Solved

Problems joining Windows 8 to Server 2003 Domain

Posted on 2013-01-23
27
7,010 Views
Last Modified: 2013-02-23
I am having trouble joining a Windows 8 Pro desktop to our domain. I have added XP & Windows 7 machines with no problems. Nothing has changed in the server configuration and I even removed and re-added an XP machine just to test. It joined normally.

The Windows 8 machine seemed like it worked the first time and allowed me to logon as one domain user and it correctly mapped a drive.

"The system cannot contact a domain controller to service the authentication request."

Can open and browse folders on server by IP but not name, although it worked last night when i first joined. I cannot logon as any other domain user besides the first one.

When I try to logon on as another user I get this "There are currently no logon servers available to service the logon request."

I appreciate any help troubleshooting this.
0
Comment
Question by:jmolhava
  • 15
  • 7
  • 3
  • +2
27 Comments
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38810933
ipconfig /all  check dns settings

try ipconfig /flushdns

ipconfig /registerdns

nslookup

post results
0
 
LVL 11

Expert Comment

by:BillBondo
ID: 38810979
Sounds like the same issue as win 7.... Rejoin the domain and pull the network cable if you cant log on.
0
 
LVL 18

Expert Comment

by:Sarang Tinguria
ID: 38810981
How DNS is configured in Windows 8 agree with trgrassijr55 ..plz post ipconfig /all from DC & Win8 system
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 5

Expert Comment

by:vin_shooter
ID: 38811708
Hi jmolhava,

can you kindly check the "system event logs" in eventviewer in windows8 workstation and share the results here. Also check the "Primary DNS" Configured in the workstation. Check able to ping and resolve the "Primary DNS" configured in the workstation.

To know the Primary DNS server, type IPCONFIG /ALL in your windows 8 workstation command prompt.

Check the Netlogon service status in windows 8 workstation also restart the netlogon service once and give a try.

The restarting of netlogon service may fix this issue if not kindly share the event logs as requested above.
0
 

Author Comment

by:jmolhava
ID: 38827713
Here is from the SERVER:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : server
   Primary Dns Suffix  . . . . . . . : domain.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 CT Network Connection
   Physical Address. . . . . . . . . : 00-04-23-B9-17-22
   DHCP Enabled. . . . . . . . . . . : No
   IP Address. . . . . . . . . . . . : 192.168.0.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.10

Here is from the WORKSTATION:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : workstation
   Primary Dns Suffix  . . . . . . . : domain.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domain.com

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : domain.com
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : EC-A8-6B-C0-62-4B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::38a2:3408:f669:3d94%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.97(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, January 25, 2013 10:05:06 AM
   Lease Expires . . . . . . . . . . : Monday, January 28, 2013 7:45:30 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.10
   DHCPv6 IAID . . . . . . . . . . . : 267167851
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-90-F1-2E-EC-A8-6B-C0-62-4B

   DNS Servers . . . . . . . . . . . : 192.168.0.10
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.nlcci.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : domain.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:1067:36de:3f57:ff9e(Pref
erred)
   Link-local IPv6 Address . . . . . : fe80::1067:36de:3f57:ff9e%14(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
0
 

Author Comment

by:jmolhava
ID: 38827785
I have already rejoined the domain a couple times and it does join the domain initially and lets me logon with one domain user. Currently if I try to logon with another domain user it says: "There are currently no logon servers available to service the logon request."

I can ping the server from the workstation with no problem using either "ping server" or "ping server.domain.com"

When I open a share on the server it prompts for credentials and says "The system cannot contact a domain controller to service the authentication request." I can browse the shares with credentials.

I checked the netlogon service and it is set to automatic and was started. I restarted it but it made no difference.

NSLOOKUP resolves correctly.
0
 

Author Comment

by:jmolhava
ID: 38827826
More info:
There are a bunch of these from the event viewer on the workstation:

Event ID: 1129
The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator.

I am troubleshooting the network connections; replaced a couple cables but so far no change.

However I am able to do a continuous ping with a packet of 25000 bytes. The results are consistent with a time of 5ms. I would assume if the problem was actually a bad connection or port etc, then it would show here.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38828067
What happens if you type gpupdate from command prompt?
0
 

Author Comment

by:jmolhava
ID: 38828541
Here is the result:

Updating policy...

Computer policy could not be updated successfully. The following errors were enc
ountered:

The processing of Group Policy failed because of lack of network connectivity to
 a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has successfully processed. If you do not see a success message for seve
ral hours, then contact your administrator.
User Policy could not be updated successfully. The following errors were encount
ered:

The processing of Group Policy failed because of lack of network connectivity to
 a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has successfully processed. If you do not see a success message for seve
ral hours, then contact your administrator.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38828570
Which active directory functional level you running on your windows 2003 domain controllers?
0
 

Author Comment

by:jmolhava
ID: 38828612
Windows Server 2003
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38829408
run this  dcdiag /s:<DCName>

