Not able to join domain

[news.microsoft.com]

Hi there,

I have recently encountered a problem with joining a computer to the my
local domain.
The machine that needs to join the domain is a Win2K Server. The DC (AD
integrated) is also a Win2K Server.
In total, there are six machines on the LAN. All are working fine
(network-wise), except this one.

When I try to let it join the domain (domain name = 'Merrick') I get the
following error:

---
The following error occurred validating the name "Merrick".
This condition may be caused by a DNS lookup problem. For information about
troubleshooting common DNS lookup problems, please see the following
Microsoft Web site:
http://go.microsoft.com/fwlink/?LinkID=5171

The specified domain either does not exist or could not be contacted.
----

Unfortunately, any solutions listed on that page have failed to solve this
problem. Everything has been configured exactly as stated on that page, but
I still can't join the domain.

Other facts that may be of importance here:
- the machine that has to be joined to the domain is reachable from other
machines and can reach other machines.
- i can connect to the machine using remote desktop
- from the machine that has to be joined, i can not reach the internet
- nslookup from the fawlty machine returns right results, even for external
sites
- normal local network functionality seems to be ok, except where AD user
authentication is required
- when looking up the main browser or pdc using browstat.exe
(status/getmaster/getpdc) it returns the right results
- the dns settings on the fawlty machine points to the PDC only
- I have joined two other machines to the domain without any problems, so
the problem does not seem to be with the PDC
- there is only one NIC in the fawlty machine

I can't think of anything else and I hope someone here can help me.

Thanks, regards,
Jelle

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Hi there,

I have recently encountered a problem with joining a
computer to the my local domain.
The machine that needs to join the domain is a Win2K
Server. The DC (AD integrated) is also a Win2K Server.
In total, there are six machines on the LAN. All are
working fine (network-wise), except this one.

When I try to let it join the domain (domain name =
'Merrick') I get the following error:

---
The following error occurred validating the name
"Merrick".
This condition may be caused by a DNS lookup problem. For
information about troubleshooting common DNS lookup
problems, please see the following Microsoft Web site:
http://go.microsoft.com/fwlink/?LinkID=5171

The specified domain either does not exist or could not
be contacted. ----

Unfortunately, any solutions listed on that page have
failed to solve this problem. Everything has been
configured exactly as stated on that page, but I still
can't join the domain.

Other facts that may be of importance here:
- the machine that has to be joined to the domain is
reachable from other machines and can reach other
machines.
- i can connect to the machine using remote desktop
- from the machine that has to be joined, i can not reach
the internet
- nslookup from the fawlty machine returns right results,
even for external sites
- normal local network functionality seems to be ok,
except where AD user authentication is required
- when looking up the main browser or pdc using
browstat.exe (status/getmaster/getpdc) it returns the
right results
- the dns settings on the fawlty machine points to the
PDC only
- I have joined two other machines to the domain without
any problems, so the problem does not seem to be with the
PDC - there is only one NIC in the fawlty machine

I can't think of anything else and I hope someone here
can help me.

Thanks, regards,
Jelle

Is merrick the DNS name of the AD domain?
If it is that is a major problem and you will have to make registry entries
to the DC and any machine you want to join as a member.

300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names
http://support.microsoft.com/default.aspx?scid=kb;en-us;300684&sd=RMVP

 

[Jelle]

Hi Kevin,

No, the FQDN is 'merrick.local'. And I've tried joining the domain using the
FQDN, but only to get the same error.

Regards,
Jelle

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Hi Kevin,

No, the FQDN is 'merrick.local'. And I've tried joining
the domain using the FQDN, but only to get the same error.

Are all clients and the DC using only the DC for DNS? (Should be)

Run netdiag /fix & dcdiag /fix on the DC.

 

[Jelle]

Kevin,

Yes, all machines are using only the internal DNS server (DC).
I've run both netdiag and dcdiag, but all tests return either 'skipped' or
'passed'

FYI: I've also posted this question in
news://microsoft.public.win2000.active_directory.
There you'll find other responses, questions and answers, but unfortunately
no final solution yet :-(

Do you have any other ideas or suggestions I could try?

