Join the domain

Archived from groups: microsoft.public.windowsnt.domain (More info?)

I'm trying to add computer which is located in remote office to domain.
Main location and office are connected with VPN (HW solution, Cisco PIX
on both side, IPSEC).

On remote location we have Window XP SP1 computers, domain servers are
Windows 2003 (and one old nt4.0) in mixed mode.

Ping is working fine in both direction.

But when I try to join computer (lets say de-1) into the domain I get,
after long delay (cca. 5 minutes) error: "The service did not respond to
the start or control request in a timely fashion.".

I try more or less everything. I gave fixed ip to de-1, configure dns
(working fine) and even wins server. Name resolution is working fine….

When i try netdiag /d:wish-to-join.domain it is working long and i got
only:

Gathering IPX configuration information.
Querying status of the Netcard drivers... Passed
Testing IpConfig - pinging the Primary WINS server... Passed
Testing IpConfig - pinging the Secondary WINS server... Passed
Testing Domain membership... Passed
Gathering NetBT configuration information.
Testing for autoconfiguration... Passed
Testing IP loopback ping... Passed
Testing default gateways... Passed
Enumerating local and remote NetBT name cache... Passed
Testing the WINS server
Local Area Connection
Sending name query to primary WINS server yyy.xxx.1.19 -
Passed
Sending name query to secondary WINS server yyy.xxx.1.10 -
Passed
Sending name query to secondary WINS server yyy.xxx.200 -
Passed
Gathering Winsock information.
Testing DNS
Testing redirector and browser... Passed
Testing DC discovery.
Looking for a DC
Looking for a PDC emulator
Looking for a Windows 2000 DC
Gathering the list of Domain Controllers for domain 'wish-to-
join.domain '
Testing trust relationships... Skipped
Testing Kerberos authentication... Skipped
Testing LDAP servers in Domain e-jub.com ...

It looks that there is problem with LDAP. In my location it looks fine.
netdiag report follows:
[deleted]
Trust relationship test. . . . . . : Passed
Secure channel for domain 'wish-to-join-domain is to '\dc-1.wish-to-
join.domain'.
Cannot test secure channel for domain 'Wish-to-join-domain to DC
'OLD_NT_4.0_server'. [ERROR_NO_LOGON_SERVERS]

Kerberos test. . . . . . . . . . . : Passed

LDAP test. . . . . . . . . . . . . : Passed
[WARNING] Failed to query SPN registration on DC 'dc1.wish-to-
join.domain'.
[WARNING] Failed to query SPN registration on DC 'dc2.wish-to-
join.domain'.
[WARNING] Failed to query SPN registration on DC 'dc3.wish-to-
join.domain'

Bindings test. . . . . . . . . . . : Passed
[deleted]

Any idea?


Dussan
5 answers Last reply
More about join domain
  1. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Netdiag.exe Does Not Query SPN Registration When Down-Level Name Is
    Different
    http://support.microsoft.com/default.aspx?scid=kb;en-us;297384

    Domain controller is not functioning correctly
    http://support.microsoft.com/default.aspx?scid=kb;en-us;837513

