| Author |
Message |
joeydb331
Guest
|
 Posted:
Wed Nov 09, 2005 8:25 am Post subject:
xp workstations unable to log-in to win 2003 domain at boot- |
|
|
The main isssue: I can log onto the server from an xp workstation only after
logging into the workstation itself (you know at like boot-up). Then if i
open the explorer - entire network - microsoft windows network - the domain -
i can log into the shared files/folders on the server. It asks me for my
name and password (which i've set-up on the server already of course), I
enter them and log-on no problem. Why won't it let me do that at boot-up?
I have attempted to set-it up from the workstation 100 times via the system
icon (in the control panel) - computer name tab - then either the network
id button or the change button, enter in the appropriate answers, but to no
avail.
I eventually get this message:
"your computer could nt be joined to the domain because the following error
has occured: the specified server cannot perform the requested operation."
Can anyone help me please? Here's some more information:
I set up a windows 2003 domain, server, and made it a PDC at a friends
business. Everything worked fine.
Recently the business moved to a new location and the trial period for the
2003 server software that i used ended. Armed with a new copy of 2003 server
software and at the new location, I re-installed, using the same domain name,
etc., as I had originally.
This time however it's not working properly. (I have described the issue
i'm having at the beginning of this message) |
|
| Back to top |
|
 |
Miha Pihler [MVP]
Guest
|
| Posted:
Wed Nov 09, 2005 9:50 am Post subject:
Re: xp workstations unable to log-in to win 2003 domain at b |
|
|
Hi,
If computer was member of "old" domain (before evaluation time expired on
server) you will have to remove all computers from domain and join them
again.
Even if you used same domain name -- this is not same domain any more. SIDs
and RIDs are now different (new) and your new domain server knows nothing
about computers that were members of old domain.
--
Mike
Microsoft MVP - Windows Security
"joeydb331" wrote:
| Quote: | The main isssue: I can log onto the server from an xp workstation only
after
logging into the workstation itself (you know at like boot-up). Then if i
open the explorer - entire network - microsoft windows network - the
domain -
i can log into the shared files/folders on the server. It asks me for my
name and password (which i've set-up on the server already of course), I
enter them and log-on no problem. Why won't it let me do that at boot-up?
|
|
|
| Back to top |
|
|
joeydb331
Guest
|
| Posted:
Wed Nov 09, 2005 5:50 pm Post subject:
Re: xp workstations unable to log-in to win 2003 domain at b |
|
|
I read your response (thank you very much by the way) and gave it a try.
First, I opened the 'active directory users and computers' mmc on the 2003
server, then I added a new PC named "tryagain" in the 'computers' section,
checking the various settings, assignign rights and permissions, etc. Then I
renamed one of the XP workstations to "tryagain", rebooted, and attempted to
go through the network wizard process that I had explained in my very first
post. Unfortunatley I got the exact same error message AGAIN.
Back on the 2003 Server PC I noticed that inside the 'active directory users
and computers' section, where it listed the PC "tryagain", that the
workstation had a red circle with a line thru it, meaning that it had been
disabled. That might have been a result of my trying the network wizard 3 or
4 times (on the xp workstation) before giving up (again) and due to so many
failed attempts to join the domain the xp workstation was disabled by the
server (like when you try to log in to the server too many times with the
wrong password and your account gets locked-out. I don't know for sure
though. I manually enabled the tryagain" pc in the active directory area,
but only to wind up right back at the same old spot, unable to join the
domain.
If anyone else has any suggestions that'd be great! Thanks alot Miha . . .
I appreciate yor time!
"Miha Pihler [MVP]" wrote:
| Quote: | Hi,
If computer was member of "old" domain (before evaluation time expired on
server) you will have to remove all computers from domain and join them
again....
|
|
|
| Back to top |
|
|
Miha Pihler [MVP]
Guest
|
| Posted:
Wed Nov 09, 2005 9:50 pm Post subject:
Re: xp workstations unable to log-in to win 2003 domain at b |
|
|
Hi,
Right click on My Computer on PC that you want to add to domain. Now click
on Properties. Click on Change and under Domain enter name of your new
domain.