Thank you, regards,
Jelle

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Kevin,

Yes, all machines are using only the internal DNS server
(DC).
I've run both netdiag and dcdiag, but all tests return
either 'skipped' or 'passed'

FYI: I've also posted this question in
news://microsoft.public.win2000.active_directory.
There you'll find other responses, questions and answers,
but unfortunately no final solution yet :-(

Do you have any other ideas or suggestions I could try?

Post these things:
1 ipconfig /all from the DC
2 zone names in DNS
3 AD domain name from ADU&C
4 results from this command on the DC: net start

 

[Jelle]

Kevin,

Please find the info you wanted below:

** 1) ipconfig /all from DC:

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : main
Primary DNS Suffix . . . . . . . : merrick.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : merrick.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com EtherLink XL PCI TPC NIC
(3C900B-TPC)
Physical Address. . . . . . . . . : 00-01-02-1C-0B-9B
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 10.0.0.150
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.138
DNS Servers . . . . . . . . . . . : 10.0.0.150


** 2) DNS Zones on DC:

Name - Type - Status
buitenzinne.nl - Secondary - Running
hoppenbrouwers.net - Standard Primary - Running
merrick.local - Active Directory-integrated - Running
merrick.nl - Standard Primary - Running


** 3) AD domain name from ADU&C

merrick.local


** 4) results from net start command on the DC

These Windows 2000 services are started

Alerter
Automatic Updates
Background Intelligent Transfer Serv
COM+ Event System
Computer Browser
DefWatch
DHCP Client
DHCP Server
Distributed File System
Distributed Link Tracking Client
Distributed Link Tracking Server
Distributed Transaction Coordinator
DNS Client
DNS Server
Event Log
File Replication Service
FTP Publishing Service
IIS Admin Service
Intersite Messaging
IPSEC Policy Agent
Kerberos Key Distribution Center
License Logging Service
Logical Disk Manager
Machine Debug Manager
Microsoft Search
MSSQLSERVER
Net Logon
Network Connections
Norton AntiVirus Client
NT LM Security Support Provider
Plug and Play
Print Spooler
Protected Storage
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Procedure Call (RPC) Locator
Remote Registry Service
Removable Storage
RunAs Service
Security Accounts Manager
Server
Simple Mail Transport Protocol (SMTP
SNMP Service
System Event Notification
Task Scheduler
TCP/IP NetBIOS Helper Service
Telephony
Terminal Services
WebAdmin
WebTool
Windows Management Instrumentation
Windows Management Instrumentation D
Windows Time
Workstation
World Wide Web Publishing Service

The command completed successfully.

Hope this gives you the info you need!

Thanks again, regards,
Jelle

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Kevin,

Please find the info you wanted below:

** 1) ipconfig /all from DC:

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : main
Primary DNS Suffix . . . . . . . : merrick.local
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : merrick.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 3Com
EtherLink XL PCI TPC NIC (3C900B-TPC)
Physical Address. . . . . . . . . :
00-01-02-1C-0B-9B DHCP Enabled. . . . . . . . . .
. : No IP Address. . . . . . . . . . . . :
10.0.0.150 Subnet Mask . . . . . . . . . . . :
255.255.255.0 Default Gateway . . . . . . . . . :
10.0.0.138 DNS Servers . . . . . . . . . . . :
10.0.0.150


** 2) DNS Zones on DC:

Name - Type - Status
buitenzinne.nl - Secondary - Running
hoppenbrouwers.net - Standard Primary - Running
merrick.local - Active Directory-integrated - Running
merrick.nl - Standard Primary - Running


