Sign in with
Sign up | Sign in
Your question

Not able to join domain

Tags:
  • Domain
  • Microsoft
  • Active Directory
  • Windows
Last response: in Windows 2000/NT
Share
Anonymous
March 6, 2005 5:09:26 PM

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.networking (More info?)

Hi there,

I have recently encountered a problem with joining a computer to the my
local domain.
The machine that needs to join the domain is a Win2K Server. The DC (AD
integrated) is also a Win2K Server.
In total, there are six machines on the LAN. All are working fine
(network-wise), except this one.

When I try to let it join the domain (domain name = 'Merrick') I get the
following error:

---
The following error occurred validating the name "Merrick".
This condition may be caused by a DNS lookup problem. For information about
troubleshooting common DNS lookup problems, please see the following
Microsoft Web site:
http://go.microsoft.com/fwlink/?LinkID=5171

The specified domain either does not exist or could not be contacted.
----

Unfortunately, any solutions listed on that page have failed to solve this
problem. Everything has been configured exactly as stated on that page, but
I still can't join the domain.

Other facts that may be of importance here:
- the machine that has to be joined to the domain is reachable from other
machines and can reach other machines.
- i can connect to the machine using remote desktop
- from the machine that has to be joined, i can not reach the internet
- nslookup from the fawlty machine returns right results, even for external
sites
- normal local network functionality seems to be ok, except where AD user
authentication is required
- when looking up the main browser or pdc using browstat.exe
(status/getmaster/getpdc) it returns the right results
- the dns settings on the fawlty machine points to the PDC only
- I have joined two other machines to the domain without any problems, so
the problem does not seem to be with the PDC
- there is only one NIC in the fawlty machine

I can't think of anything else and I hope someone here can help me.

Thanks, regards,
Jelle

More about : join domain

Anonymous
March 6, 2005 5:09:27 PM

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.networking (More info?)

Verify that the time is correct on the server that you are trying to join
the domain. Check day/month/year/time zone/AM & PM. Then make sure it is
pointing to only your domain controller as it's preferred dns server in
tcp/ip properties. Make sure you enter the fully qualified domain name for
the domain when you join the domain and that you can ping the domain name as
in ping mydomain.com and that the ping response is to the correct IP address
for a domain controller. You can also use nslookup to make sure you can
query the _srv records for the domain as shown in the KB link below. Also
check Event Viewer on the server you are trying to joining to the domain for
any pertinent error messages. --- Steve

http://support.microsoft.com/?kbid=241515

Using Nslookup
1. From your DNS server, type nslookup at a command prompt.
2. Type set type=all, and then press ENTER.
3. Type _ldap._tcp.dc._msdcs.domainname (where domainname is the name
of your domain), and then press ENTER.
Nslookup returns one or more SRV service location records in the following
format
hostname.domainname internet address = ipaddress


"news.microsoft.com" <nomail@nomail.com> wrote in message
news:ezNUy2kIFHA.3588@TK2MSFTNGP14.phx.gbl...
> Hi there,
>
> I have recently encountered a problem with joining a computer to the my
> local domain.
> The machine that needs to join the domain is a Win2K Server. The DC (AD
> integrated) is also a Win2K Server.
> In total, there are six machines on the LAN. All are working fine
> (network-wise), except this one.
>
> When I try to let it join the domain (domain name = 'Merrick') I get the
> following error:
>
> ---
> The following error occurred validating the name "Merrick".
> This condition may be caused by a DNS lookup problem. For information
> about
> troubleshooting common DNS lookup problems, please see the following
> Microsoft Web site:
> http://go.microsoft.com/fwlink/?LinkID=5171
>
> The specified domain either does not exist or could not be contacted.
> ----
>
> Unfortunately, any solutions listed on that page have failed to solve this
> problem. Everything has been configured exactly as stated on that page,
> but
> I still can't join the domain.
>
> Other facts that may be of importance here:
> - the machine that has to be joined to the domain is reachable from other
> machines and can reach other machines.
> - i can connect to the machine using remote desktop
> - from the machine that has to be joined, i can not reach the internet
> - nslookup from the fawlty machine returns right results, even for
> external
> sites
> - normal local network functionality seems to be ok, except where AD user
> authentication is required
> - when looking up the main browser or pdc using browstat.exe
> (status/getmaster/getpdc) it returns the right results
> - the dns settings on the fawlty machine points to the PDC only
> - I have joined two other machines to the domain without any problems, so
> the problem does not seem to be with the PDC
> - there is only one NIC in the fawlty machine
>
> I can't think of anything else and I hope someone here can help me.
>
> Thanks, regards,
> Jelle
>
>
>
Related resources
Anonymous
March 6, 2005 9:16:31 PM

