Announcement

Collapse
No announcement yet.

Cant Joint Domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cant Joint Domain

    Hello Everyone,

    I am pretty new to server operating systems so I don't know exactly what I am doing yet but I try to do the small tasks at our company so we don't have to bring the pros in for 5 minutes every day and waste money.

    Here comes the problem. I added a workstation to the domain which worked fine. He connected and had access to all of the correct resources. I then noticed his computer name did not mach our scheme. I logged the workstation off of the server, Deleted his computer out of the computers section of active directory, then logged in as the local admin on the workstation and changed the name of the computer. At the same time I gave him a static address because he also wanted remote desktop set up. Everything went fine. I logged off and tried to log back onto the server and it says it cannot find the server. I even tried logging in as myself and still nothing. I changed it back to DHCP and everything worked fine. Then I changed it back to static (the exact address that it received for DHCP) and still nothing. I tried many known working static addresses and each time it says cannot find domain. It will only work with DHCP. Right now I have it on DHCP as a temporary solution. Any thoughts on why it does not like static?

  • #2
    Re: Cant Joint Domain

    What settings are you putting in the DNS/WINS boxes?
    Do they match what is applied through DHCP?
    cheers
    Andy

    Please read this before you post:


    Quis custodiet ipsos custodes?

    Comment


    • #3
      Re: Cant Joint Domain

      Originally posted by AndyJG247 View Post
      What settings are you putting in the DNS/WINS boxes?
      Do they match what is applied through DHCP?
      DNS is the same as all other computers. Its the address of our DNS server. On a working workstation when I do an ipconfig /all I am getting 3 listed DNS addresses. First is the one I put in manually(Our DNS server). The last 2 im not sure where they came from. And im not sure how to access WINS. Is that something I need to check into. I am using the exact same address scheme I have used on every other computer ive made static. Only thing different I did was messed with the computer name on the server. But I cant see how this would have anything to do with it.

      Comment


      • #4
        Re: Cant Joint Domain

        Would be good to find out what the other DHCP servers are if possible.
        From your post it isn't clear if you rebooted after changing the name?

        Does ping get a response from the DC?
        cheers
        Andy

        Please read this before you post:


        Quis custodiet ipsos custodes?

        Comment


        • #5
          Re: Cant Joint Domain

          That's what I was thinking... grab DHCP via ipconfig /all and then plug it in statically exactly the way dhcp has it. Then try to ping the DC's DNS name while logged in locally.

          Probably should have removed the computer from the domain first before deleting the computer account and then changing the computer name as well.

          Comment


          • #6
            Re: Cant Joint Domain

            Originally posted by AndyJG247 View Post
            Would be good to find out what the other DHCP servers are if possible.
            From your post it isn't clear if you rebooted after changing the name?

            Does ping get a response from the DC?
            The other DHCP server is coming from our router(Which is a fortinet). And yes I did reboot after name change. I can also ping the DNS server and everything else on the network. After tinkering enough. I got a message that said something about resources are already in use but then I changed it back to DHCP and it went away. Ill probably just have to back up his exchange and his My Docs and re create him in active directory.

            I guess this is the stuff that happens when you are learning the software.

            Edit:
            In active directory are the Computers connected to the Users some how. I dont understand why removing the computer would cause a problem. Doesn't it automatically create the computer when you log in as a user on a new computer? That is the way it has always worked in the past.
            Last edited by baschaff; 20th May 2009, 13:56.

            Comment


            • #7
              Re: Cant Joint Domain

              User and computer are completely separate. When you join a machine to the domain it will create the object.

              Without the error message it does make things a bit harder to diagnose though.
              cheers
              Andy

              Please read this before you post:


              Quis custodiet ipsos custodes?

              Comment


              • #8
                Re: Cant Joint Domain

                Originally posted by AndyJG247 View Post
                User and computer are completely separate. When you join a machine to the domain it will create the object.

                Without the error message it does make things a bit harder to diagnose though.
                Ok, I've got it down to this. I can get it to join the domain with a static address no problem so I know that is not the issue. It when I log off and try to log back in I get this message.

                "Windows cannot connect to the domain, either because the domain controller is down or otherwise unavailable, or because your computer account was not found. Please try again later. If this message continues to appear, contact...."

                I then logged into the DC and deleted the computer out of the computers OU. Then I was able to log in again. But as soon as I log out, (without making any changes). It gives me the same message. Im stumped. Thank you for your help so far.

                Comment


                • #9
                  Re: Cant Joint Domain

                  Ok, that is a slightly different problem from the first one.
                  So it lets you join but then refuses further connections.

                  There should be plenty of errors in the event log, dcdiag/netdiag would be helpful too.
                  cheers
                  Andy

                  Please read this before you post:


                  Quis custodiet ipsos custodes?

                  Comment


                  • #10
                    Re: Cant Joint Domain

                    Ok. Here are the errors. They are all under System in the event viewer. No errors anywhere else.

                    But first ill explain a few things. INTERN was the name of the computer before I changed it to LANCEZ

                    PEGGYH is a computer name for someone that quit so her user account is disabled but her computer account is still enabled. Her computer is elsewhere.


