Cannot Join Windows XP SP3 VMs to domain

Windows 2003 Native domain
4 Sites
DC is in site with XP installations to join domain.  Local DC is Win2k3 R2, SP2
Adding DC and 4th site was no problem.  Now, creating XP VMs (on Citrix Xen 5.5), they will not join domain.

Keep getting the following error when trying to join the domain
The following error occurred attempting to join the domain "domain":
The specified network name is no longer available.

Entry in NetSetup.log is:
04/02 17:27:01 NetpDoDomainJoin
04/02 17:27:01 NetpMachineValidToJoin: 'HMONOCXP1-VM'
04/02 17:27:01 NetpGetLsaPrimaryDomain: status: 0x0
04/02 17:27:01 NetpMachineValidToJoin: status: 0x0
04/02 17:27:01 NetpJoinDomain
04/02 17:27:01       Machine: HMONOCXP1-VM
04/02 17:27:01       Domain: domain
04/02 17:27:01       MachineAccountOU: (NULL)
04/02 17:27:01       Account: domain\administrator
04/02 17:27:01       Options: 0x27
04/02 17:27:01       OS Version: 5.1
04/02 17:27:01       Build number: 2600
04/02 17:27:01       ServicePack: Service Pack 3
04/02 17:27:01 NetpValidateName: checking to see if 'domain' is valid as type 3 name
04/02 17:27:01 NetpCheckDomainNameIsValid [ Exists ] for 'domain' returned 0x0
04/02 17:27:01 NetpValidateName: name 'domain' is valid for type 3
04/02 17:27:01 NetpDsGetDcName: trying to find DC in domain 'domain', flags: 0x1020
04/02 17:27:01 NetpDsGetDcName: found DC '\\dc05' in the specified domain
04/02 17:28:09 NetUseAdd to \\dc05\IPC$ returned 64
04/02 17:28:09 NetpJoinDomain: status of connecting to dc '\\dc05': 0x40
04/02 17:28:09 NetpDoDomainJoin: status: 0x40

Another interesting thing is that I can use RDP to connect to the DC and the XP VMs, I cannot do that between DC and either XP VM that I'm trying to join to the domain.

I can ping the ip address and the hostname of all three amnongst the machines in question.

Trying to join the XP VMs using the NetBIOS name of the domain as well as the domain.com nomenclature both get the same error and log entries.

Information in MS KB articles 936594 and 555912 did not help to resolve the issue.

homer_gentryDirector of I.T.Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jason WatkinsIT Project LeaderCommented:
Hello,

Are the workstation host names created before they are attempted in joining the domain? Is their a DC in each site?
0
wolfcamelCommented:
what dns are the XP VMs using? it should be the AD server.
0
elawadCommented:
did u use a ready image on the virtual machines or you install a fresh copy of windows xp os on each machine?
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

bitMASTERSCommented:
Your either not on the same subnet (check ip addresses), DNS is not set properly--should be the AD server or you have an overzealous firewall between the workstations and the AD server.
0
JParker505Commented:
Is your domain named "domain" or did you just sanitize the logs?
0
ChiefITCommented:
Is windows firewall knocking you down from authenticating with the DC?
0
homer_gentryDirector of I.T.Author Commented:
To answer each of your questions:

Firebar - the workstation host names were changed to what I wanted them to be before attempting to add them to the domain.  I then added the workstations via ADUC to see if that would help and it did not.

Wolfcamel - the workstations are using the local DC as a DNS

Elawad - fresh copy of the install for the first VM, then copied that VM and performed a sysprep.  Am having the same problem with both.

bitMASTERS - All three (two XP VMs and DC) are on the same subnet, and to my knowledge DNS is setup properly, as i can set the Domain suffix to be what I want and ping hostnames with no issue.  I can also perform nslookup using the DC as the answering server and get the correct information.  I have disabled Windows Firewall on the two XP VMs and disabled SEP and Windows Firewall on the DC while troubleshooting this issue.

JParker505 - yes, I sanitized the logs

ChiefIT - I've disabled Windows Firewall (and SEP on the DC) while trying to troubleshoot this issue...

Thank you all for your comments any other suggestions are extremely welcome.
0
JParker505Commented:
Check the firewall status on the machines in the services snapin sometimes the GUI says the firewall is off but the service is still running
0
elawadCommented:
Make sure that in your site that your trying to join these computers to you have a global catalogue DC server.
0
bitMASTERSCommented:
take a look at your DNS server on the domain controller and verify there are no dupliate entries for ip addresses pointing to different computers or multiple entires of the same computer pointing to different ips.  Look in both the forward and reverse zones.  If you find any, delete at least the bad entries and it wouldn't hurt to restart DNS.  If there are no duplicate entires, let me know.
0
homer_gentryDirector of I.T.Author Commented:
JParker505 - Firewall is disabled on XP VMs, and SEP is turned off via the client

elawad - confirmed that local DC is a GC

bitMASTERS - At the very least, there are not duplicate entries for the t XP VMs in question in either the reverse for forward zones
0
ChiefITCommented:
on the problem child client, can you provide an IPconfig /all.