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.networking (More info?)

That would be 'merrick.local' and it gives the same results.

"ptwilliams" <ptw2001@hotmail.com> wrote in message
news:o C1Q19mIFHA.3196@TK2MSFTNGP15.phx.gbl...
> What happens if you use the FQDN, e.g. merrick.com?
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
>
Anonymous
March 6, 2005 10:06:23 PM

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.networking (More info?)

Hi Steven,

Thanks for your solution. Checked everything, tried to join the domain
again, but alas... no luck :-(
What else could be wrong?

Jelle

"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:uvybxQnIFHA.2852@TK2MSFTNGP09.phx.gbl...
> Verify that the time is correct on the server that you are trying to join
> the domain. Check day/month/year/time zone/AM & PM. Then make sure it is
> pointing to only your domain controller as it's preferred dns server in
> tcp/ip properties. Make sure you enter the fully qualified domain name for
> the domain when you join the domain and that you can ping the domain name
> as in ping mydomain.com and that the ping response is to the correct IP
> address for a domain controller. You can also use nslookup to make sure
> you can query the _srv records for the domain as shown in the KB link
> below. Also check Event Viewer on the server you are trying to joining to
> the domain for any pertinent error messages. --- Steve
>
> http://support.microsoft.com/?kbid=241515
>
> Using Nslookup
> 1. From your DNS server, type nslookup at a command prompt.
> 2. Type set type=all, and then press ENTER.
> 3. Type _ldap._tcp.dc._msdcs.domainname (where domainname is the name
> of your domain), and then press ENTER.
> Nslookup returns one or more SRV service location records in the following
> format
> hostname.domainname internet address = ipaddress
>
>
> "news.microsoft.com" <nomail@nomail.com> wrote in message
> news:ezNUy2kIFHA.3588@TK2MSFTNGP14.phx.gbl...
>> Hi there,
>>
>> I have recently encountered a problem with joining a computer to the my
>> local domain.
>> The machine that needs to join the domain is a Win2K Server. The DC (AD
>> integrated) is also a Win2K Server.
>> In total, there are six machines on the LAN. All are working fine
>> (network-wise), except this one.
>>
>> When I try to let it join the domain (domain name = 'Merrick') I get the
>> following error:
>>
>> ---
>> The following error occurred validating the name "Merrick".
>> This condition may be caused by a DNS lookup problem. For information
>> about
>> troubleshooting common DNS lookup problems, please see the following
>> Microsoft Web site:
>> http://go.microsoft.com/fwlink/?LinkID=5171
>>
>> The specified domain either does not exist or could not be contacted.
>> ----
>>
>> Unfortunately, any solutions listed on that page have failed to solve
>> this
>> problem. Everything has been configured exactly as stated on that page,
>> but
>> I still can't join the domain.
>>
>> Other facts that may be of importance here:
>> - the machine that has to be joined to the domain is reachable from other
>> machines and can reach other machines.
>> - i can connect to the machine using remote desktop
>> - from the machine that has to be joined, i can not reach the internet
>> - nslookup from the fawlty machine returns right results, even for
>> external
>> sites
>> - normal local network functionality seems to be ok, except where AD user
>> authentication is required
>> - when looking up the main browser or pdc using browstat.exe
>> (status/getmaster/getpdc) it returns the right results
>> - the dns settings on the fawlty machine points to the PDC only
>> - I have joined two other machines to the domain without any problems, so
>> the problem does not seem to be with the PDC
>> - there is only one NIC in the fawlty machine
>>
>> I can't think of anything else and I hope someone here can help me.
>>
>> Thanks, regards,
>> Jelle
>>
>>
>>
>
>
Anonymous
March 6, 2005 10:06:24 PM

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.networking (More info?)