If computer is already a member of domain then enter a name (e.g. Temp)
under Workgroup. Once the computer is joined to Workgroup (it will say
"Welcome to Temp Workgroup) go back and under domain enter name of your new
domain. (You don't have to reboot yet). Once a computer is back in domain do
a reboot and your computer should now be able to log in to the domain.
--
Mike
Microsoft MVP - Windows Security
"joeydb331" wrote:
| Quote: | I read your response (thank you very much by the way) and gave it a try.
First, I opened the 'active directory users and computers' mmc on the 2003
server, then I added a new PC named "tryagain" in the 'computers' section...
|
|
|
| Back to top |
|
|
joeydb331
Guest
|
| Posted:
Thu Nov 10, 2005 1:51 am Post subject:
Re: xp workstations unable to log-in to win 2003 domain at b |
|
|
When i try what you've suggested (again THANKS so much for being cool enough
to write all of that stuff out for me) I have no problem becoming a member of
the workgroup (and it happens just like you describe), but when i then try to
join the domain i recieve that same damn error message that i've been getting
all along.
I'm beginning to think that something is wrong with the way that I set-up
the win 2003 server PC. Maybe some policy setting I'm missing, trust
relationship issue, or service that i should have running but don't, etc.
Hey when you set-up a 'computer' in the 'active directory users and
computers' area and it asks you if the computer will be a 'managed computer',
do you ever answer 'yes' to that and if so, how do you determine your 'GUID'?
could my issue be some how related to that?
Thanks again for any and all help that you are willing to provide =)
"Miha Pihler [MVP]" wrote:
| Quote: | Hi,
Right click on My Computer on PC that you want to add to domain. Now click
on Properties. Click on Change and under Domain enter name of your new
domain.
|
|
|
| Back to top |
|
|
Miha Pihler [MVP]
Guest
|
| Posted:
Thu Nov 10, 2005 9:50 am Post subject:
Re: xp workstations unable to log-in to win 2003 domain at b |
|
|
Hi,
How is DNS set up on Domain Controller (DC)?
What did you set for preferred DNS server under TCP/IP settings on DC?
What did you set for preferred DNS server under TCP/IP settings on client
PC?
What is the exact error that you get when you try to join it to domain?
Don't pre-create any computer accounts (if you already did - remove them)
and then try processed described before. Once the processed described in my
previous post is successful it will create Computer account on domain
controller automatically.
You should also check Event Logs on DC (System and Application logs - and
also others) for any errors.
--
Mike
Microsoft MVP - Windows Security
"joeydb331" wrote:
| Quote: | When i try what you've suggested (again THANKS so much for being cool
enough
to write all of that stuff out for me) I have no problem becoming a member
of
the workgroup (and it happens just like you describe), but when i then try
to
join the domain i recieve that same damn error message that i've been
getting
all along.
|
|
|
| Back to top |
|
|
joeydb331
Guest
|
| Posted:
Sun Nov 13, 2005 9:50 pm Post subject:
Re: xp workstations unable to log-in to win 2003 domain at b |
|
|
That reply i just sent you was obviously a mistake. Here's the information
that i left out:
The errror message originally was:
" your computer could not be joined to the domain because the following
error
has occured: the specified server cannot perform the requested operation."
recently it changed to something about not being able to use multiple
instances of user log-ins (or something like that) i'd tell you the exact
message but unfortuantely i just tried it again and im back to the original
error message again! dag nab it.
I am using a linksys router that has a built-in dhcp server, etc. (i'm sure
that you're familiar with them). Due to that, I just left the majority of
settings up to the router (like automatic ip address, etc.) I am under the
impression that a static ip address would be better, but this business
internet service is thru SBC and they are not paying for any static ip's.