** 3) AD domain name from ADU&C

merrick.local


** 4) results from net start command on the DC

These Windows 2000 services are started

Alerter
Automatic Updates
Background Intelligent Transfer Serv
COM+ Event System
Computer Browser
DefWatch
DHCP Client
DHCP Server
Distributed File System
Distributed Link Tracking Client
Distributed Link Tracking Server
Distributed Transaction Coordinator
DNS Client
DNS Server
Event Log
File Replication Service
FTP Publishing Service
IIS Admin Service
Intersite Messaging
IPSEC Policy Agent
Kerberos Key Distribution Center
License Logging Service
Logical Disk Manager
Machine Debug Manager
Microsoft Search
MSSQLSERVER
Net Logon
Network Connections
Norton AntiVirus Client
NT LM Security Support Provider
Plug and Play
Print Spooler
Protected Storage
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Procedure Call (RPC) Locator
Remote Registry Service
Removable Storage
RunAs Service
Security Accounts Manager
Server
Simple Mail Transport Protocol (SMTP
SNMP Service
System Event Notification
Task Scheduler
TCP/IP NetBIOS Helper Service
Telephony
Terminal Services
WebAdmin
WebTool
Windows Management Instrumentation
Windows Management Instrumentation D
Windows Time
Workstation
World Wide Web Publishing Service

The command completed successfully.

Hope this gives you the info you need!

Everything looks OK for the DC, the necessary services are running, you have
the correct zones in DNS.

Run netdiag /v on the DC to see if there are any errors and verify that
Allow dynamic updates is set to Yes or only secure updates.

Verify the XP client is using the DC for DNS only.

 

[Ace Fekay [MVP]]

In

Kevin,

Please find the info you wanted below:

<snipped>


Jelle,

What are these services below?

WebAdmin
WebTool

You also have the IPSec Policy agent running. Is there an IPSec Policy in
place? If so, can you briefly describe the settings please?

I noticed SQL is on this machine too. This is a DC? It seems like an
overloaded DC. Was there Zone Alarm on this machine in the past? Are there
any Event Log errors?

Do the XP machines have the firewall turned on?


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Paramount: What's up with taking Enterprise off the air??
=================================

 

[Jelle]

Hi Kevin,

Yes, i thought everything looked ok.

I've run the netdiag /v command on the DC. I won't post the entire results,
but here are some of them:

Domain membership test . . . . . . : Passed
NetBT transports test. . . . . . . : Passed
Autonet address test . . . . . . . : Passed
Winsock test . . . . . . . . . . . : Passed
DNS test . . . . . . . . . . . . . : Passed
The DNS registration for main.merrick.local is correct on all DNS servers
PASS - All the DNS entries for DC are registered on DNS server
'10.0.0.150'.
Redir and Browser test . . . . . . : Passed
DC discovery test. . . . . . . . . : Passed
DC list test . . . . . . . . . . . : Passed
Kerberos test. . . . . . . . . . . : Passed
LDAP test. . . . . . . . . . . . . : Passed
Routing table test . . . . . . . . : Passed
Netstat information test . . . . . : Passed
IP Security test . . . . . . . . . : Passed
IPSec policy service is active, but no policy is assigned.

It goes on, but the bottom line is: Passed.
I've also run the same command on the I-don't-wan't-to-join system with
basically the same results: every test passed or not run.

But, too be honest, I don't think the problem lies with the PDC. Mostly
because I've been able to let other machines (new & old) join the domain
without any trouble whatsoever and all other network operations work fine. I
have, however, found some weird things on the machine that refuses to join
the domain:

I can't start services WWW, SMTP or FTP: "error 126: Module could not be
found", although IIS Admin service has been started.

I have a service(!) called 'Internet Explorer' on the fawlty machine.
The description is 'Internet Explorer Management', the file is
'C:\WINNT\System32\explorer.exe' and it's set to automatic startup.

After rebooting this machine, a few entries in the system event log appear,
which may be related:

Event Source: DCOM
Event ID: 10010
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM
within the required timeout.

Event Source: Service Control Manager
Event ID: 7023
The Task Scheduler service terminated with the following error: Not enough
resources are available to complete this operation.

