RE: 2 users 1 workstation

From: Brandy Nee [MSFT] (v-branee_at_online.microsoft.com)
Date: 03/10/05 

Date: Thu, 10 Mar 2005 09:07:02 GMT

Hello Ryan,

Thank you for your reply and information.

To my understanding, when you use ConnecComputer website to join a W2k or
XP workstation to the SBS2003 domain, after you click Finish, you receive
error: <"An error occurred when configuring networking settings">

Based on my experience, this issue can occur if the DNS forward lookup zone
is missing _msdcs.domain.local.

By default, SBS DNS Forward Lookup zone contains _msdcs.domain.local and
domain.local. Recreate the _msdcs.domain.local zone if it is missing:

1. Go to Start ' All Programs ' Administrative Tools ' DNS

2. Double Click SBS2003PREWFP, Right-click Forward Lookup Zones in DNS and
select New Zone.

3. Specify Primary Zone, and use _msdcs.domain.local as the Zone name.

4. Go to Start ' Service, Stop Netlogon and DNS service (DHCP Server).

5. Run %windir%\system32\config\, rename netlogon.dns and netlogon.dnb
extension

6. Start Netlogon and DNS service

7. Run ipconfig/flushdns and ipconfig/registerdns see their status.

8. Close and reopen the DNS snapin.

9. Verify _msdcs.domain.local contains dc, domains, gc, and pdc these files.

This issue can also occur if the user account is restricted to logon to
only selected workstations. To resolve this issue remove the logon
restriction while joining the domain, please follow the steps:

1. Start Active Directory Users and Computers.

2. Expland the "My Business" OU, expand the "Users" OU, then expand the
"SBSUsers" OU

3. Display the properties of the user account you're using to join the
domain.

4. Click on the "Account" tab

5. Click the "log on to..." button and select the radio button "All
computers", Click OK twice to exit the dialog box.

6. From the client machine, open Internet Explorer and browse to the
followoing url: http:// server name>/connectcomputer

7. Click the "Connect tot he network now" link to start the Network setup
wizard.

If the issue still occurs, perform the following steps:

1. In the Domain Controller Security policy on the server, expand Local
Policies.

2. Click on Security Options and set Network Security: LAN Manager
Authentication to "Send LM and NTLM - use NTLMv2 session security if
negotiated." Click OK to make the change.

3. Run gpudate /force at a command prompt.

4. In Start -> Run, type "regedt32". Go to the following key:
          
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters

Make sure the following values are set :

Enablesecuritysignature = 1
requiresecuritysignature = 0

5. Still in Regedt go to the following key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa. Set the following
value:

Incompatibility level = 2

6. On the client machines go to the following keys and make sure the
following values are set correctly:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsarestrictanonymoussam
[REG_DWORD] = 0x1
                    
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\param
eters
enablesecuritysignature [REG_DWORD] = 0x1
requiresecuritysignature [REG_DWORD] = 0x0

7. On the client go to Start | Programs | Administrative Tools | Local
Security Policy.

8. Expand Local Policies and click on Security Options. Check the setting
for the following three options:

Domain member: Digitally encrypt or sign secure channel data (always) set
to enabled
Domain member: Digitally encrypt secure channel data (when possible set to
enabled
Domain member: Digitally sign secure channel data (when possible set to
enabled

9. Reboot the workstation.

10. Join the domain.

If anything is unclear, please let me know. I appreciate your time!

Best regards,

Brandy Nee

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================

This posting is provided "AS IS" with no warranties, and confers no rights.