                    Anyways errors listed between lines and comments listed between *.
                    ERROR1____________________________________________ ____
                    Source(Kerberos) Event (4)
                    The kerberos client received a KRB_AP_ERR_MODIFIED error from the server INTERN$. The target name used was RPCSS/Peggyh. This indicates that the password used to encrypt the kerberos service ticket is different than that on the target server. Commonly, this is due to identically named machine accounts in the target realm (MIDFUT.LOCAL), and the client realm. Please contact your system administrator.
                    ERROR1____________________________________________ ____
                    ***************
                    This is when I changed the computer name to LANCEZ
                    ***************
                    ERROR2____________________________________________ ____
                    Source(Netlogon) Event(5723)
                    The session setup from computer 'LANCEZ' failed because the security database does not contain a trust account 'LANCEZ$' referenced by the specified computer.

                    USER ACTION
                    If this is the first occurrence of this event for the specified computer and account, this may be a transient issue that doesn't require any action at this time. Otherwise, the following steps may be taken to resolve this problem:

                    If 'LANCEZ$' is a legitimate machine account for the computer 'LANCEZ', then 'LANCEZ' should be rejoined to the domain.

                    If 'LANCEZ$' is a legitimate interdomain trust account, then the trust should be recreated.

                    Otherwise, assuming that 'LANCEZ$' is not a legitimate account, the following action should be taken on 'LANCEZ':

                    If 'LANCEZ' is a Domain Controller, then the trust associated with 'LANCEZ$' should be deleted.

                    If 'LANCEZ' is not a Domain Controller, it should be disjoined from the domain.
                    ERROR2____________________________________________ ____
                    ERROR3____________________________________________ ____
                    Source(Netlogon) Event(5805)
                    The session setup from the computer LANCEZ failed to authenticate. The following error occurred:
                    Access is denied.
                    ERROR3____________________________________________ ____
                    ***************
                    The 5723 error and 5805 I am getting for another user also but she has never has any problems(that she or I know of) so I dont know what to make of that. She never logs off during the day

                    Somewhere in here I logged into the DC and deleted the computer LANCEZ then I was able to logon. But once I logged off, it would not let me log back on. I deleted the computer again and right now I have him logged on because he is out of the office and wants to use his remote desktop. So I told him not to log off or else it will not let him back in. This is obviously not a long term solution.

                    Here is an error I get when running dcdiag
                    ***************
                    dcdiag____________________________________________ ____
                    Starting test: systemlog
                    An Error Event occured. EventID: 0x40000004
                    Time Generated: 05/22/2009 14:43:11
                    Event String: The kerberos client received a
                    An Error Event occured. EventID: 0xC0002716
                    Time Generated: 05/22/2009 14:53:02
                    (Event String could not be retrieved)
                    ......................... ABCSERVER failed test systemlog
                    dcdiag____________________________________________ ____
                    ***************
                    Everything passes when I run netdiag except this
                    ***************
                    netdiag___________________________________________ _____
                    Trust relationship test. . . . . . : Skipped

                    WAN configuration test . . . . . . : Skipped
                    No active remote access connections.

                    IP Security test . . . . . . . . . : Skipped
                    netdiag___________________________________________ _____
                    ***************
                    I am very new when it comes to servers so bear with me. I have no training. Just trying to learn by playing and reading. Company is strapped right now. I am the only tech left (because I was the least payed). So I would like to try and save the company 200-500 bucks by not having to call the pros in for something simple. Plus I would like to keep my job.
                    ***************

                    Comment


                    • #11
                      Re: Cant Joint Domain

                      A couple of things:

                      1. The computer account and the user account have nothing to do with each other.

                      2. DHCP and DNS have nothing to do with the computer account or the user account.

                      Here's what I would suggest as things look like they're getting pretty jumbled up here:

                      1. Put the computer in workgroup mode and give it a new name that matches your schema. Disconnect the network cable and reboot the computer.

                      2. Delete any computer account in AD that is related to the computer. This means any old name, current name, etc. that you have created.

                      3. Delete any reference to the computer in DHCP and DNS. This means any reference to any of the old names, current names, etc.

                      4. Wait 15 minutes

                      5. Configure the computer to use DHCP, plug in the network cable, and reboot again.

                      6. Join the computer to the domain and reboot.

                      Comment


                      • #12
                        Re: Cant Joint Domain

                        Hi,

                        May i know client Os is xp or ?

                        Comment


                        • #13
                          Re: Cant Joint Domain

                          The OS is XP

                          When you say delete any reference to DNS, where do I do that at? I'm in the middle of studying for Windows 2003 server so I am not quite up to par with everything yet. DHCP comes from the router so I am assuming I shouldn't have to do anything there.

                          Comment


                          • #14
                            Re: Cant Joint Domain

                            From the DC....Control Panel> Administrative Tools> DNS You should see a Forward Lookup Zone and a Reverse Lookup Zone. Delete any reference to the computer there that you see.

                            Comment


                            • #15
                              Re: Cant Joint Domain

                              Joeqwerty that did the trick. Thank you all for your help. Being as I am new to windows servers and am the only tech here at my company I'm sure ill be back very soon. Thanks again.

                              Comment

                              Working...
                              X