Event Source: Service Control Manager
Event ID: 7024
The Background Intelligent Transfer Service service terminated with
service-specific error 2147952506.


It would seem that this is the source of the problem. As I'm typing this,
I'm running a full NAV virus scan. But I'm not too hopeful about the
results, since NAV has been running on this machine all along (with daily
definition updates). It would be a bit strange if it found something now
while not having found anything real-time.

Any ideas on this?

Thanks, regards,
Jelle

 

[Jelle]

Hi Ace,

What are these services below?

There is no IPSec Policy configured.

And yes, this is a DC and it is indeed somewhat overloaded.
Although it is not as bad as it may seem. MSSQL is installed but not in use.
Same for the mailserver.
Currently it's only job is being a PDC.

But, too be honest, I don't think the problem lies with the PDC. Mostly
because I've been able to let other machines (new & old) join the domain
without any trouble whatsoever and all other network operations work fine. I
have, however, found some weird things on the machine that refuses to join
the domain:

I can't start services WWW, SMTP or FTP: "error 126: Module could not be
found", although IIS Admin service has been started.

I have a service(!) called 'Internet Explorer' on the fawlty machine.
The description is 'Internet Explorer Management', the file is
'C:\WINNT\System32\explorer.exe' and it's set to automatic startup.

After rebooting this machine, a few entries in the system event log appear,
which may be related:

Event Source: DCOM
Event ID: 10010
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM
within the required timeout.

Event Source: Service Control Manager
Event ID: 7023
The Task Scheduler service terminated with the following error: Not enough
resources are available to complete this operation.

Event Source: Service Control Manager
Event ID: 7024
The Background Intelligent Transfer Service service terminated with
service-specific error 2147952506.

It would seem that this is the source of the problem. As I'm typing this,
I'm running a full NAV virus scan. But I'm not too hopeful about the
results, since NAV has been running on this machine all along (with daily
definition updates). It would be a bit strange if it found something now
while not having found anything real-time.

Any ideas on this?

Thanks, regards,
Jelle


"Ace Fekay [MVP]"

 

[Ace Fekay [MVP]]

In

Hi Ace,


There is no IPSec Policy configured.

And yes, this is a DC and it is indeed somewhat overloaded.
Although it is not as bad as it may seem. MSSQL is installed but not
in use. Same for the mailserver.
Currently it's only job is being a PDC.

But, too be honest, I don't think the problem lies with the PDC.
Mostly because I've been able to let other machines (new & old) join
the domain without any trouble whatsoever and all other network
operations work fine. I have, however, found some weird things on the
machine that refuses to join the domain:

I can't start services WWW, SMTP or FTP: "error 126: Module could not
be found", although IIS Admin service has been started.

I have a service(!) called 'Internet Explorer' on the fawlty machine.
The description is 'Internet Explorer Management', the file is
'C:\WINNT\System32\explorer.exe' and it's set to automatic startup.

After rebooting this machine, a few entries in the system event log
appear, which may be related:

Event Source: DCOM
Event ID: 10010
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Event Source: Service Control Manager
Event ID: 7023
The Task Scheduler service terminated with the following error: Not
enough resources are available to complete this operation.

Event Source: Service Control Manager
Event ID: 7024
The Background Intelligent Transfer Service service terminated with
service-specific error 2147952506.

It would seem that this is the source of the problem. As I'm typing
this, I'm running a full NAV virus scan. But I'm not too hopeful
about the results, since NAV has been running on this machine all
along (with daily definition updates). It would be a bit strange if
it found something now while not having found anything real-time.

Any ideas on this?

Thanks, regards,
Jelle

Explorer.exe?? A service?? NO way... That's a red flag right there. Run an
antivirus scan, such as Stinger (from McAfee), and a spyware scan. I think
you got a bug on the machine causing all of this.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Paramount: What's up with taking Enterprise off the air??
=================================