Recently installed legacy server (Copmpaq DL580) and Windows Server 2003 Enterprise Edition acting as DC, DHCP server, DNS server, and WINS server. Server is configured with 5 CALs server authorized per server. AD, DHCP, and DNS all seem to be up and running. Clients are three workstations running Win2k Pro. DHCP is dynamically assigning IP addresses to the client NICS. All three workstations have IP reservations established so addresses stay the same when dynamically assigned. Just seemed like it would be easier for me to manage that way. TO TEST, used IPCONFIG /RELEASE and IPCONFIG/RENEW and got addresses consistent with the established server scope. Server IP is 192.168.0.1 and scope is 192.168.0.10 through 192.168.0.254 as we expect only one domain. Can set up AD folders, shares, etc. and browse to them from all workstations using My Network Places. Funny thing is that I have only been successful in joining the domain on one workstation. Seems like no matter what I do, it won't let me join and comes up with the error message "Domain 'such and such" cannot be found on the server or the domain could not be reached". Anybody have any ideas on where I should be focusing? I have very little experience with server software and am at best a technical user. Please be specific and patient with your responses. Thank you.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Cannot join domain on 2 out of three machines
- Thread starter tap1946
- Start date
Can you ping the server by its name (i.e., PING servername) from a command prompt?
I used to rock and roll every night and party every day. Then it was every other day. Now I'm lucky if I can find 30 minutes a week in which to get funky. - Homer Simpson
I used to rock and roll every night and party every day. Then it was every other day. Now I'm lucky if I can find 30 minutes a week in which to get funky. - Homer Simpson
This type of problem is almost always a DNS issue. Double check your DNS settings on your clients. Make sure the clients are pointing to a DNS sever that has your SRV records for your domain.
=====================================
The good ole days weren't always good
and tomorrow ain't as bad as it seems
=====================================
=====================================
The good ole days weren't always good
and tomorrow ain't as bad as it seems
=====================================
- Thread starter
- #4
Koonan
If I can join with one of the three machines, it would seem like the SRV records must be OK. The DNS, CHMP, DC, etc. are all on the same machine. My DNS on the clients is pointing to 192.168.0.1 on all of them(the IP of the DHCP server and I thought, the IP of the DNS server. I may be missing something here. Let me know if I am. I've been out of town a couple of days and will be working on it this weekend. I'll double check the DNS settings tomorrow.
Jebeson
I can ping 192.168.0.1 on all three machines. This is the static address of the NIC in the server. If I understand everything right, it is also the IP of the DC, the DHCP, and the DNS. I have never tried pinging by name. I'll try that tomorrow too and post results.
Thanks for everybody's help.
tap1946
If I can join with one of the three machines, it would seem like the SRV records must be OK. The DNS, CHMP, DC, etc. are all on the same machine. My DNS on the clients is pointing to 192.168.0.1 on all of them(the IP of the DHCP server and I thought, the IP of the DNS server. I may be missing something here. Let me know if I am. I've been out of town a couple of days and will be working on it this weekend. I'll double check the DNS settings tomorrow.
Jebeson
I can ping 192.168.0.1 on all three machines. This is the static address of the NIC in the server. If I understand everything right, it is also the IP of the DC, the DHCP, and the DNS. I have never tried pinging by name. I'll try that tomorrow too and post results.
Thanks for everybody's help.
tap1946
- Thread starter
- #5
Can ping by IP address, by computer name, or by domain name. Two out of three client machines simply will not join the domain.
Error message is:
The following error occurred validating the name "xxxxxx.RbbbbbbbHcccccc".
The specified domain does not exist or could not be contacted.
Current NIC in the non-working machine is a Realtek while the working machine has a Linksys. The Linksys seems to have more options under the properties tab than the Realtek. Am going to swap out the NIC for the Linksys and set it exactly like the working machine (except for the IP addresss of course) and see what happens.
Error message is:
The following error occurred validating the name "xxxxxx.RbbbbbbbHcccccc".
The specified domain does not exist or could not be contacted.
Current NIC in the non-working machine is a Realtek while the working machine has a Linksys. The Linksys seems to have more options under the properties tab than the Realtek. Am going to swap out the NIC for the Linksys and set it exactly like the working machine (except for the IP addresss of course) and see what happens.
ShackDaddy
MIS
I wouldn't expect the NIC type to make any difference, since you can already ping and browse shares.
You aren't running the 180-day eval edition of the server software, are you? I've heard reports of people only being able to add a single client, although I didn't think it was true.
Does your server have an IPSec security policy set to act as Secure Server? If so, and if your clients aren't ready to handle IPSec, they won't be able to contact the server on the right ports. Pinging would still work, but domain-level transactions might not.
ShackDaddy
You aren't running the 180-day eval edition of the server software, are you? I've heard reports of people only being able to add a single client, although I didn't think it was true.
Does your server have an IPSec security policy set to act as Secure Server? If so, and if your clients aren't ready to handle IPSec, they won't be able to contact the server on the right ports. Pinging would still work, but domain-level transactions might not.
ShackDaddy
- Thread starter
- #7
Yes, I am currently running the 180 day evaluation copy.
However, as of this afternoon; I was able to get a second machine to join the domain. In fact, it joined on the first try just like it's supposed to. So, that answers the question as to whether there is a limit in the 180 day evaluation. The software comes with 5 Cals standard and there doesn't appear to be any "crippling" limitations on how many machines can join a domain, even for evaluation purposes. One other thing I found out was that my antivirus software was interferring with some; but not all communications on select routes. Adding a line to the antivirus software on each machine to specifically allow traffic from any client on the LAN solved that problem.
At this point, I don't have an IPSec security policy set up on the server as I just installed the software and haven't gotten into all security aspects. That will be the next step.
I still have one last errant machine that won't cooperate. Can ping all machines and the server by IP, host name, or domain name from that machine but but it just won't join the domain. At this point, I have to believe the problem lies with the errant client. As all data was migrated to common storage on the server last week, I'm going to reformat it's drive and reinstall the OS. What the heck. I've got nothing to lose
However, as of this afternoon; I was able to get a second machine to join the domain. In fact, it joined on the first try just like it's supposed to. So, that answers the question as to whether there is a limit in the 180 day evaluation. The software comes with 5 Cals standard and there doesn't appear to be any "crippling" limitations on how many machines can join a domain, even for evaluation purposes. One other thing I found out was that my antivirus software was interferring with some; but not all communications on select routes. Adding a line to the antivirus software on each machine to specifically allow traffic from any client on the LAN solved that problem.
At this point, I don't have an IPSec security policy set up on the server as I just installed the software and haven't gotten into all security aspects. That will be the next step.
I still have one last errant machine that won't cooperate. Can ping all machines and the server by IP, host name, or domain name from that machine but but it just won't join the domain. At this point, I have to believe the problem lies with the errant client. As all data was migrated to common storage on the server last week, I'm going to reformat it's drive and reinstall the OS. What the heck. I've got nothing to lose
- Thread starter
- #8
S U C C E S S ! !
Apparently, the suspected problem with the OS on the client was indeed the culprit. Erased, re-partioned, reformatted, and reinstalled the OS. Everything worked great from that point. Was able to join the domain on the first try.
Learned a lot of things along the way working with this though so all is not lost.
Thanks for everybody's help and ideas. Hope I can return the favor sometime.
tap1946
. . . there's something to be said for the 1000 monkeys at at typewriter method . . .
- Status
Similar threads
- Locked
- Question