When checking the event viewer it states that DNS has started and doesn't
show any errors.
ip address 192.168.1.(100 - 150 automatically assigned
subnet mask 255.255.255.0
default gateway 192.168.1.1 (This is the routers ip address)
dhcp server 192.168.1.1
dns server 192.168.0.1 (This is the SBC DSL modem's
address)
"Miha Pihler [MVP]" wrote:
| Quote: | Hi,
How is DNS set up on Domain Controller (DC)?
What did you set for preferred DNS server under TCP/IP settings on DC?
What did you set for preferred DNS server under TCP/IP settings on client
PC?
What is the exact error that you get when you try to join it to domain?
Don't pre-create any computer accounts (if you already did - remove them)
and then try processed described before. Once the processed described in my
previous post is successful it will create Computer account on domain
controller automatically.
You should also check Event Logs on DC (System and Application logs - and
also others) for any errors.
|
|
|
| Back to top |
|
|
joeydb331
Guest
|
| Posted:
Sun Nov 13, 2005 9:50 pm Post subject:
Re: xp workstations unable to log-in to win 2003 domain at b |
|
|
Hi again, i was away for a few days, but i'm back and I tried your suggestion
from the last post. It still doesn't work, but I recieve a new error message
this time, which is kinda exciting(hehe) it reads as follows:
In regards to your other questions:
How is DNS set up on Domain Controller (DC)?
"Miha Pihler [MVP]" wrote:
| Quote: | Hi,
How is DNS set up on Domain Controller (DC)?
What did you set for preferred DNS server under TCP/IP settings on DC?
What did you set for preferred DNS server under TCP/IP settings on client
PC?
What is the exact error that you get when you try to join it to domain?
Don't pre-create any computer accounts (if you already did - remove them)
and then try processed described before. Once the processed described in my
previous post is successful it will create Computer account on domain
controller automatically.
You should also check Event Logs on DC (System and Application logs - and
also others) for any errors.
|
|
|
| Back to top |
|
|
Miha Pihler [MVP]
Guest
|
| Posted:
Mon Nov 14, 2005 1:50 am Post subject:
Re: xp workstations unable to log-in to win 2003 domain at b |
|
|
Hi,
My recommendation is to put DC server to static IP address. Also change
preferred DNS settings on the server to point back to the server itself.
E.g. if you give your server IP address 192.168.1.50 enter this IP address
under preferred DNS server. After you did these two changes, restart
netlogon service.
Now, change also TCP configuration of the client (e.g. Windows XP). They
must also point to 192.168.1.50 for preferred DNS server.
After you do this, try to add client to domain again (try with different
clients)...
--
Mike
Microsoft MVP - Windows Security |
|
| Back to top |
|
|
joeydb331
Guest
|
| Posted:
Mon Nov 14, 2005 1:50 am Post subject:
Re: xp workstations unable to log-in to win 2003 domain at b |
|
|
okay i set the servers ip address and preferred dns server manually:
ip 192.168.1.101
dns 192.168.1.101
I deleted all of the 'computers' from the active directory. I also disabled
my network card, changed the name of my pc (for the new client set-up), and
rebooted after the changes had been made to the server.
When i to set the preferred dns server (address above) on my workstation pc
it would no longer allow me to access the internet and I received the same
error message as I originally wrote about about when i tried to join the
domian.
I am discouraged.
Thank you so much for your help so far though . . . maybe some of that
information will help you diagnose whats wrong with this nightmare.
Looking forward to hearing from you,
Joey |
|
| Back to top |
|
|
Miha Pihler [MVP]
Guest
|
| Posted:
Mon Nov 14, 2005 9:50 am Post subject:
Re: xp workstations unable to log-in to win 2003 domain at b |
|
|
Hi,
Did you reboot the DC server or restart NetLogon service?
To be able to go to the internet you will have to set up DNS on DC server.
