Can't join NT machine to domain

[chunky28]

I recently reconfigured my network after purchasing a CheckPoint firewall.

This involved changing all IP addresses to a private range (192.168.2.1-192.168.2.14)

However since changing this I have managed to join every PC to the domain except for one NT machine.

When I attempt to join it I just get the message:

"The domain controller for this domain cannot be located"

- I have successfully joined another NT machine to the domain.
- The gateway, subnet mask is correct.
- All PC's use identical hosts file
This is the contents of the hosts files. mailgate is the dc and webserver is the NT machine I am having problems with:
127.0.0.1 localhost
192.168.2.12 oracledatabaseconsulting.com

http://www.oracledatabaseconsulting.com

webserver.datachase.local webserver
192.168.2.9 mailgate.datachase.local mailgate
192.168.2.10 infrastructure.datachase.local infrastructure
192.168.2.11 ocsmid.datachase.local ocsmid
192.168.2.13 9iserver.datachase.local 9iserver
192.168.1.1 firewallint.datachase.local firewallint
193.195.xxx.xxx firewallext.datachase.local firewallext
- I can ping the domain controller from the NT machine
- I can run tracert mailgate (2000 server machine and dc) from the NT machine successfully.
- The dns server has an entry for the NT machine with the correct IP address
- I have added the NT machine to Active Directory Users and Computers


Any ideas what the problem could be? Anyone?

Thanks

Charlie

 

[chunky28]

Any ideas anyone......PLEASE??????

 

[jfwebber]

Try to manually create a computer object in AD via Active Directory Users and Computers for the NT machince. After creating the computer object, then try to join the NT machine to the domain.

Jim

Jim Webber
Network Administrator MCSE CNA

 

[CluelessJon]

Has this got the AD client on it ?

Does the network card work ?

Can you ping anything ?



Regards

Jonno BrainDump Specialist
MCSE(NT) MCSA(2k) CCNA

 

[chunky28]

thanks for the responses!

- Jim, I have tried creating the computer object manually but this dosen't work.
- Jonno, yes the network card does work and I can ping from the NT machine.

So no joy, thanks for the suggestions though.

Any other ideas?

Thanks

Charlie

 

[caddnima]

Try this...

On NT workstation.... mycomputer properties->network tab ->then unjoin it from the existing domain and make it join as a "workgroup"

This will disconnect from the existing domain..
Then Restart machine...

While restarting....

On server... remove the object (computer name) under Computer Tab under AD...

On NT... try to join again the domain... this will ask you for admin passsword so you can join... and that should do it...

 

[chunky28]

Thanks for the suggestion.

But the NT workstation is currently joined to a workgroup named dcl and there is no computer object for the workstation in AD.

I tried joining it to workgroup 'Workgroup'...restarted and tried joing it to the domain again but no joy.

Thanks anyway....any other suggestions????

I can't see any explanation for this!!!!!!!!!!!!!

Cheers

Charlie

 

[chunky28]

I'm just wondering.

Some time ago I was using Norton Personal Firewall on this workstation.

I have since uninstalled it. But there looks like there could still be traces of it on the machine. If I remember rightly there were errors when I carried out this uninstall (it is no longer listed in add/remove programs though).

I also have Norton SystemWorks which I have tried to remove but I get the following error when I attempt this:

Error:

0: Uninstall log folder not found.

HKEY_LOCAL_MACHINE\(Product CurrentVersion)\Uninstall\Uninstall Log Folder


There is still a note of Personal Firewall in the SystemWorks GUI. (It is shown to be disabled though!)

Could all this be causing the problem? I know Personal Firewall can cause networking problems.

Not sure how to remove these pieces of software correctly now....any ideas?

Thanks

Charlie

 

[ADB100]

Is the workstation configured for DHCP or have you manually configured it? Make sure all the DNS & WINS entries are correct. Also check the local LMHOSTS and HOSTS files on the workstation to make sure nobody has hard-coded any Domain Controller Addresses (%windir%\system32\drivers\etc).

I assume you have tried all the MS command-line tools to make sure name resolution is working correctly? (NBTSTAT, NSLOOKUP etc).

Andy

 

[chunky28]

The workstation is manually configured. I am not using DHCP all.

The DNS entries are correct but I do not use WINS.

I have hard coded DC addresses in my hosts files, but these are correct.

I haven't tried all MS command-line tools... to be honest I am not familiar with many of them.

