Cannot join XP Pro to Domain 1

[WiseNet77]

Environnement Description:
2 win2k adv srv linked together by VPN (working)
both are DC
XP Pro clients installed

After deleting a XP computer from my windows 2000 domain. I can't get it
back on (neither joining any other computer to the domain).
I tried everything from adding the computer manually in the AD Users and
Computers to
using the wizard in XP to do it.
But each time I try to put it on the domain, I get the following error
message:

The following error occurred attempting to join the domain "domainname"
The specified server cannot perform the requested operration.

I've searched microsoft knowledge base and found nothing...
Then I go to the AD Users and Computers and see that an account has been
created in the computer container but has been disabled (red x on it).
I tried to stop the WINS server (that is useless anyway) to use only the
DNS.
I also verified the group policy setting for "can add workstation to domain"
and put the effective setting to "everyone" (for testing purpose).
Could it be due to the fact that I have two DC in the domain (both are
Global Catalog for convenience) and that the VPN between the two is down for
now.?

This use to work before.

Enlightment Please ?

 

[GlenJohnson]

Does it say anything about the xp machine already being on the domain? If it does, search all of AD for the xp machine, and then delete it. Try and join again after that. Glen A. Johnson
Microsoft Certified Professional
gjohn76351@msn.com
"For last year's words belong to last year's language".
T. S. Eliot (1888-1965), Anglo-American poet.

 

[WiseNet77]

No it doesn't say anything about the machine already being there. I also tried to add a new user account to join this machine (or any other one) to the domain with same results. There are entries in the DNS for those machines but this is normal. I tried to delete them and they were recreated when I rebooted the sation (normal). All SRV records are also in the DNS. What else... (-:

 

[Galrahn]

Did anyone ever find a solution to this problem?

I am getting exactly the same error as the orginal post, except instead of 2 DCs I have only 1 set up right now.

The machine is WinXP Pro on laptop with no policy applied. When I look in AC Users and Computers, the machine shows up after the error, but has a Red X, and the laptop shows no indication at all it has been added to the domain.

It has to be something specific to the one machine though, because I added a few other machines to the domain with no problems.

My only thought is maybe run sysprep and give the laptop a new name and SID and try again. No idea if that will work, but if there is a resolution I would greatly appritiate it.

Thank you,

Galrahn
galrahn@galrahn.com

 

[GlenJohnson]

Can you try this with a machine that isn't XP? Glen A. Johnson
Microsoft Certified Professional
glen@nellsgiftbox.com
"There is nothing like a dream to create the future."
Victor Hugo (1802-1885); French writer.

 

[Galrahn]

I am unable to reproduce this error in an NT 4.0 domain, or with a Windows 2000 Professional Machine. It appears only with an Active Directory DC and a Windows XP Professional machine.

Galrahn
galrahn@galrahn.com

 

[zoeythecat]

Well, what could be different on XP than W2P? Check your network protocols. Make sure the protcols are correct and everything is defined properly on the XP workstation. Can you ping to any of the domain controllers? Can you ping the router? Do you have DHCP for your users to access? How are your IP Settings suppose to be defined? Are you logged in as Administrator when trying to join the domain? I don't have an XP workstation at the moment, but I would first check to make sure if you are using DHCP that you have the "Obtain an IP Address automatically" and check your DNS settings. Also, ping to your network card ==>ping 127.0.0.1 to see if your card is okay.

I'm sure you checked all these just trying to get any additional information to try and help.

 

[gbongi1]

I am also having this problem on several computers on my domain. Only XP machines though.
G

 

[GlenJohnson]

Always been XP? (Never liked new OS's.) Give em a year to get the bugs worked out. Glen A. Johnson
Microsoft Certified Professional
glen@nellsgiftbox.com


"There is nothing like a dream to create the future."
Victor Hugo (1802-1885); French writer.

 

[RobDoubrava]

I've seen this problem before...
Only exists if XP machines are logging on to AD.

Here some stuff to try

XP uses DNS to communicate to the server.
Is DNS setup correctly?
Is a 'host' record created for the XP box?
Is the IP address in the 'host' record correct?

On the XP box are the DNS client and netlogin services running ?
Goto System Properties - Computer Name - Network ID
Run the network wizard and choose
Question 1: "This computer is part of a business network..."
Question 2: "My company uses a network without a domain"

Reboot the XP box.

Verify in AD that the XP box’s computer account doesn't exist.

On the XP box delete the domain profile
c:\documents and settings\username.domain

The XP box should now be able to join the domain.
Cross your fingers and run the wizard...

 

[butchrecon]

One thing I have found is to make sure there are not network mappings on the XP system you are trying to get connected. Remove all networked drives and printers then reboot and try again. James Collins
Field Service Engineer
A+, MCP

email: butchrecon@skyenet.net

Please let us (Tek-tips members) know if the solutions we provide are helpful to you. Not only do they help you but they may help others.

 

[achlubna]

Well I did find this information on the Microsoft.com knowledgebase.

http://support.microsoft.com/default.aspx?scid=kb;en-us;q293403

it mentioned TCP/IP a few times, and I know we all know how to install TCP/IP

Since I already had TCP/IP installed and working, (I had Internet and Local LAN Access) I decided to uninstall it, reboot, and reinstall it, reboot

tried joining to the WIN2K domain again and it WORKED!!!!!

that is all I did.