Make sure that it is pointing to only the domain controller as it's
preferred dns server [never an ISP dns server in the preferred dns servers
list] and then run the support tool netdiag first on the domain controller
first and then on the server you are trying to join the domain assuming the
domain controller netdiag output looks good. Netdiag will do a battery of
tests for network connectivity, name resolution, and domain computer account
integrity. When you run netdiag on a non domain computer a lot of tests will
be skipped however since they are not pertinent but it still is a good idea
running it as it can report problems with related items that are needed for
a computer to join a domain. Another thing to try is to go to My Network
Places and find the domain controller and then try to access the sysvol
share or enter \\dcname\sysvol in the run box. You will be prompted for
credentials if you are logged onto the server with a local user account that
does not exist in the domain and then you should be able to access and
browse the sysvol share. That would establish whether or not you have basic
smb access to the domain controller or not. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;321708 --- netdiag
and how to install support tools.


"Jelle" <nomail@nomail.com> wrote in message
news:eox5ucnIFHA.4060@TK2MSFTNGP14.phx.gbl...
> Hi Steven,
>
> Thanks for your solution. Checked everything, tried to join the domain
> again, but alas... no luck :-(
> What else could be wrong?
>
> Jelle
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:uvybxQnIFHA.2852@TK2MSFTNGP09.phx.gbl...
>> Verify that the time is correct on the server that you are trying to join
>> the domain. Check day/month/year/time zone/AM & PM. Then make sure it is
>> pointing to only your domain controller as it's preferred dns server in
>> tcp/ip properties. Make sure you enter the fully qualified domain name
>> for the domain when you join the domain and that you can ping the domain
>> name as in ping mydomain.com and that the ping response is to the correct
>> IP address for a domain controller. You can also use nslookup to make
>> sure you can query the _srv records for the domain as shown in the KB
>> link below. Also check Event Viewer on the server you are trying to
>> joining to the domain for any pertinent error messages. --- Steve
>>
>> http://support.microsoft.com/?kbid=241515
>>
>> Using Nslookup
>> 1. From your DNS server, type nslookup at a command prompt.
>> 2. Type set type=all, and then press ENTER.
>> 3. Type _ldap._tcp.dc._msdcs.domainname (where domainname is the
>> name of your domain), and then press ENTER.
>> Nslookup returns one or more SRV service location records in the
>> following format
>> hostname.domainname internet address = ipaddress
>>
>>
>> "news.microsoft.com" <nomail@nomail.com> wrote in message
>> news:ezNUy2kIFHA.3588@TK2MSFTNGP14.phx.gbl...
>>> Hi there,
>>>
>>> I have recently encountered a problem with joining a computer to the my
>>> local domain.
>>> The machine that needs to join the domain is a Win2K Server. The DC (AD
>>> integrated) is also a Win2K Server.
>>> In total, there are six machines on the LAN. All are working fine
>>> (network-wise), except this one.
>>>
>>> When I try to let it join the domain (domain name = 'Merrick') I get the
>>> following error:
>>>
>>> ---
>>> The following error occurred validating the name "Merrick".
>>> This condition may be caused by a DNS lookup problem. For information
>>> about
>>> troubleshooting common DNS lookup problems, please see the following
>>> Microsoft Web site:
>>> http://go.microsoft.com/fwlink/?LinkID=5171
>>>
>>> The specified domain either does not exist or could not be contacted.
>>> ----
>>>
>>> Unfortunately, any solutions listed on that page have failed to solve
>>> this
>>> problem. Everything has been configured exactly as stated on that page,
>>> but
>>> I still can't join the domain.
>>>
>>> Other facts that may be of importance here:
>>> - the machine that has to be joined to the domain is reachable from
>>> other
>>> machines and can reach other machines.
>>> - i can connect to the machine using remote desktop
>>> - from the machine that has to be joined, i can not reach the internet
>>> - nslookup from the fawlty machine returns right results, even for
>>> external
>>> sites
>>> - normal local network functionality seems to be ok, except where AD
>>> user
>>> authentication is required
>>> - when looking up the main browser or pdc using browstat.exe
>>> (status/getmaster/getpdc) it returns the right results
>>> - the dns settings on the fawlty machine points to the PDC only
>>> - I have joined two other machines to the domain without any problems,
>>> so
>>> the problem does not seem to be with the PDC
>>> - there is only one NIC in the fawlty machine
>>>
>>> I can't think of anything else and I hope someone here can help me.
>>>
>>> Thanks, regards,
>>> Jelle
>>>
>>>
>>>
>>
>>
>
>
Anonymous
March 6, 2005 11:07:47 PM