0
homer_gentryDirector of I.T.Author Commented:
ChiefIT - per your request -
NOTE actual domain name has been altered, and DNS server is also the site's DC

Windows IP Configuration

        Host Name . . . . . . . . . . . . : hmonocxp1-vm
        Primary Dns Suffix  . . . . . . . : domain.win
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : domain.win

Ethernet adapter Local Area Connection 2:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Citrix XenServer PV Ethernet Adapter

        Physical Address. . . . . . . . . : 72-11-D2-09-BB-F8
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.10.239
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.10.254
        DNS Servers . . . . . . . . . . . : 192.168.10.42
0
bitMASTERSCommented:
DHCP is not enabled indicating you assigned the addresses which is ok but doesn't help us find out why they are not communicationg.  Can you enable DHCP? I suspect it won't get an address based on the problems you are having but can you try it and post results?  I am thinking your VM is not asigned to the proper virtual NIC/switch.  Can you verify that?
0
homer_gentryDirector of I.T.Author Commented:
bitMASTERS
No I cannot enable DHCP, as I do not have a DHCP server in that site ( that was the network design for that site, which I had no input on).

As far as being assigned to the correct switch, there is only one active switch on the VM Host server, and all three VMs (DC and XP VMs) are on it.
0
ChiefITCommented:
...42 is the domain controller with DNS??
0
bitMASTERSCommented:
Does your DNS server at 192.168.10.42 show hmonocxp1-vm at 192.168.10.239 in forward and reverse zones?  Check that there are no other entries in DNS for 192.168.10.239.
0
ChiefITCommented:
Well, looks like either a driver problem or a problem with the TCPIP.sys kernel driver.

To fix a driver problem, go to divice manager, under the view drop-down menu select "show hidden devices".  Do you have a bad driver. If so, you will see he yellow Exclamation point.

Now, if it is a TCPIP.sys problem, to fix go to the command prompt and type "SFC /Scannow"  

Have your install disk handy. SFC stands for system file checker and will locate system files that are corrupt or the wrong version. SFC checks for those discrepancies and fixes them. Upon fixing them, it will ask for your install disk. If no discrepancies, then no install disk needed.
0
homer_gentryDirector of I.T.Author Commented:
ChiefIT - "...42 is the domain controller with DNS??" - yes

bitMASTERS - no, the vm does not show up in DNS (name or IP) in forward or reverse...

ChiefIT - 2nd comment - Device manager - one exclamation point - VgaSave under Non-Plug and Play drivers.  Running SFC /scannow presently.  Will returnwith the results when it is finished.
0
bitMASTERSCommented:
Did you assign a VIF on the virtual machine and assign it to your virtual switch.  From your previous message it sounds like you did but would like to confirmi.  I am guessing you have this document already but just in case here is the admin guide.  It explains how to network virtual machines starting on page 57 (chapter 4).

It appears your VMs have external access (you can connect remotely from outside the physical host) but you cannot communicate with other VMs including the DC.on page 60 it says you may need to create a new network using the command xe network-create name-label=<mynetwork>

My apologies if you have been through this already.  Perhaps you can clarify what you have done in creating the network with XenServer. There is a troubleshooting section in the documentation on page 73 (albeit very small).
0
homer_gentryDirector of I.T.Author Commented:
SFC /scannow finished with no errors or requests of any kind save the request for the install CD.  trying to jon the domain after that had the same results
0
homer_gentryDirector of I.T.Author Commented:
bitMASTERS - I'll read through the documentation again and get bck to you.  However, if what you are alluding to is the issue, would I not be able to join the domain if I make one of my DCs in my other sites the DNS server and just shutdown the site's local DC?
0
bitMASTERSCommented:
that would be a good test. try connecting to a dc not on the same virtual host. that would tell us if the problem is with the vm or with a networking issue.
0
ChiefITCommented:
Are you out of client access licenses?

By default, I think you only get 50 for an SBS server.
0
homer_gentryDirector of I.T.Author Commented:
Not using SBS, just regular Windows Server 2003 R2.
0
bitMASTERSCommented:
any luck connecting to another DC?
0
homer_gentryDirector of I.T.Author Commented:
I thought I posted this late yesterday, but I don't see the post so I'm "re-posting"...

Shutting down the site's local DC and making another site's DC the DNS server for one of the VMs allowed it to join the domain.  I have not added the 2nd VM yet as I want to truly resolve the situation.

At this time I'm reviewing bitMASTERS suggestions regarding XenServer's networking setup...
0
ChiefITCommented:
Let's do a netstat and review the ports that are opened or listening.

Look and see if your DNS port is listening. That would be port 42. Also review the LDAP port of 389.

You could have TCP filtering, IPsec configured, or DNS just listening instead of responding.

Look on the DNS snaping and see if you are in listening mode or fully operational.
0
bitMASTERSCommented:
To me it seems apparant the problem is with XenServer's networking configuration.  If you couldn't ping between virtual machines and you are now able to connect to an DC not on the virual host.  I'd spend my time there.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bitMASTERSCommented:
I believe the information I provided provided the solution.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows XP

From novice to tech pro — start learning today.