The old "Cannot join domain: network path not found" error SBS2003

Here's another pointer...
Something is definitely awry with the domain controller/SBS server.

I have another server I built as a complettely clean SBS.
I was intendoing at some point to copy across the website hosted on SBS, and do export/import of the info store, then switch to the new server.
This server is very vanila currently.

I happen to have it on a VLAN so that I can set up without interfering with anything else - it can see a network etc, and a NAS device that I can switch intoi the VLAN as I make the changes to bring it live one day.

So I switched the existing SBS server out of the network (by changing its VLAN) and moved the new one in (put it in the main VLAN).
Then - hey presto! I could join the Windows 7 machine to the domain.
And, I could do Remote Desktop to the other server.

No answers yet, but how can I trouleshoot the existing SBS server (I've switched back to it as it has my live services on it)?

NETDAG and DCDIAG throw no errors....

I would start with DNS, is there any stale records you can delete. Please refresh my memory if nslookup worked, I believe you said it didn't. We should work to get DNS resolving the server from the workstation.

DNS would also cause problems with RDP, matter of fact try RDP using the IP address, this will tell if DNS is bad or not.  

nslookup returns:
*** Default servers are not available
Default Server:  UnKnown
Address:  127.0.0.1

which I have read is not incorrect as it would only get a name from reverse DNS which doesn't really need to be set up. But should it give the proper IP address?

RDP using the IP gives exactly the same result - RPC server not available.

Also, now the windows 7 machine is in the domain, with the server switched back, I can't logon to the domain from that machine - "no logon server is available to service the logon request"

did you run nslookup from the workstation

are you getting any errors in the event logs

When I tried to join I have:

Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5513
Date:            17/01/2012
Time:            15:50:12
User:            N/A
Computer:      ATO-DELL-SERVER
Description:
The computer ATOVOSTRO tried to connect to the server \\ATO-DELL-SERVER using the trust relationship established by the ATO-MAIN domain. However, the computer lost the correct security identifier (SID) when the domain was reconfigured. Reestablish the trust relationship.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
 then:

Event Type:      Error
Event Source:      NETLOGON
Event Category:      None
Event ID:      5722
Date:            17/01/2012
Time:            15:53:58
User:            N/A
Computer:      ATO-DELL-SERVER
Description:
The session setup from the computer ATOVOSTRO failed to authenticate. The name(s) of the account(s) referenced in the security database is ATOVOSTRO$.  The following error occurred:
Access is denied.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 22 00 00 c0               "..À    


gthere are no errors in the DNS log

Now, this is not that surprising, as the DC that allowed the join was a different one.
But how do I re-establish the trust relationship?

if the SID is bad I would pull the computer out of the domain, place it in a work-group, to take it a step further I would rename the computer before trying to join it back to the domain. Go into AD and delete the computer name if you don't rename the workstation.

I suspect your answer will be that I have to leave and rejoin the domain - full circle.
In which case I still just need to fix the root cause (probably in DNS somewhere)

If the SID is bad nothing is going to work whether you resolve DNS or not. User accounts authenticate like computers accounts, go with the event log it's a known issue and critical one, resolve it and move on from that point.

Yes, remooving it will mean I can't rejoin again, won't it.
Untill the root cause error is found it's not going to work - and when that is found I suspect both the Join Domain and the RDP issue will both be fixed.
Interestingly, I can RDP to the SBS server itself, just not to the other server

you have to address the SID problem first, if you can't add the workstation back in the domain we'll troubleshoot.

I can't add to the domain.
I have deleted the computer account but it is back to the "network path not found" error - indicating the DNS fault I guess.

sorry for any confusion I thought the workstation was still in the domain.

tried these commands

ipconfig /release
ipconfig /flushdns
ipconfig /renew
ipconfig /registerdns

make sure the following services are started on the workstation: Workstation, DHCP Client, DNS Client, Server, TCP/IP Netbios helper, Computer Browser

I joined the workstation to the domain using an alternative domain SBS server as I described above. This was to prove the DNS config or something else   on the server was at fault.

I then reinstated the original SBS server (same domain name) but couldn't logon - presumably because the credentials the alternative server created are not valid on the original server.

That's why I would not be able to re-join the domain if I came out of it - and so it has proved.

