Problem joining domains recently

[Internexus]

Here at work we have a domain config with a windows 2003 server calling the shots.

Active directory in use and DHCP configured so that all machines are setup for DHCP and obtain their own IP and servers have a preset list of IP's to choose from to remain static.

Whenever I install an OS on a machine as soon as its up and running I can right click my computer and go to the network ident tab and add them to the domain.

Of course if you aren't on the domain you can't access the shares etc without passwords...

Lately heres the goofy thing. I just created a 2000 server and am trying to bring it onto the Domain and its telling me that it can't even find the domain and its probably some kind of DNS issue..

If I go to the network area I can see the complete domain and access it 100%. WTF kind of deal is this? I don't understand where this problem came from and why it's acting like this. I have gone into the network settings and uninstalled "windows networking, tcp/ip, file sharing" and reinstalled them all after a reboot and have had no success.

 

[adcfaq]

ping the FQDN of Ad domain from workstation, check DNS on DC.

---------------------------------------
Sr. Directory Services/Exchange Consultant

http://adcfaq.8m.com/

 

[Internexus]

I can ping just fine. If the DNS was completely screwy then none of the other machines would be able to get onto the domain if I am thinking correctly.

If I do an NSLOOKUP it can't find the name of the server to match to the IP but I can ping it just fine.

 

[adcfaq]

any hosts or lmhost files?

---------------------------------------
Sr. Directory Services/Exchange Consultant

http://adcfaq.8m.com/

 

[Internexus]

I have never had to populate them prior when bringing new machines/servers onto the domain.

 

[minxca]

Are you sure that you put dns server IP Address correctly?
what it says when you type nslookup from w2k Server?

 

[Internexus]

Yeah, I should be able to leave it to automatically find the DNS servers on its own or i can punch them in manually. I have done both.

If I do an NSLOOKUP is shows that it cant find the name to the server and it punches out the IP addy of the server its trying to resolve the name for.

 

[Goner05]

Just to make sure I'm understanding right:

You have run dcpromo on the 2000 machine to join the domain. It now throws up the error that it can find the DNS.

If so a couple of quesions then:

- Is SP4 installed on the 2000 server? There was a patch for dcpromo in SP4 that should help resolve this problem

- Have you gone into the computer in AD on your 2003 server and checked off the box that says "trust this computer for delegation"?

Goner05

I think simple so I start simple

 

[Internexus]

This 2000 server that I just created is not going to be used as a backup domain controller or a domain controller in ANY WAY. It is going to just be another server on the network.

SP4 is installed yes. I should just be able to add it directly onto the domain like any other machine.

 

[Goner05]

out of curosity what is the server going to be used for? File / print server, app, IIS.

Although you don't want to make this a secondary controller, I would really recommend that you run DC promo as that will integrate the 2000 server as part of the DNS and your overall domain. I would really recommend this if it is a file server as without integretion appling security policies to it would be a pain.

The unfortuane thing about win 2000 server is that it either wants to be the head honcho (IE dns AD server) or part of an exisiting domain. I have found that to just let it "sit" without integration has just caused more problems than it's worth.

Also it dosen't join the domain the same way XP or standard windows 2000 does. In fact the only way I know of is through dcpromo. It won't use the AD settings or security policies that you have on the 2003 server unless you join it as a secondary controller

Goner05

I think simple so I start simple

 

[Internexus]

The server is to be used as a Citrix access point.

I have a total of 3 other 2k servers on the domain right now with no issues so I am hoping I don't have to make one of them a BDC or anything.

 

[Goner05]

Ahh A Citriz access point.

Unfortuatly I have absolutly no knowledge of Citrix or a set up (so I will have to bow out of this one), but if you need FQDN or to set up a RRAS site on this server you may need to run dcpromo to have this as a proper connection.

are these other 3 servers also Citrix APs or is this the only one? If the other 3 are working just fine I would look at your DCHP IP list, on the off chance you may just be out of reserved numbers.

Goner05

 

[Internexus]

2 of them are MAS90/file servers and the other one is a citrix box.

 

[minxca]

How many NIC do you have? if it more than one, try use only one and disable the others. go to Network properties, advanced settings, adapters and binding. Make sure NIC which you use is on the top for connections and LAN.

 

[Internexus]

It is only one NIC on that server. I believe it's an issue strictly with DNS but I can't figure out what would be different on this installation compared to my others to create this problem.

 

[Internexus]

Heres an update.

I noticed a goofy error from ANOTHER server trying to access a share on the network and it made me question licensing...

I checked on the PDC and the licensing service was DISABLED by the boss lady. So I enabled it and went back and tried to add that machine to the network.

It is no longer giving the DNS error, and is now giving me the following error. "The specified domain either does not exist or could not be contacted"

Anyones ideas to get past this hill now? Thanks!
-sean

 

[Internexus]

Alright finally got this figured out...

So I was able to view the domain just fine once I turned on licensing on the PDC. However I still couldn't join.

I installed service pack 4 on the server and then tried again. Started recieving the DNS error again. For the hell of it I tried doin the companyname.local and that one worked. Never had to have the .local on the end of it previously but as long as it works!