XP logon to Win 2k server

[Jeff McKay]

What is the procedure for getting a Win XP client logged on to a win 2k
server
domain? (In case you're wondering what kind of idiot admin does not know
this
already, I am just setting up a test network and experimenting with it). I
understand
I need Win XP Pro, not Home, so I upgraded. But I don't see any new
software or
options that let me do this, and my Win 2k server book (edition 4)
apparently is too
old to mention XP. Server is up and running, and the XP machine can ping
it, but
that is all I can do at this point.

 

[Marina Roos]

You'll need to join the XP. Go to Control Panel, System, tab
Networkidentification, Properties, enable the domainmode, fill in the
domainname, it will ask for the administratorsaccount and password that has
permissions to join workstations. Wait a little, and you'll get the welcome
at the domain screen.

 

[Jeff McKay]

Thanks for your response. I think I've got other problems. When
I do as you suggested, XP says "a domain controller for domain
comaxis.com cannot be contacted..." (detailed error below).

Looking at my server, system properties, network identification,
it clearly says the domain name is comaxis.com, and is set to be
a domain controller. The XP machine can ping comaxis.com, so there
is connectivity (note that this is a standalone network, not
connected to the internet).

I guess I've got a DNS configuration error, but darned if I can
see what it is. I've attached the detailed error from XP below.
If you can quickly spot my error or point me to further information
I would appreciate it.
--
The following error occurred when DNS was queried for the service location
(SRV)
resource record used to locate a domain controller for domain comaxis.com:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.comaxis.com

Common causes of this error include the following:

- The DNS SRV record is not registered in DNS.

- One or more of the following zones do not include delegation to its child
zone:

comaxis.com
com
.. (the root zone)

 

[Marina Roos]

Check in DNS-server, Forward and reverse Lookup Zones, Properties, is 'allow
dynamic updates' set to yes?

 

[Jeff McKay]

It was not set in the forward zone - changing did not make a difference. I
don't
have a reverse lookup zone defined.

 

[Marina Roos]

Okay, check all the following (on the server) and change if needed:

TCP/IP settings

Internal nic:
1.) Right click "My network places" and select Properties.
2.) For the LAN connection right click and select Properties.
3.) On the properties page double click TCP/IP.
4.) On the internal nic (when using 2 nics) the gateway should be blank. At
the bottom of the protocols page select Preferred DNS Server option and
enter the IP address for the server itself. Leave the alternate DNS server
IP blank.
5.) On the DNS-tab, verify that the only DNS server is the servers internal
IP address. Make sure the "Append parent suffixes of the primary DNS suffix"
and "Register this connection's address in DNS" selection are checked.
6.) On the WINS-tab, verify that the WINS address is the servers internal IP
address. Verify that "Enable LMHOSTS lookup" is checked and that "Enable
NetBIOS over TCP/IP" is selected.

External nic:
1.) Right click "My network places" and select Properties.
2.) For the WAN connection right click and select Properties.
3.) On the properties page double click TCP/IP.
4.) The IP should be in a different range from the internal nic. At the
bottom of the protocols page select Preferred DNS Server option and enter
the IP address for the server itself. Leave the alternate DNS server IP
blank.
5.) On the DNS-tab, verify that the only DNS server is the servers internal
IP address. Make sure the "Append parent suffixes of the primary DNS suffix"
and "Register this connection's address in DNS" selection are unchecked.
6.) On the WINS-tab, verify that there are no WINS addresses listed. Verify
that "Enable LMHOSTS lookup" is checked and that "Disable NetBIOS over
TCP/IP" is selected. This will have the effect of allowing only the internal
nic to register with WINS. NetBIOS packets are blocked by internet routers,
so no NetBIOS over TCP/IP should be permitted on the external nic.


DNS settings

1.) Open up the DNS console.
2.) Once opened, right click on the server in the right hand pane and select
Properties.
3.) On the Interfaces tab, set the server to listen only on its internal IP
Address.
4.) On the "Forwarders" tab, check the "Enable forwarders" selection at the
top.
5.) Add the ISP-DNS-numbers and click Apply. (note- In the TCP/IP settings,
we selected the choice for DNS to point to itself. If name resolution
cannot be resolved then a request is made to the forwarders. If resolution
cannot be made via the internal DNS and there are no forwarders listed, then
resolution will be made via the root hints.)
6.) On the Monitoring tab, select simple and recursive test types and click
the Test now button. Both types should pass. Uncheck test types, click
Apply, then click OK.
7.) Expand the containers beneath the servers name and click on the Reverse
lookup zone subnet. It should correspond to the network ID of the LAN with
an "x" in the last octet. If one is not present, create a Reverse lookup
zone, type Active Directory Integrated.
8.) Verify that the server has a pointer record listed for its own IP.
9.) Bring up the properties of the Reverse Lookup Zone subnet.
10.) Click on the Name Servers tab. Verify that the nameserver is the
servers FQDN with only the internal IP address listed.
11.) Click on the WINS-R tab. Enable WINS reverse lookup and enter the
domainname.
12.) Click on the General tab and set "Allow dynamic updates?" to yes.
13.) Click Apply, clik OK.
14.) Click on the "Forward Lookup Zone" beneath the container Forward Lookup
Zones.
15.) Delete any record which is not on the local internal subnet. If there
is a folder with a dot "." listed then delete it. (note- This indicates to
the server that it is the root server, which means do not go beyond this
server for name resolution.)
16.) Bring up the properties of the Forward Lookup Zone.
17.) Click on the Name Servers tab. Verify that the nameserver is the
servers FQDN with only the internal IP address listed.
18.) Click on the WINS-R tab. Enable WINS forward lookup and enter the
servers internal IP address and click the Add button.
19.) Click on the General tab and set "Allow dynamic updates?" to yes.
20.) Click Apply, clik OK.
21.) Restart DNS-server.

Open up a command prompt and type the following:

1.) At the prompt type "ipconfig /flushdns" and wait for the services to
flush.
2.) "ipconfig /registerdns" and wait for the services to register.
3.) net stop netlogon
4.) net start netlogon

Once all of this is done, open the DNS console again. Expand the Forward
lookup zones, then expand the domain folder. You should see the underscore
folders below:

_msdcs
_sites
_tcp
_udp