coolestmcse
asked on
Cannot join W2008 R2 to Domain (the join operation was not successful... Access is denied)
Good morning,
I had a problem booting our Windows 2008 R2 server. So, I used "Last Known Good configuration". Got it back, I got an error message: "The Trust relationship between this computer and the domain has been lost"... So, I unjoined from the domain, and tried to re-join. Unfortunately, I am getting this error message: "The Join Operation was not successful . This could be because... Access is Denied"
We already removed the Computer name from AD. Enabled Netbios over Tcp-ip...
Any ideas...
I had a problem booting our Windows 2008 R2 server. So, I used "Last Known Good configuration". Got it back, I got an error message: "The Trust relationship between this computer and the domain has been lost"... So, I unjoined from the domain, and tried to re-join. Unfortunately, I am getting this error message: "The Join Operation was not successful . This could be because... Access is Denied"
We already removed the Computer name from AD. Enabled Netbios over Tcp-ip...
Any ideas...
bcoyxp
remove the record from your DNS server or try to join it using higher level of permission account.
Confirm the IP details, and DNS settings. If this is a DHCP client release and renew.
In the case where trust has been lost, but the member server has not been removed from the domain reseting the trusted channel should work:
dsmod computer "Computer Distinguished Name" -reset
Since the computer has been unjoined and the computer object removed from AD, then the only option is to create a new computer object in AD. The access denied message at the join stage would usually indicate that: a) the name of the object and the member server do not match, b) the user account used to perform the join is not permitted to perform this action.
dsmod computer "Computer Distinguished Name" -reset
Since the computer has been unjoined and the computer object removed from AD, then the only option is to create a new computer object in AD. The access denied message at the join stage would usually indicate that: a) the name of the object and the member server do not match, b) the user account used to perform the join is not permitted to perform this action.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
"just reset the computer account in ADUC, and rejoin"...
The computer has been deleted from AD, should I add a new computer object with the same name?
The computer has been deleted from AD, should I add a new computer object with the same name?
Yep just rejoin, make sure time is within 5 minutes of DC as well
No u don't need to create it, it will get created when you join, as long as u have permission
ASKER
Still not working, pre-staging it or not.
I still get same error. I am using a Domain admin account.
I still get same error. I am using a Domain admin account.
Join with a different computer name, and if the join is successful, rename the computer
Can you ping the domain name from client?
Have you tried system restore to go back to a restore point when therre was no problem?
If still no go, you need to remove / re-install the anti-virus of your server 2008 R2.
If still no go, you need to remove / re-install the anti-virus of your server 2008 R2.
Are you able to ping the DC from the 200 R2 server.If the windows firewall is enbled disable the same and reboot the 200R2 server.Also remove the host record from dns and disable the third party service and then try to join to domain.