post results
0
 

Author Comment

by:jmolhava
ID: 38829462
I ran it on the server, here it is:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\NLCC-SERVER
      Starting test: Connectivity
         ......................... NLCC-SERVER passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\NLCC-SERVER
      Starting test: Replications
         ......................... NLCC-SERVER passed test Replications
      Starting test: NCSecDesc
         ......................... NLCC-SERVER passed test NCSecDesc
      Starting test: NetLogons
         ......................... NLCC-SERVER passed test NetLogons
      Starting test: Advertising
         ......................... NLCC-SERVER passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... NLCC-SERVER passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... NLCC-SERVER passed test RidManager
      Starting test: MachineAccount
         ......................... NLCC-SERVER passed test MachineAccount
      Starting test: Services
         ......................... NLCC-SERVER passed test Services
      Starting test: ObjectsReplicated
         ......................... NLCC-SERVER passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... NLCC-SERVER passed test frssysvol
      Starting test: frsevent
         ......................... NLCC-SERVER passed test frsevent
      Starting test: kccevent
         ......................... NLCC-SERVER passed test kccevent
      Starting test: systemlog
         An Error Event occured.  EventID: 0xC0001B59
            Time Generated: 01/28/2013   16:01:16
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0001B59
            Time Generated: 01/28/2013   16:29:16
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0001B59
            Time Generated: 01/28/2013   16:41:56
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0001B59
            Time Generated: 01/28/2013   16:52:10
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0001B59
            Time Generated: 01/28/2013   16:52:13
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0001B59
            Time Generated: 01/28/2013   16:52:17
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0001B59
            Time Generated: 01/28/2013   16:52:20
            (Event String could not be retrieved)
         An Error Event occured.  EventID: 0xC0001B59
            Time Generated: 01/28/2013   16:52:24
            (Event String could not be retrieved)
         ......................... NLCC-SERVER failed test systemlog
      Starting test: VerifyReferences
         ......................... NLCC-SERVER passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : nlcci
      Starting test: CrossRefValidation
         ......................... nlcci passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... nlcci passed test CheckSDRefDom

   Running enterprise tests on : nlcci.com
      Starting test: Intersite
         ......................... nlcci.com passed test Intersite
      Starting test: FsmoCheck
         ......................... nlcci.com passed test FsmoCheck
0
 

Author Comment

by:jmolhava
ID: 38829485
btw - it will not run on Windows 8 which is what the workstation has.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38829510
Sounds like you have a DNS issue

on windows 8 computer does it show up in the DNS server?

try ipconfig /flushdns

ipconfig /registerdns
0
 

Author Comment

by:jmolhava
ID: 38829817
That made no difference. It also resolves the server name just fine when pinging so...
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38830855
Did the windows 8 computer show up in the DNS server as registered?

How many DC's do you have?

Lets try cleaning up the meta database

http://support.microsoft.com/kb/216498

Also another thing Are you sure that the windows 8 computer is not still in AD?

Try renaming the computer and see if it joins.
0
 

Author Comment

by:jmolhava
ID: 38831608
Yes the workstation is registered in DNS on the server.

There is one DC, and it is the only server on the network.

Joining the domain has always worked, and when I have left and rejoined the domain I did rename the computer. I also deleted it from AD to be sure. The first time I login after joining the domain it works and I was able to browse server shares. Shortly afterwards the problems began.
0
 
LVL 23

Expert Comment

by:Thomas Grassi
ID: 38831664
This is puzzling  An Error Event occured.  EventID: 0xC0001B59

Something is not correct on the server here.

On the server event viewer what errros are we seeing from syslog?
0
 

Author Comment

by:jmolhava
ID: 38836408
That error was just related to the DHCP client service which was turned off for testing. I turned it back on.
0
 
LVL 5

Expert Comment

by:vin_shooter
ID: 38846281
Can you check the time sync between the windows 8 workstation and the domain controller.

Stop the windows time service and start it.

Then execute below command will help to synchronize the time with Domain controller,

w32tm /resync

After completion of time sync try to access the shares in the network.

If you're still facing the issue, login to the Domain controller and execute the below command,

klist /tickets

Check for most recently granted ticket by the domain controller also share the results here.

Most probably after execution of time SYNC command, the issue may get resolved.
0
 

Author Comment

by:jmolhava
ID: 38847199
Here is what I get:

C:\Windows\system32>w32tm /resync
Sending resync command to local computer
The computer did not resync because no time data was available.
0
 

Author Comment

by:jmolhava
ID: 38847224
This may be relevant, when I run gpupdate i get this:

C:\Windows\system32>gpupdate /force
Updating policy...

Computer policy could not be updated successfully. The following errors were enc
ountered:

The processing of Group Policy failed because of lack of network connectivity to
 a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has successfully processed. If you do not see a success message for seve
ral hours, then contact your administrator.
User Policy could not be updated successfully. The following errors were encount
ered:

The processing of Group Policy failed because of lack of network connectivity to
 a domain controller. This may be a transient condition. A success message would
 be generated once the machine gets connected to the domain controller and Group
 Policy has successfully processed. If you do not see a success message for seve
ral hours, then contact your administrator.

To diagnose the failure, review the event log or run GPRESULT /H GPReport.html f
rom the command line to access information about Group Policy results.
0
 

Author Comment

by:jmolhava
ID: 38847266
A couple days ago I used a different network cable and jack from a workstation that is connecting to the DC just fine but it made no difference.

I also checked a handful of other workstations running XP and 7 (mostly 7). All of these communicate successfully with the DC. I tested server shares, logons, and gpupdate.

I have two other Windows 8 laptops that were added a month ago but have not heard of any problem from their users.

It seems to me that the problem is on the Windows 8 workstation. The confusing thing is that when I first join the domain it says "welcome to the domain" and accepts my credentials. Then it's like communication on the domain level vanishes.
0
 
LVL 5

Expert Comment

by:vin_shooter
ID: 38850726
Can you execute the below command in problematic workstation and share the result here,

w32tm /query /source
0
 

Accepted Solution

by:
jmolhava earned 0 total points
ID: 38903332
We ended up opening a paid support case with Microsoft and even they could not figure it out. The final solution we went with is to replace the server.

This issue has not been resolved but at this point it doesn't matter anymore. Thank you to those who offered help.
0
 

Author Closing Comment

by:jmolhava
ID: 38920857
This question should be closed now. It was not resolved but it no longer an issue.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
The goal of this Micro Tutorial is to help navigate beginning users with the app store on Windows 8. It will explain exciting features how to maximize your PC through these apps. This will be demonstrated using Windows 8 operating system.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question