Re: Cannot join Windows 2003 Server to SBS 2000 Domain

Sure enough, I just had to decrease the MTU. I imagine I'll have to do
this on all client computers at this remote office.

Thanks agagin for all the help!
-- Joel

Joel wrote:
> Thank you for your response.
>
> 1. There are no other clients attempting to connect to the domain at the
> remote office
> 2. All the clients but one at the main office are Windows XP Pro.
> However, I have not added any clients to the domain since running the
> 'adprep' commands on the SBS 2000 server.
>
> Here is an interesting link that seems to fit our problem. The problem
> may be the large UDP packet kerberos uses. I'm going to try these
> suggestions as soon as I can.
>
> http://groups-beta.google.com/group/comp.dcom.sys.cisco/browse_thread/thread/4dda68f3723e9dec/39c964c462576837?q=ipsec+mtu+join+domain&rnum=1&hl=en#39c964c462576837
>
> -- Joel
>
> Crina Li (MSFT) wrote:
>
>>Hi Joel,
>>
>>Thank you for posting in SBS newsgroup.
>>
>>>From your description, I understand you want to add a win2k3 to SBS2000
>>through IPSec VPN. But it failed and you received the message of semaphore
>>timeout period has expired and the network name is no longer available.
>>
>>Would you please to help me to collect the information for my research?
>>
>>1. Are there any other domain machines in the remote office? If so, can
>>other clients in the remote office join the domain? Can other clients log
>>on to the domain?
>>2. If you add a windows xp to SBS2000, can the issue occur?
>>
>>If all machines can not join to the domain, the problem should be caused by
>>the 3rd-party site-to-site VPN. Perhaps it may be caused by MTU or
>>anything else. To troubleshoot the issue, we need to capture the network
>>traffic data on both sides. Due to the complexity of this issue, we are
>>unable to assist with this request in the newsgroups. You may contact CSS
>>for the help.
>>
>>A suggestion would be to contact Microsoft Product Support Services via
>>telephone so that a dedicated Support Professional can assist with your
>>request. Please be advised that contacting phone support will be a charged
>>call. However, if you are simply requesting a hotfix be sent to you and no
>>other support then charges are usually refunded or waived.
>>
>>To obtain the phone numbers for specific technology request please take a
>>look at the web site listed below.
>>
>>http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS
>>
>>If you are outside the US please see http://support.microsoft.com for
>>regional support phone numbers.
>>
>>If only this Win2K3 cannot join the domain, the problem should be a Win2K3
>>issue. You may post it to Microsoft.public.windows.server.general
>>newsgroup. The reason why we recommend posting appropriately is you will
>>get the most qualified pool of respondents, and other partners who read the
>>newsgroups regularly can either share their knowledge or learn from your
>>interaction with us. Thanks for your understanding.
>>
>>In addition, I provide the following KB articles for your reference:
>>
>>314053 TCP/IP and NBT configuration parameters for Windows XP
>>http://support.microsoft.com/?id=314053
>>
>>816514 How To Configure IPSec Tunneling in Windows Server 2003
>>http://support.microsoft.com/?id=816514
>>
>>Hope the information help and I look forward to your reply.
>>
>>Best regards,
>>
>>Crina Li (MSFT)
>>
>>Microsoft CSS Online Newsgroup Support
>>
>>Get Secure! - www.microsoft.com/security
>>
>>=====================================================
>>When responding to posts, please "Reply to Group" via your newsreader so
>>that others may learn and benefit from your issue.
>>=====================================================
>>
>>This posting is provided "AS IS" with no warranties, and confers no rights.
>>--------------------
>>| From: Joel <dont@xxxxxxxxxx>
>>| User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
>>| | Newsgroups: microsoft.public.windows.server.sbs
>>| Subject: Cannot join Windows 2003 Server to SBS 2000 Domain
>>| Content-Type: text/plain; charset=ISO-8859-1
>>| Content-Transfer-Encoding: 7bit
>>| |
>>| Problem: Cannot join Windows 2003 Server to SBS 2000 Domain
>>|
>>| Details:
>>| Company has existing Windows 2000 Small Business Server, also running
>>| Exchange 2000.
>>|
>>| A new remote office is being setup. We've setup a site-to-site VPN
>>| between the two. The VPN works great. Can ping, get DNS, and use
>>| Windows File Sharing between computers on each network. A new Windows
>>| 2003 Server has been setup at the remote office. It cannot join the
>>| existing domain. I can see the domain in a list to select, and when I
>>| select it, it prompts me for a username and password of an account that
>>| has permission on the domain.
>>|
>>| That's where the problem is, though. When it tries to join the domain,
>>| it hangs for a couple minutes, but then fails with one of the two
>>| following messages:
>>|
>>| * The network name is no longer available
>>| * The semaphore timeout period has expired
>>|
>>| I've applied all service packs and other updates to both servers. I
>>| have already run the adprep forestprep and domainprep on the existing
>>| SBS 2000 server.
>>|
>>| I tried analyzing what is going on while it hangs, as there is very
>>| little network traffic. I can tell that is keeps on running DNS queries
>>| against the existing SBS. It is asking for things like 'kerberos' and
>>| 'gc'. As far as I can tell, it is getting a correct response (i.e.
>>| [servername].[domainname].local). I base this assumption on the fact I
>>| can run nslookup from the new server with 'set q=srv' and get good
>>| responses. The DNS suffix of the new server is [domainname].local.
>>|
>>| VPN Details:
>>| The VPN is between two Zyxel Zywall 5's. It is an IPSec VPN. One thing
>>| that worries me is I've heard that Windows uses an oversized 'ping'
>>| packet to determine the speed of the link between the servers, but that
>>| some IPSec VPNs don't like the packet, and so drop it. Is there any way
>>| to test for this? How can this be fixed? If I were to bring the new
>>| server to the same site as the existing server, have it join the domain,
>>| and then put it back at the remote office, would that eliminate this
>>| problem?
>>|
>>| Thanks
>>| -- Joel
>>|
>>
.

Relevant Pages

  • Re: Users Cant Access Documents on Server
    ... my computer to the network on the server. ... Connection Wizard none of the computers were listed. ... The Mac clients can not communicate with the server box. ... > Error Messages When You Open or Copy Network Files on Windows XP SP1 ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot join Windows 2003 Server to SBS 2000 Domain
    ... All the clients but one at the main office are Windows XP Pro. ... 'adprep' commands on the SBS 2000 server. ... > other clients in the remote office join the domain? ... We've setup a site-to-site VPN ...
    (microsoft.public.windows.server.sbs)
  • RE: NT -> AD 2003
    ... I understand that you just migrated Windows NT 4 domain to Windows 2003 AD. ... When you connected remote office you received that error message. ... Suggestion One: ... Check if DNS server is installed on Windows 2003/2000 computer not on NT ...
    (microsoft.public.windows.server.migration)
  • Re: Group Policy Results Wizard
    ... I guess we can rule out Windows ... If you can't reach the WMI from the server you will want to try to reach it ... switching off the Windows Firewall on one of the clients, ... Business Server Windows Firewall" (not Small Business Server ...
    (microsoft.public.windows.server.sbs)
  • RE: Connection problem with 98 station on 2003 AD domain
    ... Thanks for your response and give me a right direction. ... I think the root cause is that those 98 clients do not have SMB ... packet signing enabled and cannot authenticate to a Windows Server 2003 ... How to enable Windows 98/ME/NT clients to logon to Windows 2003 based ...
    (microsoft.public.windows.server.migration)