 

[Galrahn]

RobDoubrava

Nice job and thanks, been away on business and was unable to confirm these solutions until today, but I found that your tips helped me solve my problem.

It turned out not to be DNS, rather because I had the NetLogin Service disabled via Security Policy. Because I often plug this specific laptop into other networks for sniffing and other security related troubleshooting not secured to my liking, I had a tougher than usual security policy applied.

Thanks for the tip and the help.

Galrahn

 

[Guest_imported]

I had an identical problem, and none of the above solutions would fix it. Finally I tried something that worked, so I'm sharing the wealth.

nltest.exe and netdom.exe can be found in the support tools of the windows 2000 adv server cd. (maybe 2000 server and pro too, I don't know)

these are command line utilities:

netdom join <<workstation>> /domain:<<domain>>

will join the domain (if it gives an error, run nltest.exe and do it again). Run it from the workstation.

It was that easy for me once I found it. Reboot, of course.

 

[Guest_imported]

It's amazing how many people seem to run into this problem.

Unfortunately for me, all of the tips above have not worked. I have a Win2000 server I just recently promoted to a domain controller and DNS server. That day, I easily added a couple of WinXP Pro clients.

A week later, I attempted to add two additional WinXP clients, but now the RPC is unavailable and the domain is not available errors are haunting me.

Server is a static IP, all clients are DHCP. TCP/IP good since I can get to the internet. The DNS is working since I can ping all server names in addition to their IP's. Worst of all, I can waltz up to a Win2000 client and join the domain without a hitch!!!!

I tried the wizard, joing a workgroup, then back to domain... I tried the netdom command noted above... I tried removing the computer from the DC, rebooting client/joining again... All no good. I've run netdiag, nltest, you name it. Everything comes up good.

What gives with WinXP?? Any help here is greatly appreciated, I'm at my wits end!

 

[Guest_imported]

It's amazing how many people seem to run into this problem.

Unfortunately for me, all of the tips above have not worked. I have a Win2000 server I just recently promoted to a domain controller and DNS server. That day, I easily added a couple of WinXP Pro clients.

A week later, I attempted to add two additional WinXP clients, but now the RPC is unavailable and the domain is not available errors are haunting me.

Server is a static IP, all clients are DHCP. TCP/IP good since I can get to the internet. The DNS is working since I can ping all server names in addition to their IP's. Worst of all, I can waltz up to a Win2000 client and join the domain without a hitch!!!!

I tried the wizard, joing a workgroup, then back to domain... I tried the netdom command noted above... I tried removing the computer from the DC, rebooting client/joining again... All no good. I've run netdiag, nltest, you name it. Everything comes up good.

What gives with WinXP?? Any help here is greatly appreciated, I'm at my wits end!

 

[Guest_imported]

Got one more tip on this one and finally, it worked! Turns out to an issue with the encryption or signing of the secure channel data, aka the signorseal reg hack.

To resolve this issue:
Click Start, and then click Control Panel.

If you are using Classic view in Control Panel, double-click Administrative Tools, and then double-click Local Security Policy.

If you are using Category view in Control Panel, click Performance and Maintenance, click Administrative Tools, and then double-click Local Security Policy .

Under the Local Policies\Security Options node, double-click the Domain Memberigitally encrypt or sign secure channel data (always) policy to open it.

Click Disabled, and then click OK.

You may need to reboot and/or remove the failing computer from the AD first before attempting to join again.

Good luck!

 

[CID8]

This all seemed like it would help solve my problem - but not so.

My problem is very similiar only I also can't even ping the server from my XP Laptop. I have a small home network setup thus;
1 x XP Pro Laptop with a 3Com wireless network adaptor
1 x Small Buisness Server 2000 with a 3Com wireless network card
1 x 3Com Wireless access point linking the two to a Symantec Firewall/Router which in turn is connected to a NTL set-top box/cable modem for fulltime broadband connection.
Now the server can ping the AP, the Firewall & the laptop but the laptop can only ping the AP and the Firewall. Being SBS the server has alsorts on it like ISA, Proxy, Exchange, DNS, DCHP etc...and Active Directory of course.
And as I can't ping the server I assume this is why I can't join the domain.

I sure reading these other answers that someone can help with this.

Thanks
Craig

 

[Silmarillion]

Just wanted to add my two cents worth. I had this problem on a NT 4.0 (actually SBS 4.5) domain, and it was definitely a name resolution problem. I am using DHCP off my router, and am not using DNS. On the other machines (it is a small network - 7 PCs), I have run TCP/IP and NetBEUI (NetBEUI provides name resolution when TCP/IP doesn't work). There is no official NetBEUI support in XP, but it is on the CD. If you search the MS Site for NetBeui and XP you will find the info on how to install it. It fixed the problem for me (even though it is a bit of a kluge), and when we migrate to SBS 2000, I will set up DNS and get rid of all the NetBEUI.

Hope this helps someone.

 

[Lee168]

WiseNett77,

I had the same problem as well and found a solutions for it.
1. Disjoint the computer from domain and make it as workgroup.
2. Under the computer name box, there is a button called &quot;more...&quot;; click on it
3. &quot;DNS Suffix and NetBios computer name&quot; dialog box will appear. Make sure Primary DNS Suffix of this computer is blank. Leave a check mark check on &quot;Change Primary DNS Suffix when domain memberships change&quot;
4. Reboot the computer as told.
5. After rebooting, re-joint to the domain.

Hope it will work for you and the rest.