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.networking (More info?)

Hi Steve,

I've run netdiag on both the DC and the recalcitrant machine, but the only
results where either 'passed' or 'skipped'.
I have also tried to access the sysvol on the DC and that works fine as
well, altough I didn't get the request for authorization.
Does it matter that the machine is still listed under AD Users & Computers?
Should I delete the computer and let it create a new account on joining the
domain?

Regards,
Jelle

"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:%23PaZzxnIFHA.1096@tk2msftngp13.phx.gbl...
> Make sure that it is pointing to only the domain controller as it's
> preferred dns server [never an ISP dns server in the preferred dns servers
> list] and then run the support tool netdiag first on the domain controller
> first and then on the server you are trying to join the domain assuming
> the domain controller netdiag output looks good. Netdiag will do a battery
> of tests for network connectivity, name resolution, and domain computer
> account integrity. When you run netdiag on a non domain computer a lot of
> tests will be skipped however since they are not pertinent but it still is
> a good idea running it as it can report problems with related items that
> are needed for a computer to join a domain. Another thing to try is to go
> to My Network Places and find the domain controller and then try to access
> the sysvol share or enter \\dcname\sysvol in the run box. You will be
> prompted for credentials if you are logged onto the server with a local
> user account that does not exist in the domain and then you should be able
> to access and browse the sysvol share. That would establish whether or not
> you have basic smb access to the domain controller or not. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;321708 ---
> netdiag and how to install support tools.
>
>
> "Jelle" <nomail@nomail.com> wrote in message
> news:eox5ucnIFHA.4060@TK2MSFTNGP14.phx.gbl...
>> Hi Steven,
>>
>> Thanks for your solution. Checked everything, tried to join the domain
>> again, but alas... no luck :-(
>> What else could be wrong?
>>
>> Jelle
>>
>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>> news:uvybxQnIFHA.2852@TK2MSFTNGP09.phx.gbl...
>>> Verify that the time is correct on the server that you are trying to
>>> join the domain. Check day/month/year/time zone/AM & PM. Then make sure
>>> it is pointing to only your domain controller as it's preferred dns
>>> server in tcp/ip properties. Make sure you enter the fully qualified
>>> domain name for the domain when you join the domain and that you can
>>> ping the domain name as in ping mydomain.com and that the ping response
>>> is to the correct IP address for a domain controller. You can also use
>>> nslookup to make sure you can query the _srv records for the domain as
>>> shown in the KB link below. Also check Event Viewer on the server you
>>> are trying to joining to the domain for any pertinent error
>>> messages. --- Steve
>>>
>>> http://support.microsoft.com/?kbid=241515
>>>
>>> Using Nslookup
>>> 1. From your DNS server, type nslookup at a command prompt.
>>> 2. Type set type=all, and then press ENTER.
>>> 3. Type _ldap._tcp.dc._msdcs.domainname (where domainname is the
>>> name of your domain), and then press ENTER.
>>> Nslookup returns one or more SRV service location records in the
>>> following format
>>> hostname.domainname internet address = ipaddress
>>>
>>>
>>> "news.microsoft.com" <nomail@nomail.com> wrote in message
>>> news:ezNUy2kIFHA.3588@TK2MSFTNGP14.phx.gbl...
>>>> Hi there,
>>>>
>>>> I have recently encountered a problem with joining a computer to the my
>>>> local domain.
>>>> The machine that needs to join the domain is a Win2K Server. The DC (AD
>>>> integrated) is also a Win2K Server.
>>>> In total, there are six machines on the LAN. All are working fine
>>>> (network-wise), except this one.
>>>>
>>>> When I try to let it join the domain (domain name = 'Merrick') I get
>>>> the
>>>> following error:
>>>>
>>>> ---
>>>> The following error occurred validating the name "Merrick".
>>>> This condition may be caused by a DNS lookup problem. For information
>>>> about
>>>> troubleshooting common DNS lookup problems, please see the following
>>>> Microsoft Web site:
>>>> http://go.microsoft.com/fwlink/?LinkID=5171
>>>>
>>>> The specified domain either does not exist or could not be contacted.
>>>> ----
>>>>
>>>> Unfortunately, any solutions listed on that page have failed to solve
>>>> this
>>>> problem. Everything has been configured exactly as stated on that page,
>>>> but
>>>> I still can't join the domain.
>>>>
>>>> Other facts that may be of importance here:
>>>> - the machine that has to be joined to the domain is reachable from
>>>> other
>>>> machines and can reach other machines.
>>>> - i can connect to the machine using remote desktop
>>>> - from the machine that has to be joined, i can not reach the internet
>>>> - nslookup from the fawlty machine returns right results, even for
>>>> external
>>>> sites
>>>> - normal local network functionality seems to be ok, except where AD
>>>> user
>>>> authentication is required
>>>> - when looking up the main browser or pdc using browstat.exe
>>>> (status/getmaster/getpdc) it returns the right results
>>>> - the dns settings on the fawlty machine points to the PDC only
>>>> - I have joined two other machines to the domain without any problems,
>>>> so
>>>> the problem does not seem to be with the PDC
>>>> - there is only one NIC in the fawlty machine
>>>>
>>>> I can't think of anything else and I hope someone here can help me.
>>>>
>>>> Thanks, regards,
>>>> Jelle
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
Anonymous
March 6, 2005 11:07:48 PM

