Can't join Win2k Pro Client to Domain after SUS Update

[Kevin D. Goodknecht Sr. [MVP]]

In

Hi Kevin,

I did as you suggested. The last command
("_ldap._tcp.dc._msdcs.srdcorp.com") returned the
following result:

_ldap._tcp.dc._msdcs.srdcorp.com
SRV Service Location
Priority = 0
Weight = 100
Port = 389
SVR hostname = corp-file.srdcorp.com

_ldap._tcp.dc._msdcs.srdcorp.com
SRV Service Location
Priority = 0
Weight = 100
Port = 389
SVR hostname = testresults.srdcorp.com

_ldap._tcp.dc._msdcs.srdcorp.com
SRV Service Location
Priority = 0
Weight = 100
Port = 389
SVR hostname = corp-mail1.srdcorp.com

You have three DCs?
Do all three have DNS running on them?
Do you get the same results from both DNS servers you are using?

 

[David Reed]

Hi Kevin,

Well, I know corp-mail1.srdcorp.com and testresults.srdcorp.com are both
running DNS (Win2k AD), so that one can provide the services if/when I need
to shut down the other.

I'm not sure what you mean did I get the results from both DNS servers...I
ran the command as you requested, on the client workstation (that won't join
the domain name). Was I supposed to be running it somewhere else?

*somewhat confused*
David

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Hi Kevin,

Well, I know corp-mail1.srdcorp.com and
testresults.srdcorp.com are both running DNS (Win2k AD),
so that one can provide the services if/when I need to
shut down the other.

I'm not sure what you mean did I get the results from
both DNS servers...I ran the command as you requested, on
the client workstation (that won't join the domain name).
Was I supposed to be running it somewhere else?

*somewhat confused*
David

So the two DNS servers you are using in TCP/IP properties are these two DCs?
Use the change server command in nslookup for the records you already
checked on the one. Both servers should return the same records. If one DNS
fails to return these SRV records it could cause your behavior.

In addition, you still have not posted the results from the net start
command. Open a command prompt and type
net start and hit enter, this will give you a list of the running services.
Also are there any errors or warnings in the event log?

 

[David Reed]

Hi Kevin,

OMG, man, it's fixed!!!

You're never going to guess what I did? I ran Ad-Aware (someone else
suggested it might be spyware or something)...I ran that, removed all
entries it found, rebooted, and tried to join the domain. Sure 'nuff, it
worked!

Sun-of-a-beech!!!

I owe you so much for your assistance, thank-you! I know you spent a lot of
time helping me work this problem. I truly, TRULY appreciate it...

David

 

[David Reed]

Todd,

Go figure! I ran Ad-Aware, and it found 5 items. I removed those five
items, rebooted, and darned if the thing didn't work!

Sun-of-a-beech!

Next time I'll think to try that for sure!

Thanks man!

David

Have you done an adware/spyware scan?

--
Todd J Heron, MCSE
Windows 2003/2000/NT

Hi Ace,

Below are your questions, with the answers posted directly afterward:


A. I did a quick check, and found:
Cognos
Deltek GCS
ODBC
QuickBooks Pro
Rapid Payroll

All of these are 'standard' programs that our billing and payroll
girl (who's computer this is) uses.


A. 3Com 3C905C-TX compatable on-board NIC


A. I did find this listed as another protocol, and hav eno idea what it
is, or why it's there:

3Com BCAITDI DMI TDI

This whole thing can also be

A. Yes.


A. Yes. In fact, the DNS server is also the domain controller, so

yes

 

[Todd J Heron]

David,

Glad to have helped!

 

[Ace Fekay [MVP]]

In

Todd,

Go figure! I ran Ad-Aware, and it found 5 items. I removed those five
items, rebooted, and darned if the thing didn't work!

Sun-of-a-beech!

Next time I'll think to try that for sure!

Thanks man!

David

I'm glad you found the problem. Spyware will do it all the time.

Can you do one more thing? Run:

ipconfig /flushdns

then run:
ipconfig /displaydns

This is what should show up:
Windows IP Configuration

1.0.0.127.in-addr.arpa
----------------------------------------
Record Name . . . . . : 1.0.0.127.in-addr.arpa.
Record Type . . . . . : 12
Time To Live . . . . : 411285
Data Length . . . . . : 4
Section . . . . . . . : Answer
PTR Record . . . . . : localhost


localhost
----------------------------------------
Record Name . . . . . : localhost
Record Type . . . . . : 1
Time To Live . . . . : 411285
Data Length . . . . . : 4
Section . . . . . . . : Answer
A (Host) Record . . . : 127.0.0.1


If you get alot more than that, then I'll have to put money on that one of
the spyware that was installed, unless adaware put your hosts file back to
default, has hijacked it. Let us know if you get more than what you see
above.


Ace

 

[David Reed]

Hi Ace,

I will do that, for sure. I will try to get access back to that computer
this afternoon.

David


"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Hi Ace,

I will do that, for sure. I will try to get access back to that
computer this afternoon.

David

Sounds good. I just wanted to make sure your hosts file has not been
compromised.

Ace