I can ping from the NT workstation so I thought this should be good enough.

What do you suggest regarding this MS command-line tools?

I believe some may be restricted due to my firewall but as far as I know all the rules are setup correctly on my firewall.

Thanks

Charlie

 

[chunky28]

I tried joining another workstation (which had successfully joined the domain) to the workgroup named 'Workgroup'. I also joined the troublesome workstation (webserver) to the workgroup.

I can ping the new workstation from webserver but I can't ping the other way.

I have rebooted both PC's.

When I access 'My Network Places' from the new workstation I can access the workgroup but if I try to view webserver, I get:

################################
\\webserver is not accessible

The network path was not found
#################################

When I attempt to access the workgroup within Network Places from webserver, I get:

################################
Workgroup is not accessible.

The list of servers for this workgroup is not currently available.
################################

So I can't even see the computers in the workgroup!!!

Any further ideas?

Thanks

Charlie

 

[ADB100]

How is your network setup? Is it a single IP Subnet/Network (i.e. is it one broadcast domain?), are there any routers installed or other gateways?

Try the following command-line commands (case sensitive):

nbtstat -a webserver

nbtstat -A x.x.x.x (IP address of webserver)


Also try them for the domain controller etc. The 1st command should verify whether NetBIOS name resolution is working fine, the 2nd should just work as it uses the IP address directly.

Andy

 

[chunky28]

I have the network setup with a checkpoint firewall so I have a subnet either side of the firewall.

The firewall's internal interface is setup on the workstations as the gateway. The firewall gateway is a router using a single public IP.

I have NAT setup on the firewall so some workstations/servers have static translation so they hide behind a public IP.

Hope this makes sense.

If I try nbtstat -a webserver or -A 192.168.2.12 (from the webserver machine) I get 'Host not found'

If I do this from any other workstation I get the same result.

If I try the above for the domain controller (from webserver) again I get 'Host not found'

But if I try it from any other machine I get:

NetBIOS Remote Machine Name Table
...with various details for the domain controller...

However this does not work if I use naming. i.e. my dc is called mailgate. If I try nbtstat -a mailgate, I get 'Host not found'.

Have I followed your suggestions correctly?

Thanks

Charlie

 

[chunky28]

Anymore ideas please!!!!

I have tried everything suggested so far but I still can't join this machine to the domain. It just says domain controller for this domain cannot be found. Yet I can ping no problem, browser and access the domain controller from the NT machine no problem it just doesn't recognise a dc!!!!!!

If I can't find any answers soon I will be formatting the box and starting again. Not ideal as this is a server machine!

Any further suggestions would be GREATLY appreciated.

Kind Regards

Charlie Hampson

 

[mylchreest]

There may be a problem with the TCP/IP stack, try removing the TCP/IP protocol and reinstalling it.
If you were using Norton Systemworks 2002 try running support\nswclean\nswclean.exe from the CD.

 

[Airshot]

Charlie
You may want to try my suggestions to a similar problem in a different thread?
thread96-725255
Hope this helps.

 

[chunky28]

mylchreest

tried removing the TCP/IP protocol and reinstalling it but unfortunately that has made no difference.

I'm using Norton Systemworks 2001 but I can't find the program or directory you are talking about. Is it only on version 2002?

Airshot

I've already tried that but thanks anyway! At the point of joining it to the domain (without 'create a computer account in the domain' selected) it says it can't find the domain controller.

Thank you both for your suggestions.

This is very strange.....will keep at it but it seems I've tried everything!

Thanks again

Best Regards

Charlie

 

[kliner]

charlie, are you trying to connect to the domain with "domain.com" or "domainname"? i was just having the same problem and realized (again) nt can't find the domain if you type .com afterwards. you must type the domain name without the extension. hope this helps. kevin.

 

[chunky28]

Thanks Kilner I did actually try both.

AND Thanks to all that made suggestions.

I am actually now in the process of formating the disk and starting again.....oh well!!!

Cheers

 

[henick]

Hi,
have you been trying the lmhosts-file? It sits in:
C:\WINNT\system32\drivers\etc
Add a line like this:
-----------
x.x.x.x dchostname #PRE #DOMomain # Comments
-----------

You have also to set a checkmark to the "use lmhosts file"
entry in the network-tcpip-wins panel.

Hope this helps a bit.
Regards, Nick