical host) but you cannot communicate with other VMs including the DC.on page 60 it says you may need to create a new network using the command xe network-create name-label=<mynetwork>

My apologies if you have been through this already.  Perhaps you can clarify what you have done in creating the network with XenServer. There is a troubleshooting section in the documentation on page 73 (albeit very small).
0
 

Author Comment

by:homer_gentry
ID: 29957926
SFC /scannow finished with no errors or requests of any kind save the request for the install CD.  trying to jon the domain after that had the same results
0
 

Author Comment

by:homer_gentry
ID: 29958517
bitMASTERS - I'll read through the documentation again and get bck to you.  However, if what you are alluding to is the issue, would I not be able to join the domain if I make one of my DCs in my other sites the DNS server and just shutdown the site's local DC?
0
 
LVL 7

Expert Comment

by:bitMASTERS
ID: 29960209
that would be a good test. try connecting to a dc not on the same virtual host. that would tell us if the problem is with the vm or with a networking issue.
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 30023259
Are you out of client access licenses?

By default, I think you only get 50 for an SBS server.
0
 

Author Comment

by:homer_gentry
ID: 30037487
Not using SBS, just regular Windows Server 2003 R2.
0
 
LVL 7

Expert Comment

by:bitMASTERS
ID: 30037598
any luck connecting to another DC?
0
 

Author Comment

by:homer_gentry
ID: 30038277
I thought I posted this late yesterday, but I don't see the post so I'm "re-posting"...

Shutting down the site's local DC and making another site's DC the DNS server for one of the VMs allowed it to join the domain.  I have not added the 2nd VM yet as I want to truly resolve the situation.

At this time I'm reviewing bitMASTERS suggestions regarding XenServer's networking setup...
0
 
LVL 39

Expert Comment

by:ChiefIT
ID: 30042066
Let's do a netstat and review the ports that are opened or listening.

Look and see if your DNS port is listening. That would be port 42. Also review the LDAP port of 389.

You could have TCP filtering, IPsec configured, or DNS just listening instead of responding.

Look on the DNS snaping and see if you are in listening mode or fully operational.
0
 
LVL 7

Accepted Solution

by:
bitMASTERS earned 2000 total points
ID: 30042951
To me it seems apparant the problem is with XenServer's networking configuration.  If you couldn't ping between virtual machines and you are now able to connect to an DC not on the virual host.  I'd spend my time there.
0
 
LVL 7

Expert Comment

by:bitMASTERS
ID: 32870050
I believe the information I provided provided the solution.
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
You have missed a phone call. The number looks like it belongs to the bunch of numbers which your company uses. How to find out who has just called you?
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month8 days, 1 hour left to enroll

608 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question