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.networking (More info?)

Yes delete the computer account and try again. If your dns is correctly
configured, you can access the sysvol share, and all the netdiag tests
passed it is puzzling that you can not join the domain. If there is any
software firewall, ipsec filtering, or any other port filtering that could
also cause problems when trying to join the domain. Reboot the server before
you try to rejoin the domain if at all possible. If you are familiar with
netmon you may want to use it on the server you are trying to join to the
domain to see what is happening at the packet level by enabling netmon just
before you try to join the computer to the domain. If the server you are
trying to join to the domain has more than one network adapter, make sure
that the internal lan network adapter is at the top of the list in network
connections, advanced/advanced settings. You also might want to use the
command line tool netdom to join the computer to the domain as explained in
the link below. Also below is a network trace of a computer being joined to
the domain. The trace was on the domain controller which is 192.168.1.105
and the computer joining the domain is 192.168.1.53. It is not a capture of
the whole event but this shows how a successful domain join starts. Note the
first line is the computer querying for a domain controller via a domain
_srv record and the second line is the response. You can see in this example
that the computer and domain controller are having a successful
xchange. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;329721 -- netdom

192.168.1.105 DNS Standard query SRV _ldap._tcp.dc._msdcs.test.com
192.168.1.53 DNS Standard response SRV 0 100 389 server1.test.com
192.168.1.105 CLDAP MsgId=1 Search Request, Base DN=\(null\)
192.168.1.53 CLDAP MsgId=1 Search Entry, 1 result
192.168.1.105 DNS Standard query SRV _ldap._tcp.dc._msdcs.test.com
192.168.1.53 DNS Standard response SRV 0 100 389 server1.test.com
192.168.1.105 CLDAP MsgId=2 Search Request, Base DN=\(null\)
192.168.1.53 CLDAP MsgId=2 Search Entry, 1 result) putline
192.168.1.105 CLDAP MsgId=3 Search Request, Base DN=\(null\)
192.168.1.53 CLDAP MsgId=3 Search Entry, 1 result) putline
192.168.1.105 CLDAP MsgId=4 Search Request, Base DN=\(null\)
192.168.1.53 CLDAP MsgId=4 Search Entry, 1 result) putline


"Jelle" <nomail@nomail.com> wrote in message
news:%23Q0ND$nIFHA.2476@TK2MSFTNGP12.phx.gbl...
> Hi Steve,
>
> I've run netdiag on both the DC and the recalcitrant machine, but the only
> results where either 'passed' or 'skipped'.
> I have also tried to access the sysvol on the DC and that works fine as
> well, altough I didn't get the request for authorization.
> Does it matter that the machine is still listed under AD Users &
> Computers? Should I delete the computer and let it create a new account on
> joining the domain?
>
> Regards,
> Jelle
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:%23PaZzxnIFHA.1096@tk2msftngp13.phx.gbl...
>> Make sure that it is pointing to only the domain controller as it's
>> preferred dns server [never an ISP dns server in the preferred dns
>> servers list] and then run the support tool netdiag first on the domain
>> controller first and then on the server you are trying to join the domain
>> assuming the domain controller netdiag output looks good. Netdiag will do
>> a battery of tests for network connectivity, name resolution, and domain
>> computer account integrity. When you run netdiag on a non domain computer
>> a lot of tests will be skipped however since they are not pertinent but
>> it still is a good idea running it as it can report problems with related
>> items that are needed for a computer to join a domain. Another thing to
>> try is to go to My Network Places and find the domain controller and then
>> try to access the sysvol share or enter \\dcname\sysvol in the run box.
>> You will be prompted for credentials if you are logged onto the server
>> with a local user account that does not exist in the domain and then you
>> should be able to access and browse the sysvol share. That would