    "Dussan Pirc" <REMOVE_ME_du7an@email.si> wrote in message news:
    > I'm trying to add computer which is located in remote office to
    domain.
    > Main location and office are connected with VPN (HW solution, Cisco
    PIX
    > on both side, IPSEC).
    >
    > On remote location we have Window XP SP1 computers, domain servers are
    > Windows 2003 (and one old nt4.0) in mixed mode.
    >
    > Ping is working fine in both direction.
    >
    > But when I try to join computer (lets say de-1) into the domain I get,
    > after long delay (cca. 5 minutes) error: "The service did not respond
    to
    > the start or control request in a timely fashion.".
    >
    > I try more or less everything. I gave fixed ip to de-1, configure dns
    > (working fine) and even wins server. Name resolution is working fine..
    >
    > When i try netdiag /d:wish-to-join.domain it is working long and i got
    > only:
    >
    > Gathering IPX configuration information.
    > Querying status of the Netcard drivers... Passed
    > Testing IpConfig - pinging the Primary WINS server... Passed
    > Testing IpConfig - pinging the Secondary WINS server... Passed
    > Testing Domain membership... Passed
    > Gathering NetBT configuration information.
    > Testing for autoconfiguration... Passed
    > Testing IP loopback ping... Passed
    > Testing default gateways... Passed
    > Enumerating local and remote NetBT name cache... Passed
    > Testing the WINS server
    > Local Area Connection
    > Sending name query to primary WINS server yyy.xxx.1.19 -
    > Passed
    > Sending name query to secondary WINS server yyy.xxx.1.10 -
    > Passed
    > Sending name query to secondary WINS server yyy.xxx.200 -
    > Passed
    > Gathering Winsock information.
    > Testing DNS
    > Testing redirector and browser... Passed
    > Testing DC discovery.
    > Looking for a DC
    > Looking for a PDC emulator
    > Looking for a Windows 2000 DC
    > Gathering the list of Domain Controllers for domain 'wish-to-
    > join.domain '
    > Testing trust relationships... Skipped
    > Testing Kerberos authentication... Skipped
    > Testing LDAP servers in Domain e-jub.com ...
    >
    > It looks that there is problem with LDAP. In my location it looks
    fine.
    > netdiag report follows:
    > [deleted]
    > Trust relationship test. . . . . . : Passed
    > Secure channel for domain 'wish-to-join-domain is to
    '\dc-1.wish-to-
    > join.domain'.
    > Cannot test secure channel for domain 'Wish-to-join-domain to DC
    > 'OLD_NT_4.0_server'. [ERROR_NO_LOGON_SERVERS]
    >
    > Kerberos test. . . . . . . . . . . : Passed
    >
    > LDAP test. . . . . . . . . . . . . : Passed
    > [WARNING] Failed to query SPN registration on DC 'dc1.wish-to-
    > join.domain'.
    > [WARNING] Failed to query SPN registration on DC 'dc2.wish-to-
    > join.domain'.
    > [WARNING] Failed to query SPN registration on DC 'dc3.wish-to-
    > join.domain'
    >
    > Bindings test. . . . . . . . . . . : Passed
    > [deleted]
    >
    > Any idea?
    >
    >
    > Dussan
  2. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    "Michael Giorgio - MS MVP" <Michael.Giorgio@NoSpam.mayerson.com> wrote in
    news:#9B6V#KzEHA.2040@tk2msftngp13.phx.gbl:

    > Netdiag.exe Does Not Query SPN Registration When Down-Level Name Is
    > Different
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;297384
    >

    Nope - I'm using 2003 Server

    > Domain controller is not functioning correctly
    > http://support.microsoft.com/default.aspx?scid=kb;en-us;837513
    >

    I thing it is problem with VPN.... Everything in LAN is working perfect.

    Dussan
  3. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    That is most likely the issue. The VPN clients need
    to find a DC in the LAN. If DNS is configured properly
    they should be able to find the DC. From a VPN client
    open a dos prompt and run nslookup www.yourdomain.com.
    Next try the same with the DC e.g., nslookup myserver.mydomain.com.

    What are the results?
    "Dussan Pirc" <REMOVE_ME_du7an@email.si> wrote in message
    news:Xns95A54DE1E31E7dussanemailcom@207.46.248.16...
    > "Michael Giorgio - MS MVP" <Michael.Giorgio@NoSpam.mayerson.com> wrote
    in
    > news:#9B6V#KzEHA.2040@tk2msftngp13.phx.gbl:
    >
    > > Netdiag.exe Does Not Query SPN Registration When Down-Level Name Is
    > > Different
    > > http://support.microsoft.com/default.aspx?scid=kb;en-us;297384
    > >
    >
    > Nope - I'm using 2003 Server
    >
    > > Domain controller is not functioning correctly
    > > http://support.microsoft.com/default.aspx?scid=kb;en-us;837513
    > >
    >
    > I thing it is problem with VPN.... Everything in LAN is working
    perfect.
    >
    > Dussan
  4. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    "Michael Giorgio - MS MVP" <Michael.Giorgio@NoSpam.mayerson.com> wrote in
    news:#8FBfbXzEHA.1412@tk2msftngp13.phx.gbl:

    > That is most likely the issue. The VPN clients need
    > to find a DC in the LAN. If DNS is configured properly
    > they should be able to find the DC. From a VPN client
    > open a dos prompt and run nslookup www.yourdomain.com.
    > Next try the same with the DC e.g., nslookup myserver.mydomain.com.
    >
    > What are the results?


    Working fine... It looks like MTU problem.

    lp, Dussan
  5. Archived from groups: microsoft.public.windowsnt.domain (More info?)

    Good to hear and thanks for the update.

    "Dussan Pirc" <REMOVE_ME_du7an@email.si> wrote in message news:
    >
    > Working fine... It looks like MTU problem.
Ask a new question

Read More

Domain Windows Server 2003 Windows