Re: Cannot join Windows 2003 Server to SBS 2000 Domain

Thank you for your response.

1. There are no other clients attempting to connect to the domain at the
remote office
2. All the clients but one at the main office are Windows XP Pro.
However, I have not added any clients to the domain since running the
'adprep' commands on the SBS 2000 server.

Here is an interesting link that seems to fit our problem. The problem
may be the large UDP packet kerberos uses. I'm going to try these
suggestions as soon as I can.

http://groups-beta.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/4dda68f3723e9dec/39c964c462576837?q=ipsec+mtu+join+domain&rnum=1&hl=en#39c964c462576837

-- Joel

Crina Li (MSFT) wrote:
> Hi Joel,
>
> Thank you for posting in SBS newsgroup.
>
> From your description, I understand you want to add a win2k3 to SBS2000
> through IPSec VPN. But it failed and you received the message of semaphore
> timeout period has expired and the network name is no longer available.
>
> Would you please to help me to collect the information for my research?
>
> 1. Are there any other domain machines in the remote office? If so, can
> other clients in the remote office join the domain? Can other clients log
> on to the domain?
> 2. If you add a windows xp to SBS2000, can the issue occur?
>
> If all machines can not join to the domain, the problem should be caused by
> the 3rd-party site-to-site VPN. Perhaps it may be caused by MTU or
> anything else. To troubleshoot the issue, we need to capture the network
> traffic data on both sides. Due to the complexity of this issue, we are
> unable to assist with this request in the newsgroups. You may contact CSS
> for the help.
>
> A suggestion would be to contact Microsoft Product Support Services via
> telephone so that a dedicated Support Professional can assist with your
> request. Please be advised that contacting phone support will be a charged
> call. However, if you are simply requesting a hotfix be sent to you and no
> other support then charges are usually refunded or waived.
>
> To obtain the phone numbers for specific technology request please take a
> look at the web site listed below.
>
> http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS
>
> If you are outside the US please see http://support.microsoft.com for
> regional support phone numbers.
>
> If only this Win2K3 cannot join the domain, the problem should be a Win2K3
> issue. You may post it to Microsoft.public.windows.server.general
> newsgroup. The reason why we recommend posting appropriately is you will
> get the most qualified pool of respondents, and other partners who read the
> newsgroups regularly can either share their knowledge or learn from your
> interaction with us. Thanks for your understanding.
>
> In addition, I provide the following KB articles for your reference:
>
> 314053 TCP/IP and NBT configuration parameters for Windows XP
> http://support.microsoft.com/?id=314053
>
> 816514 How To Configure IPSec Tunneling in Windows Server 2003
> http://support.microsoft.com/?id=816514
>
> Hope the information help and I look forward to your reply.
>
> Best regards,
>
> Crina Li (MSFT)
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
>
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
>
> This posting is provided "AS IS" with no warranties, and confers no rights.
> --------------------
> | From: Joel <dont@xxxxxxxxxx>
> | User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
> | | Newsgroups: microsoft.public.windows.server.sbs
> | Subject: Cannot join Windows 2003 Server to SBS 2000 Domain
> | Content-Type: text/plain; charset=ISO-8859-1
> | Content-Transfer-Encoding: 7bit
> | |
> | Problem: Cannot join Windows 2003 Server to SBS 2000 Domain
> |
> | Details:
> | Company has existing Windows 2000 Small Business Server, also running
> | Exchange 2000.
> |
> | A new remote office is being setup. We've setup a site-to-site VPN
> | between the two. The VPN works great. Can ping, get DNS, and use
> | Windows File Sharing between computers on each network. A new Windows
> | 2003 Server has been setup at the remote office. It cannot join the
> | existing domain. I can see the domain in a list to select, and when I
> | select it, it prompts me for a username and password of an account that
> | has permission on the domain.
> |
> | That's where the problem is, though. When it tries to join the domain,
> | it hangs for a couple minutes, but then fails with one of the two
> | following messages:
> |
> | * The network name is no longer available
> | * The semaphore timeout period has expired
> |
> | I've applied all service packs and other updates to both servers. I
> | have already run the adprep forestprep and domainprep on the existing
> | SBS 2000 server.
> |
> | I tried analyzing what is going on while it hangs, as there is very
> | little network traffic. I can tell that is keeps on running DNS queries
> | against the existing SBS. It is asking for things like 'kerberos' and
> | 'gc'. As far as I can tell, it is getting a correct response (i.e.
> | [servername].[domainname].local). I base this assumption on the fact I
> | can run nslookup from the new server with 'set q=srv' and get good
> | responses. The DNS suffix of the new server is [domainname].local.
> |
> | VPN Details:
> | The VPN is between two Zyxel Zywall 5's. It is an IPSec VPN. One thing
> | that worries me is I've heard that Windows uses an oversized 'ping'
> | packet to determine the speed of the link between the servers, but that
> | some IPSec VPNs don't like the packet, and so drop it. Is there any way
> | to test for this? How can this be fixed? If I were to bring the new
> | server to the same site as the existing server, have it join the domain,
> | and then put it back at the remote office, would that eliminate this
> | problem?
> |
> | Thanks
> | -- Joel
> |
>
.

Relevant Pages

  • RE: VPN Clients Not Registering in AD DNS
    ... via VPN, the DNS records of the VPN clients are unable to be registered. ... Windows 2003 server? ... please let me know whether the clients get the IP ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS VPN connects but no shares..
    ... VPN clients can no longer access internal resources after you install ... Windows Server 2003 Service Pack 1 on a computer that is running ISA Server ... How to configure a VPN connection to your corporate network in Windows XP ...
    (microsoft.public.windows.server.sbs)
  • RE: VPN issue
    ... I understand that you cannot initialize the VPN ... Could you please let me know if this is a Premium SBS server box with ISA ... To support the PPTP VPN clients behind the ISA server, ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS VPN Strengthening
    ... to my other clients, so a software only configuation would be preferred. ... Have SBS 2003 along with Server 2003 at various sites, ... each location and they would establish the VPN between those offices. ... connect to remote offices you could use a hub and spoke method VPN or use ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot join Windows 2003 Server to SBS 2000 Domain
    ... this on all client computers at this remote office. ... All the clients but one at the main office are Windows XP Pro. ... > 'adprep' commands on the SBS 2000 server. ...
    (microsoft.public.windows.server.sbs)
Loading