Open DNS MMC and right click on server name in MMC. Now go to forwarders tab
end enter your ISP DNS server or what you had set before (192.168.1.1).
Can you try to add some other PC to the domain -- if there is a problem with
this particular one?
What version of client do you use? E.g. Windows XP Professional with Service
Pack 2?
--
Mike
Microsoft MVP - Windows Security
"joeydb331" wrote:
| Quote: | okay i set the servers ip address and preferred dns server manually:
ip 192.168.1.101
dns 192.168.1.101
I deleted all of the 'computers' from the active directory. I also
disabled
my network card, changed the name of my pc (for the new client set-up),
and
rebooted after the changes had been made to the server.
When i to set the preferred dns server (address above) on my workstation
pc
it would no longer allow me to access the internet and I received the same
error message as I originally wrote about about when i tried to join the
domian.
I am discouraged.
Thank you so much for your help so far though . . . maybe some of that
information will help you diagnose whats wrong with this nightmare.
|
|
|
| Back to top |
|
|
joeydb331
Guest
|
| Posted:
Mon Nov 14, 2005 9:50 am Post subject:
Re: xp workstations unable to log-in to win 2003 domain at b |
|
|
All of the workstations are xp professional, most of which have service pack
2. I did reboot the server after changing the various settings. Lastly
every workstation is having the same problem. They are all part of the
workgroup and none of them are able to log-in to the domain at boot-up.
After each workstation boots up though, they can all access the dc machine
(the user is presented with a login screen when trying to access files on the
server and if they have the right permissions, they can use those files no
problem.
I am perplexed!
ihler [MVP]" wrote:
| Quote: | Hi,
Did you reboot the DC server or restart NetLogon service?
To be able to go to the internet you will have to set up DNS on DC server.
Open DNS MMC and right click on server name in MMC. Now go to forwarders tab
end enter your ISP DNS server or what you had set before (192.168.1.1).
Can you try to add some other PC to the domain -- if there is a problem with
this particular one?
What version of client do you use? E.g. Windows XP Professional with Service
Pack 2?
|
|
|
| Back to top |
|
|
Miha Pihler [MVP]
Guest
|
| Posted:
Mon Nov 14, 2005 5:50 pm Post subject:
Re: xp workstations unable to log-in to win 2003 domain at b |
|
|
Can you access this share from your client...
\\dcserver\sysvol\
where dcserver is name of your new server.
Can you again check event logs on your domain controller and your client for
any errors. Check System and Application logs.
I am slowly running out of ideas what could be wrong.
My advice is still to remove the client PC from old domain that doesn't
exist any more and join them to workgroup. Reboot the PC and try to add them
to new domain...
--
Mike
Microsoft MVP - Windows Security
"joeydb331" wrote:
| Quote: | All of the workstations are xp professional, most of which have service
pack
2. I did reboot the server after changing the various settings. Lastly
every workstation is having the same problem. They are all part of the
workgroup and none of them are able to log-in to the domain at boot-up.
After each workstation boots up though, they can all access the dc machine
(the user is presented with a login screen when trying to access files on
the
server and if they have the right permissions, they can use those files
no
problem.
I am perplexed!
|
|
|
| Back to top |
|
|
lu_tung
Joined: 17 Nov 2005
Posts: 12
|
| Posted:
Sat Dec 03, 2005 1:57 pm Post subject:
|
|
|
I assume you are running DNS on the DC.
if so, you should point the clients to this address for DNS
and set-up the forwarding as stated above (pointing to your router)
look in the DNS zones and make sure that there are SRV records pointing
to your DC (so your clients know where to resolve their credentials) and that your DC has a static address.
Whats probably hapening, is that when you try to join the domain, you ask DNS "Who is a DC for domainxx" and it should reply with an IP address. Thats why active-directory is so dependent on DNS. If your router is running DNS, it dosen't know, nor care about DCs. |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in