>> establish whether or not you have basic smb access to the domain
>> controller or not. --- Steve
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;321708 ---
>> netdiag and how to install support tools.
>>
>>
>> "Jelle" <nomail@nomail.com> wrote in message
>> news:eox5ucnIFHA.4060@TK2MSFTNGP14.phx.gbl...
>>> Hi Steven,
>>>
>>> Thanks for your solution. Checked everything, tried to join the domain
>>> again, but alas... no luck :-(
>>> What else could be wrong?
>>>
>>> Jelle
>>>
>>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>>> news:uvybxQnIFHA.2852@TK2MSFTNGP09.phx.gbl...
>>>> Verify that the time is correct on the server that you are trying to
>>>> join the domain. Check day/month/year/time zone/AM & PM. Then make sure
>>>> it is pointing to only your domain controller as it's preferred dns
>>>> server in tcp/ip properties. Make sure you enter the fully qualified
>>>> domain name for the domain when you join the domain and that you can
>>>> ping the domain name as in ping mydomain.com and that the ping response
>>>> is to the correct IP address for a domain controller. You can also use
>>>> nslookup to make sure you can query the _srv records for the domain as
>>>> shown in the KB link below. Also check Event Viewer on the server you
>>>> are trying to joining to the domain for any pertinent error
>>>> messages. --- Steve
>>>>
>>>> http://support.microsoft.com/?kbid=241515
>>>>
>>>> Using Nslookup
>>>> 1. From your DNS server, type nslookup at a command prompt.
>>>> 2. Type set type=all, and then press ENTER.
>>>> 3. Type _ldap._tcp.dc._msdcs.domainname (where domainname is the
>>>> name of your domain), and then press ENTER.
>>>> Nslookup returns one or more SRV service location records in the
>>>> following format
>>>> hostname.domainname internet address = ipaddress
>>>>
>>>>
>>>> "news.microsoft.com" <nomail@nomail.com> wrote in message
>>>> news:ezNUy2kIFHA.3588@TK2MSFTNGP14.phx.gbl...
>>>>> Hi there,
>>>>>
>>>>> I have recently encountered a problem with joining a computer to the
>>>>> my
>>>>> local domain.
>>>>> The machine that needs to join the domain is a Win2K Server. The DC
>>>>> (AD
>>>>> integrated) is also a Win2K Server.
>>>>> In total, there are six machines on the LAN. All are working fine
>>>>> (network-wise), except this one.
>>>>>
>>>>> When I try to let it join the domain (domain name = 'Merrick') I get
>>>>> the
>>>>> following error:
>>>>>
>>>>> ---
>>>>> The following error occurred validating the name "Merrick".
>>>>> This condition may be caused by a DNS lookup problem. For information
>>>>> about
>>>>> troubleshooting common DNS lookup problems, please see the following
>>>>> Microsoft Web site:
>>>>> http://go.microsoft.com/fwlink/?LinkID=5171
>>>>>
>>>>> The specified domain either does not exist or could not be contacted.
>>>>> ----
>>>>>
>>>>> Unfortunately, any solutions listed on that page have failed to solve
>>>>> this
>>>>> problem. Everything has been configured exactly as stated on that
>>>>> page, but
>>>>> I still can't join the domain.
>>>>>
>>>>> Other facts that may be of importance here:
>>>>> - the machine that has to be joined to the domain is reachable from
>>>>> other
>>>>> machines and can reach other machines.
>>>>> - i can connect to the machine using remote desktop
>>>>> - from the machine that has to be joined, i can not reach the internet
>>>>> - nslookup from the fawlty machine returns right results, even for
>>>>> external
>>>>> sites
>>>>> - normal local network functionality seems to be ok, except where AD
>>>>> user
>>>>> authentication is required
>>>>> - when looking up the main browser or pdc using browstat.exe
>>>>> (status/getmaster/getpdc) it returns the right results
>>>>> - the dns settings on the fawlty machine points to the PDC only
>>>>> - I have joined two other machines to the domain without any problems,
>>>>> so
>>>>> the problem does not seem to be with the PDC
>>>>> - there is only one NIC in the fawlty machine
>>>>>
>>>>> I can't think of anything else and I hope someone here can help me.
>>>>>
>>>>> Thanks, regards,
>>>>> Jelle
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
Anonymous
March 7, 2005 10:28:28 AM

