Can't fully join windows xp sp3 client to a Server 2008 domain.

paddygreenhood
paddygreenhood used Ask the Experts™
on
Hi, hoping someone can help me here please.
Have reintroduced a standalone Server running Server 2008, Active directory and Exchange 2007 to an environment after rebuilding from scratch. Environment is small, two local workstations, plus one remote laptop.
Rebuilt server has same server name and domain name as before. Rejoined one workstation without issue, other will not join.

I attempt to join computers the basic way, via system properties on the workstation.

The workstation can see the DC as the credentials dialog pops up.
Joining with administrator credentials fails with the maddeningly unenlightening message: "the following error occurred attempting to join the domain "domainname.local": Cannot complete this function."
When I check the server, the computers section in active directory show the computer added with the arrow icon on the computer. I have taken the step to enable the computer in active directory, in case this is the issue, but without impact.
back on the workstation, if I change the workstation name and then try to join domain I initially get the success message followed immediately by another failure message stating: "The following error occurred attempting to change the name to 'new name': (the domain 'domainname.local'  was joined under the old computer name 'old name'). Cannot complete this function.
If I then attempt to reboot and log in, i have choice of domain or computer login, so the workstation thinks it is on domain. Domain login fails however, as the workstation has retained it's old name.
Loggin in locally, changing the computer name to new name fails, as the workstation is not truly on the domain so the credentials fail.
Removing it from domain, renaming it new name and then rejoining the domain results in a success message, then rebooting into domain partly succeeds. User and administrator credentials are accepted, but with a popup-  "Windows cannot load the user's profile but has logged you on with the default profile for the system. DETAIL - The system cannot find the file specified".
Taking ownership of the profile folders and logging off and on does not fix it.
Logging with a newly created test account with administrator privileges results in same message.

Is there a problem on the workstation with old accounts from the old server environment? Or something else local to the workstation?

Any help is good help.
Thanks in advance,
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Try this first.
In the Active Directory I would just delete the old computer account.
Check TCP/IP settings on the workstation.  Your DNS primary entry should be the Active Directory Server IP address.
Then on the workstation, first make sure it is not in a domain - you want it in a workgroup.
Restart the computer, then try to re-join the Domain.
It will create a new computer account in Active Directory.

Author

Commented:
Thanks Chakko.
I have deleted the old computer account in AD.
TCP/IP on workstation are set fully dynamic.
Primary DNS is the AD.
Regarding the last three lines, this is my problem in the first place. Attempting to rejoin the domain gives me the error: "the following error occurred attempting to join the domain "domainname.local": Cannot complete this function.  However the computer name then shows up under 'computers' in AD.


Commented:
Was the computer out of the domain already (in a workgroup), before trying to join again?
Acronis in Gartner 2019 MQ for datacenter backup

It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.

Author

Commented:
yes it was,

Commented:
Is the netlogon service applet started?

Commented:
disable any antivirus and try it again, first remove from the domain.

Also, check the event logs on the PC and server, maybe there is an error message related to this problem?

Author

Commented:
ChiefIT - netlogon service on manual start, if i start it, it stops again as it is presently in workgroup mode.
Chakko - No av at all unitl this is fixed, only log entires are consistnet with the issue, i.e duplicates of the error messages visible to me.

Commented:
did this pc have AV before?  do you need to scan and check it first?

Author

Commented:
I removed the AV at the onset of this issue. Then ran a specific removal tool from the AV provider just in case. Then ran ccleaner to make sure I was working clean.
Still no joy here.
Each time I try to connect to domain I get the error mentioned above, however the computer then shows up in the list of computers in AD, with a disabled arrow on it. Enabling it has no effect.

Commented:
take a look in Windows\Debug\netsetup.log

anything obvious as an error in there?

Author

Commented:
Chakko - not real good at reading meaning from this log. Here it is...

netsetup.txt

Commented:
there are errors.

please check this info.
what is GRAYM-SGNB2 ?  

Author

Commented:
that is the workstation in question.
During the troubleshooting i have renamed it a few times. In my initial post it was a way i was finding to get pas the first error message.

Commented:
Here is another thing you can check

NetpLdapBind: ldap_bind failed on \\\\graym-fs01.graym.local: 53: Unwilling To Perform

http://www.microsoft.com/downloads/en/details.aspx?FamilyID=49ae8576-9bb9-4126-9761-ba8011fabf38

Run LDP.exe, click Connection menu, click OK. Click Connection menu again, click Bind. Is there any error?
Commented:
also, have you turned off any firewall services/software.  Also, any security software on the server that you can disable

Commented:
To join the domain, Netlogon has to be started. So, we have to answer why the netlogon stops. Please provide a DCdiag /v and also run an AV scan.

Author

Commented:
hi, Chakko got it.
It was the AV, in this case Bitdefender, but on the server, not the workstation.
It has a packet filter on the NIC, in the same way Symantec does.
This was getting in the way of allowing the workstation to rejoin domain. disabled it and it worked straight away.
Points to Chakko, thanks to all.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial