SBS 2003 Network configuration wizard fails

I am really stumped on this one.  Had to rebuild a Dell laptop with XP SP3. When trying to rejoin it to the SBS 2003-based network, I am encountering the following error:

--I go to http://<servername>/connectcomputer and launch the wizard, providing domain administrator username and password.  Immediately,

"The list of users and computers could not be found."

Everything everywhere says that this is a DNS issue, but DNS is configured correctly as far as I can tell.  DHCP is actually handled by the Sonicwall router/firewall as it is the VPN termination point.  It is, however, configured to have its first DNS server as the SBS server.  As a test, I turned DHCP off on the firewall and configured the server to handle DHCP.  Same result.  Configuring the laptop manually--same result.

Any thoughts as to something else I might try?  As a tool of last resort last night, I ripped DNS off the server and reinstalled.  This actually seems to have helped in the sense that resolution/network seems much snappier this morning, but it has not helped with the original problem.

There are no other problems/issues of any consequence that I can see on the server aside from this one annoying little thing.  All other workstations are behaving just fine as was this laptop before its hard drive died.

Thanks for any help or advice,
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Abbas HaidarSenior Infrastructure ManagerCommented:
DHCP should be handeled by the SBS box only.
baldgeekAuthor Commented:
I tried that and it still failed, so I put it back.  I actually inherited the network and it was setup this way from the getgo.  I don't believe I tried it after removing/reinstalling DNS.  Frankly, it was very late and I had a small window b/w when the backup finished and when users started early this morning.  I will certainly try it again this evening.
Is there some other information being handed out when the server is the DHCP server aside from the basic IP, SM, DG, DNS info?
Abbas HaidarSenior Infrastructure ManagerCommented:
the wizard will not work without the SBS server is the DHCP server. first enable DHCP, then re-reun the ICW and see how it goes.
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

baldgeekAuthor Commented:
OK, will have to wait until this evening, but I will do that and report back the results.  Thank you, I guess I didn't realize it was that important to have DHCP reside on the server.
Rob WilliamsCommented:
It will work without SBS as the DHCP server, however it should be the DHCP server and if not you have to add the Server as the ONLY DNS server and add the domain suffix.

Generally when a computer cannot join the domain using http://connect (SBS 2008 & 2011) or http://SBSname/connectcomputer (SBS 2003) it is due to inability to correctly resolve the name of the domain controller in a timely fashion. Below is a list of common reasons for the connect wizards to fail. In an SBS domain the server should be the DHCP server, and if so, items 2 and 3 below should be automatically set through DHCP. However if addressing is statically assigned or you are using a router you may need to make changes. Items 2 and 3 are also basic networking requirements of a Windows Domain, not just important for joining the domain.

1. If there is more than 1 network adapter installed , wired or wireless, disable all but 1, preferably wired, until after joined to the domain
2. Make sure, using IPconfig /all, that the client's DNS points ONLY to your internal DNS servers, in this case the SBS. Do not allow a router or ISP to be added as an alternate.
3. IPconfig /all should also show next to “Connection-specific DNS Suffix” your internal domain suffix (MyDomain.local). If not you need to add the domain suffix to the client machine. To do so insert it in the "DNS suffix for this connection" box under the DNS tab of the NIC's advanced TCP/IP IPv4  properties
4. If there are any 3rd party firewalls or security suites installed, disable them until joined to the domain
5. If still failing add the connect web site to the “trusted” sites list in Internet Explorer under Internet options / security
6. On a few occasions Bluetooth accessories such as keyboards and mice have been known to interfere with the connect wizards. If necessary temporarily replace these with wired devices until domain joined.
baldgeekAuthor Commented:
Thanks RobWill.
I have left the SonicWall as the DHCP for now, but removed all but the SBS server in its DNS settings.  It previously had the server first and 2 ISP servers after.  Only the SBS server is there now.

Got in to try this out and here's the result:

1. Only the wired adapter is enabled

2. Confirmed.  Only one DNS server present--that of the SBS server

3.“Connection-specific DNS Suffix”--confirmed.  Localdomain.local is there.

4. None--removed antivirus from laptop after first failure

5. Http://servername is listed in Trusted Sites

6. No bluetooth devices on the laptop

DNS on the server did have two entries from VMWare and though I am not sure they are problematic, I removed them anyway for the time being.

Unfortunately, I still get the same error message.

I am about to change the DHCP server back to being on the SBS server, but I wonder at this point if it will make a difference.

Thank you for the suggestions.  I would appreciate any other thoughts you might have.
Rob WilliamsCommented:
Did you first add the computer on the SBS using the add computer wizard?  It needs to be a new computer name.
baldgeekAuthor Commented:
Yes, I was planning on giving it the same name it had before the hard drive died, but just as a long shot, gave it another name.  Still nogo.
Rob WilliamsCommented:
As per the Microsoft article, it is almost alway s a DNS issue, though multiple network cards as mentioned will cause the same DNS failure.

Do both
 nslookup  servername
 nslookup  domain.local
return the server IP when run on the problematic PC?
baldgeekAuthor Commented:
Affirmative on both.  The only thing a bit out of the ordinary was that at first,
nslookup servername turned up the correct IP, but also the IPs of the two VMWare virtual adapters.  I disabled them, ran the command again and it returned only the correct IP.

nslookup domain.local did resolve correctly

I have deleted and reconfigured both the DHCP scope on the server as well as the DNS forward and reverse lookup zones.  When I configured DNS, I noticed (when compared to another SBS server) that _msdcs was not present.  I went through the following procedure and successfully recreated it.

1. Right click on the _msdcs.domain.local zone and then click Delete to.
2. Right-click Forward Lookup Zones in DNS and select New Zone.
3. Specify Primary Zone, and use _msdcs.domain.local as the Zone name.
4. Stop Netlogon and DNS services.
5. Rename %windir%\system32\config\netlogon.dns and netlogon.dnb files to
other name.
6. Start Netlogon and DNS service
7. Run "ipconfig /flushdns" and "ipconfig /registerdns" (without the
quotation marks) in command prompt window.
8. Close and reopen the DNS snapin.
9. Verify _msdcs.domain.local contains dc, domains, gc, and pdc.

It is now present on the server.

I had initially thought that deleting DHCP and DNS, then running the Connect to the Internet wizard would recreate them, but I was mistaken.  That's why I did it manually.  Is there a way to have the SBS server actually recreate these?
Rob WilliamsCommented:
No you can only recreate these manually.  Deleting DNS zones should only be done if absolutely necessary.
Having done so I would re-run the CEICW (Connect to the Internet Wizard) and then download and run the BPA
baldgeekAuthor Commented:
Well, it's towel throwing time, methinks.  We have decided that since the server is a little long in the tooth and since we are about to replace all the workstations in the office anyway, that we will replace the server as well with an SBS2011 server.  It seems that this is going to have be rebuilt anyway, so might just as well get up-to-date all the way around.

Thank you everyone, RobWill most especially, for all your help.  I am going to continue poking this bear until the new server comes in, but I am not sure what else to try.  The BPA showed several minor issues, but I have a hard time believing any of them are the actual problem.

Again, a big thanks to the EE community for your time and effort.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rob WilliamsCommented:
Glad to continue to assist if you need a hand.

-Any chance on the PC itself there is a 3rd party software installed that could be blocking the necessary traffic?
-I assume you have tried a second PC just to verify it is not some sort of PC issue.
-Have you tried manually joining “the old fashioned way", using computer properties ad join a domain?  Not recommended, but it does work with SBS, however doesn't configure several SBS options.
baldgeekAuthor Commented:
Thanks RobWill,
I don't think any 3rd party stuff is hampering it.  I did have Symantec Endpoint installed, but removed and had same result.  Otherwise, it's a stock Dell reinstall of XP SP3 and Office 2007 with the firewall off.
I also took one of my own laptops to the office and tried--same.

I have not yet tried doing it the old fashioned way, though I had considered it.  I wasn't sure what I would need to go back and do manually afterwards in order to make it the equivalent of having gone through the wizard.  Is it ever really the same doing it manually?
Rob WilliamsCommented:
Symantec can definitely cause the problem you are experiencing, but if removed (not just disabled) it should not be a problem, and you tried a 2nd machine.

Manually joining does make quite a difference with SBS 2003, not so much with 2008/2011, and I don't recommend it, but we have tried almost everything else so it may be worth doing as a test to try to isolate the problem. If it were to work, we may need to look elsewhere for a solution.

If it did work, you will probably want to disjoin the domain at some point and rejoin with http://SBSname/connectcomputer.  The link below is a list of reasons why.  The one thing to note is once a PC has been joined to the domain you cannot automatically 'copy' a local profile when re-joining using connectcomputer.  All other features work multiple times.  Where it is a rebuilt machine this is probably not an issue as there is not an existing profile to copy.
baldgeekAuthor Commented:
The office is closed for the rest of this week and the weekend, so I should have some time to putter around with it.  If I can get over there, I will try manually joining first, disjoin, then going through the wizard and see if that works.  You are correct in that the "luxury" of a rebuilt laptop is pretty cool here.  Nothing to lose really.
Rob WilliamsCommented:
Good luck, let us know how uou make out.
baldgeekAuthor Commented:
Never did sort out the problem.  Decided that since this one was both ailing and a bit long in the tooth, that we would simply replace it.  All workstations were already slated for replacement, so it made sense to do this as well.
Thanks for the suggestions and all the help.  Very much appreciated.  A real head scratcher, for sure.  No idea what happened with this.  There was not a single other problem with the server that we could find.
Rob WilliamsCommented:
That is too bad, but thanks for updating.
R. Andrew KoffronCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.