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.networking (More info?)

Hi Steven,

Thanks for the further idea's. I've tried it all, including using netmon to
see what happens. No results, still the same error.

With Netmon capturing on both machines, I tried to join the domain again.
The only frames I found that were from or to that machine were the first two
line from your example. So only the Std. Query & Response where exchanged.
After that: nothing.

While doing all this, I noticed a few other things:

I can't start services WWW, SMTP or FTP: "error 126: Module could not be
found", although IIS Admin service has been started.

I have a service(!) called 'Internet Explorer' on the fawlty machine. I have
never seen that before. Any idea what this does?
The description is 'Internet Explorer Management', the file is
'C:\WINNT\System32\explorer.exe' and it's set to automatic startup.

After rebooting this machine, a few entries in the system event log appear,
which may be related:

Event Source: DCOM
Event ID: 10010
The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with DCOM
within the required timeout.

Event Source: Service Control Manager
Event ID: 7023
The Task Scheduler service terminated with the following error:
Not enough resources are available to complete this operation.

Event Source: Service Control Manager
Event ID: 7024
The Background Intelligent Transfer Service service terminated with
service-specific error 2147952506.

I've lookup them up, but so far haven't found anything conclusive to solve
this.

Any other suggestions you may have are very welcome!

Regards,
Jelle



"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:%23LA4iZoIFHA.2648@TK2MSFTNGP14.phx.gbl...
> Yes delete the computer account and try again. If your dns is correctly
> configured, you can access the sysvol share, and all the netdiag tests
> passed it is puzzling that you can not join the domain. If there is any
> software firewall, ipsec filtering, or any other port filtering that could
> also cause problems when trying to join the domain. Reboot the server
> before you try to rejoin the domain if at all possible. If you are
> familiar with netmon you may want to use it on the server you are trying
> to join to the domain to see what is happening at the packet level by
> enabling netmon just before you try to join the computer to the domain. If
> the server you are trying to join to the domain has more than one network
> adapter, make sure that the internal lan network adapter is at the top of
> the list in network connections, advanced/advanced settings. You also
> might want to use the command line tool netdom to join the computer to the
> domain as explained in the link below. Also below is a network trace of a
> computer being joined to the domain. The trace was on the domain
> controller which is 192.168.1.105 and the computer joining the domain is
> 192.168.1.53. It is not a capture of the whole event but this shows how a
> successful domain join starts. Note the first line is the computer
