Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Computers can't join domain!

Status
Not open for further replies.

untwisted

Programmer
Dec 18, 2003
5
US
Hi,

A few weeks ago I took over a position as a network admin for a small research group. Unfortunately the guy who was here before me used his work station as the login server. At some point either before or right after he left the computer got hit with a virus and had to be reformatted.

I've reinstalled Win2k3 and AD/DNS. Everything seems to be working fine (I got one computer on the domain just peachy) but for some reason other computers can't seem to join the domain. I got the first one on just fine, no issues, but now when I try to add new ones it takes FOREVER and gives me an error along the lines of:

You could not be added to the domain.
The specified server could not perform the requested operation.

I check the event viewer for errors and find none. I check the AD computers list and the accounts for the computers I've tried to add are disabled. I try to re-enable them, and it just happens all over again. I've tried renaming the computers, same thing. I've tried removing and readding the computers from the AD list, same thing.

I can't figure out whats wrong, and I really need to get this fixed soon! There is a grant going out in the next 2 weeks and I'd like to make sure there won't be any problems with that. Even worse, I'm going out of town in a week, and I'll be gone for two. I'm trying to have it back up and running by then so people can log on from anywhere in the office.

Thanks in advance for any suggestions / solutions!

-Brian
 
First thing to look at is DNS. Second is to verify the state of FSMO roles.

I hope you find this post helpful.

Regards,

Mark
 
1. First join the client to a workgroup (any name will do as long as it's not the netbios name of your domain) and restart the klient.
2. Logon as lokal administrator and try to join the domain.

Clients sometimes has problems to understand that it is a "new" domain and tries with it's old settings.

Good luck
Jörgen Domlin
 
Thanks for the replies everyone.

I've figured something out -- as it turns out Windows 2000 machines are able to connect with no problem. Windows XP machines on the other hand are NOT able to connect at all. Still getting the same error message with them.

Any suggestions?

Thanks,
Brian
 
What the server you reinstalled the only server promoted to a DC on the network?

If not, then chances are you may have a problem with your FSMO roles. Second, make sure the DNS is configured properly and working. After, make sure that the workstations are configured with the proper DNS address either by manually entering them or configuring DHCP.

If you would, give us a little more detail about your network.

Justin

 
run
netdom query fsmo
to see where the fsmo roles are.

I agree this is likely a DNS issue. Make sure they are using the IP address of the server as their SOLE source of DNS. Once that's the case, see if you can ping the AD domain name from the XP workstations. Such as:
ping mydomain.local
and see if you get a response. Try also
ping mydomain
and
ping myserver

Pat Richard, MCSE(2) MCSA:Messaging, CNA(2)
 
If you reformatted your 'login server', which I'm assuming is your DC and the only DC...then you essentially have a completely new and different domain and it makes sense that these machines cannot join or login to the domain.

If you do not have many PC's in this domain, try removing any client computer accounts in AD that currently cannot connect. Then, at the client workstation, remove it from the domain by adding it to some workgroup (whatever you want). Immediately add this computer to the new domain with appropriate credentials.
 
>If you reformatted your 'login server', which I'm assuming is >your DC and the only DC...then you essentially have a >completely new and different domain and it makes sense that >these machines cannot join or login to the domain.
>
>If you do not have many PC's in this domain, try removing any >client computer accounts in AD that currently cannot connect. >Then, at the client workstation, remove it from the domain by >adding it to some workgroup (whatever you want). Immediately >add this computer to the new domain with appropriate >credentials.

This is correct, this is my only DC. I have tried what you said, and removed each computer to a workgroup, and then tried to readd them to the domain. This is where I'm getting my error.

I am also sure that my DNS settings are correct, and that the DNS is working just fine. Like I said, I can get windows 2000 computers on the domain fine, its just the XP machines that don't seem to be adding.
 
I'd verify the DNS even though you say it is right.

On the server NIC DNS should only list the server's own IP. NO ISP DNS HERE

In the DNS Snap in the ISP DNS should be on the forwarders tab.

In DHCP make sure it is pushing out the local servers IP for DNS only.

Are you using WINS? have the XP clients been configured with that the same as Win2K?

I hope you find this post helpful.

Regards,

Mark
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top