Re: unable to join computer to domain
From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 02/23/05
- Next message: Michael Giorgio - MVP: "Re: unable to join computer to domain"
- Previous message: Michael Giorgio - MVP: "Re: WINS issue"
- In reply to: mmi: "Re: unable to join computer to domain"
- Next in thread: mmi: "Re: unable to join computer to domain"
- Reply: mmi: "Re: unable to join computer to domain"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 22 Feb 2005 21:29:44 -0600
It may be normal to see get dclist fail if you are not logged on as a domain
administrator. The RPC server is unavailable is usually a problem with
finding or network connectivity to a domain controller. If these computers
are using any software firewall or the built in Windows firewall, disable it
until the problem is resolved and also try booting into safe mode with
networking to see if it makes a difference. If it does you have a conflict
with a startup application/service. Make sure you run netdiag and dcdiag on
the domain controller also. If still a no go, open the Domain Controller
Security Policy and go to security settings/local policies/security options.
Find the two options for digitally sign communications(always) and set them
to disabled which may or may not help but is worth a try. The link below may
also help. --- Steve
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q224370
"mmi" <mmi@discussions.microsoft.com> wrote in message
news:BC9F18A3-6B19-412E-A4F7-B492D4D4D7E3@microsoft.com...
> Thanks for the reply. I tried all of those troubleshooing steps. Therein
> lies the problem - DNS is working fine. Nslookups work, ping -a works.
> It
> sees my dc as a dc when I do an nltest.exe. It does fail the "get dc
> list"
> test when I run netdiag, but that's what I'm trying to fix. I even used
> the
> portqry tool to make sure that I could open an rpc port on the dc. Is
> there
> some additional testing I can do to figure out what is wrong with rpc?
> Thanks,
> Mike
>
>
> "Steven L Umbach" wrote:
>
>> This is generally a dns configuration problem. You must make sure that
>> domain computers and computers you want to join to the domain point ONLY
>> to
>> Active Directory domain controllers running dns for the domain as their
>> preferred dns servers and NEVER an ISP dns server. See the link below on
>> AD
>> dns to make sure your dns is configured correctly. The support tools
>> netdiag
>> and dcdiag come in very handy troubleshooting such problems. Netdiag is
>> for
>> any computer while dcdiag is for only domain controllers. I would be sure
>> to
>> run both on your domain controllers and check Event Viewer on all
>> computers
>> for pertinent clues For netdiag particularly look for
>> errors/warnings/failed tests for kerberos, dc discovery, dns, and
>> trust/secure channel. While it may appear that you have dns name
>> resolution
>> in a domain, the domain computers must be able to find the _srv records
>> for
>> the domain controllers to join and logon to the domain. Also check that
>> the
>> computers that you are trying to join to the domain are in synch with the
>> time on the domain controller. Kerberos only allows for a five minute
>> skew.
>> When checking time, check day/date/month/year/time zone/AM&PM also. There
>> also was a problem with SMB signing in certain configurations of XP Pro
>> that
>> caused network connectivity problems in a W2K domain. This was fixed in
>> SP2. --- Steve
>>
>>
>> http://support.microsoft.com/default.aspx?scid=kb%3Ben-us%3B291382
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;321708 ---
>> netdiag
>> and how to install support tools.
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;241515 --- how
>> to
>> use nslookup.
>>
>> Using Nslookup
>> 1. From your DNS server, type nslookup at a command prompt.
>> 2. Type set type=all, and then press ENTER.
>> 3. Type _ldap._tcp.dc._msdcs.domainname (where domainname is the
>> name
>> of your domain), and then press ENTER.
>> Nslookup returns one or more SRV service location records in the
>> following
>> format
>> hostname.domainname internet address = ipaddress
>>
>> "mmi" <mmi@discussions.microsoft.com> wrote in message
>> news:EB0176CF-627B-469F-9537-29234700607C@microsoft.com...
>> >I have a Win2k DC, some of my xp workstations can be successfully joined
>> >into
>> > the domain, some cannot. On the problem machines, I get the error "the
>> > RPC
>> > server is unavailable". I've done all the basic troubleshooting:
>> > - i can ping the dc
>> > - its netbios name is correct in lmhosts
>> > - i can browse the workgroup and ping other machines by name
>> > - when i try nltest.exe /dclist:[domain] i get this error: you don't
>> > have
>> > access to dsbind on [domain], but then it tries NetServerEnum and it
>> > finds
>> > a
>> > PDC.
>> > - tried deleting the computer from active directory (it must partially
>> > register in AD, otherwise it wouldn't be there)
>> > - tried uninstalling file/print sharing and microsoft networking then
>> > reinstalling
>> > - made sure the rpc service was running
>> > - i can connect to the c$ and admin$ of the DC as a domain admin (same
>> > username i tried to join the computer to the domain with)
>> >
>> > If anyone has ANY suggestions, I'd be most grateful.
>> > Thanks,
>> > Mike
>> >
>>
>>
>>
- Next message: Michael Giorgio - MVP: "Re: unable to join computer to domain"
- Previous message: Michael Giorgio - MVP: "Re: WINS issue"
- In reply to: mmi: "Re: unable to join computer to domain"
- Next in thread: mmi: "Re: unable to join computer to domain"
- Reply: mmi: "Re: unable to join computer to domain"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