So the DNS still needs to be fixed.

Now I guess I could compare entry for entry between the alternative server, which works, and the proper server, which no longer does. ut that would be error-prone I'm sure.

Or I could do a system state restore from several days ago (don't know what else I would lose).

Or some other way to recreate proper DNS entries (is there a script in SBS for it?)...

so you added the computer back to the domain that works

on the SBS2003 open DNS right click on the DNS server name and select scavenge stale resource records, update server data files, clear cache and restart the DNS server.

On the SBS2003 what DNS Server log errors are reporting.

All thjose services are running (though as I say netlogon is not).
/registerdns gives the error "the requested operation requires elevation"

As I said, there are no ererors in the DNS log

I added back to the working domain, using a different SBS server as described above.
I reinstated the original SBS server
I tried to logon and could not
I removed from the domain as you instructed
I cannot rejoin
The Windows 7 machine is no longer in any domain

Also did all the DNS stuff you list above - "network path not found"

I have just checked through the entire DNS, record by record, comparing the other SBS server I have with  the one in question.

Every entry is pretty much identoical, the differences being the server name (of course) and in some cases some of the  data.
So, msdcs.domainname.local has an entry that looks like a SID, that is of course different.
the SOA entry has a different value - [26], servername.domain.local in the one case and [16], servername.domain.local in the other
msdcs.domainname.local/domains also has an entry that looks likje a SID that is different on the other server, as I would expect - it's also different to the one directly under msdcs.domainname.local (that's true on both machines so looks OK)
FLZ/mydomain.local has an SOA record that has [56],servername.domainname.local in the one that works, but  [6931],servername.domainname.local in the other server. Is that odd? I don't know what this value means or is used for.

Otherwise all looks identical

Can I uninstall and reinstall DNS safely on SBS?

I wouldn't, it's integrated into AD and will most likely cause problems. My opinion more than if it can or can't be done. I've never uninstalled DNS but I've recreated the forward and revers lookup zones before to fix a DNS problem.

I did find that somehow the NIC setting had lost it's reference to itself as the DNS server. I added the entry but no joy there.
Also tried changing the zone to non-integrated, restarting netlogon and DNS, switching back to integrated and restarting them again. No joy there either.
Otherwise been short on time today.


However, if I now try to join the domain I have a different error:
An attempt to resolve the DNS name of a domain controller  in the domain being joined has failed. Please verify this client is configured to reach a DNS server  that can resolve DNS names in the target domain.

BTW, ran DCDIAG tests for RegisterInDomain, Services and MachineAccount. All passed

Ran netdiag
......................................

    Computer Name: servername
    DNS Host Name: servername.domainname.local
    System info : Windows 2000 Server (Build 3790)
    Processor : x86 Family 15 Model 4 Stepping 1, GenuineIntel
   


Netcard queries test . . . . . . . : Passed



Per interface results:

    Adapter : Server Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : servername
        IP Address . . . . . . . . : 192.168.16.2
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 192.168.16.1
        Primary WINS Server. . . . : 192.168.16.2
        Dns Servers. . . . . . . . : 192.168.16.2


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed

        WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{CBE068C9-86E6-4FE9-BF45-75BE4BB2D200}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '192.168.16.2'.


Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{CBE068C9-86E6-4FE9-BF45-75BE4BB2D200}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{CBE068C9-86E6-4FE9-BF45-75BE4BB2D200}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully

And that is the correcct DNS server IP:
Windows IP Configuration
   Host Name . . . . . . . . . . . . : servername
   Primary Dns Suffix  . . . . . . . : domainname.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : Yes
   WINS Proxy Enabled. . . . . . . . : Yes
   DNS Suffix Search List. . . . . . : domainname.local

Ethernet adapter Server Local Area Connection:
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
   Physical Address. . . . . . . . . : 00-10-18-0D-AF-F8
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.16.2
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.16.1
   DNS Servers . . . . . . . . . . . : 192.168.16.2
   Primary WINS Server . . . . . . . : 192.168.16.2

have a look on the workstation and the see if TCP/IP NetBIOS Helper Service is turned off and set to manual:
Set service to auto and then try and add the machine back to the domain

I had tried all suggestions made by the contributors (many thanks guys) but unfortunately none of them worked.