Re: Unable to join client to domain

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hi Rob,

Thank you for updating.

I appreciate your effort on this issue, please notice that my email box is
v-innjin@xxxxxxxxxxxxx, which I have already said in my last post, not
v-innjin@xxxxxxxxxxxxxxxxxxxxx

From your error message we can see that:

FinishNetworkingSetup() -- NetJoinDomain() failed [5], returning
FinishNetworkingSetup() failed -- hr == [-2147467259]
Deleted sbsmig out of runonce key.

Sorry to forget to tell you enable SMB signing after disable it without any
luck. Let's try the following steps:

1. In the Domain Controller Security policy on the server, expand Local
Policies.

2. Click on Security Options and set Network Security: LAN Manager
Authentication to "Send LM and NTLM - use NTLMv2 session security if
negotiated." Click OK to make the change.

3. Run gpudate /force at a command prompt.

4. In Start | Run, type "regedt32". Go to the following key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters

Make sure the following values are set :

Enablesecuritysignature = 1
requiresecuritysignature = 0

5. Still in Regedt go to the following key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa. Set the following
value:

Incompatibility level = 2

6. On the client machines go to the following keys and make sure the
following values are set correctly:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa

restrictanonymoussam [REG_DWORD] = 0x1

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\param
eters

enablesecuritysignature [REG_DWORD] = 0x1
requiresecuritysignature [REG_DWORD] = 0x0

7. On the client go to Start | Programs | Administrative Tools | Local
Security Policy.

8. Expand Local Policies and click on Security Options. Check the setting
for the following three options:

Domain member: Digitally encrypt or sign secure channel data (always) set
to enabled
Domain member: Digitally encrypt secure channel data (when possible) set to
enabled
Domain member: Digitally sign secure channel data (when possible) set to
enabled

9. Reboot the workstation.

10. Join the domain.

If it didn't work please try the following step to deleted the sbs_netsetup
user on the local machine

1. In the XP client machine, Right click My Computer -> Manage -> Local
Users and Groups -> Users

2. Delete sbs_netsetup user

3. Log off and Log back on, try to join the domain.

If problem persists, please Download and run the network MPS report tool On
the SBS 2003 server

a. Visit
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd9
15706/MPSRPT_NETWORK.EXE to download the file.

b. Run the MPSRPT_NETWORK.EXE on the server box.

c. Wait for 10~15 minutes.

d. Open Windows explorer, navigate to
%systemroot%\MPSReports\Network\Reports\Cab

e. Send the .cab file directly to me at "v-innjin@xxxxxxxxxxxxx"

I appreciate your understanding. I am happy to be of assistance to you and
look forward to your reply.

Have a nice day!

Best regards,

Inn Jin (MSFT)

Microsoft CSS Online Newsgroup Support

Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:

http://www.microsoft.com/communities/newsgroups/en-us/default.aspx

When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.

Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.

For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

.

Relevant Pages

  • Re: Unable to join client to domain
    ... Domain member: Digitally encrypt secure channel data set to ... Enablesecuritysignature = 1 ... In the Domain Controller Security policy on the server, ...
    (microsoft.public.windows.server.sbs)
  • Re: Unable to join client to domain
    ... Domain member: Digitally encrypt secure channel data set to ... Enablesecuritysignature = 1 ... In the Domain Controller Security policy on the server, ...
    (microsoft.public.windows.server.sbs)
  • Re: Cannot migrate a Windows XP station from a W2K domain to a W2K3 domain
    ... Bruno Lienard ... In the Domain Controller Security policy on the server, ... > Domain member: Digitally encrypt secure channel data set to ...
    (microsoft.public.windows.server.migration)
  • RE: connectcomputer error
    ... gpudate is an unrecognized command. ... In the Domain Controller Security policy on the server, ... > Domain member: Digitally encrypt or sign secure channel data ...
    (microsoft.public.windows.server.sbs)