> querying for a domain controller via a domain _srv record and the second
> line is the response. You can see in this example that the computer and
> domain controller are having a successful xchange. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;329721 -- netdom
>
> 192.168.1.105 DNS Standard query SRV _ldap._tcp.dc._msdcs.test.com
> 192.168.1.53 DNS Standard response SRV 0 100 389 server1.test.com
> 192.168.1.105 CLDAP MsgId=1 Search Request, Base DN=\(null\)
> 192.168.1.53 CLDAP MsgId=1 Search Entry, 1 result
> 192.168.1.105 DNS Standard query SRV _ldap._tcp.dc._msdcs.test.com
> 192.168.1.53 DNS Standard response SRV 0 100 389
> server1.test.com
> 192.168.1.105 CLDAP MsgId=2 Search Request, Base DN=\(null\)
> 192.168.1.53 CLDAP MsgId=2 Search Entry, 1 result) putline
> 192.168.1.105 CLDAP MsgId=3 Search Request, Base DN=\(null\)
> 192.168.1.53 CLDAP MsgId=3 Search Entry, 1 result) putline
> 192.168.1.105 CLDAP MsgId=4 Search Request, Base DN=\(null\)
> 192.168.1.53 CLDAP MsgId=4 Search Entry, 1 result) putline
>
>
> "Jelle" <nomail@nomail.com> wrote in message
> news:%23Q0ND$nIFHA.2476@TK2MSFTNGP12.phx.gbl...
>> Hi Steve,
>>
>> I've run netdiag on both the DC and the recalcitrant machine, but the
>> only results where either 'passed' or 'skipped'.
>> I have also tried to access the sysvol on the DC and that works fine as
>> well, altough I didn't get the request for authorization.
>> Does it matter that the machine is still listed under AD Users &
>> Computers? Should I delete the computer and let it create a new account
>> on joining the domain?
>>
>> Regards,
>> Jelle
>>
>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>> news:%23PaZzxnIFHA.1096@tk2msftngp13.phx.gbl...
>>> Make sure that it is pointing to only the domain controller as it's
>>> preferred dns server [never an ISP dns server in the preferred dns
>>> servers list] and then run the support tool netdiag first on the domain
>>> controller first and then on the server you are trying to join the
>>> domain assuming the domain controller netdiag output looks good. Netdiag
>>> will do a battery of tests for network connectivity, name resolution,
>>> and domain computer account integrity. When you run netdiag on a non
>>> domain computer a lot of tests will be skipped however since they are
>>> not pertinent but it still is a good idea running it as it can report
>>> problems with related items that are needed for a computer to join a
>>> domain. Another thing to try is to go to My Network Places and find the
>>> domain controller and then try to access the sysvol share or enter
>>> \\dcname\sysvol in the run box. You will be prompted for credentials if
>>> you are logged onto the server with a local user account that does not
>>> exist in the domain and then you should be able to access and browse the
>>> sysvol share. That would establish whether or not you have basic smb
>>> access to the domain controller or not. --- Steve
>>>
>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;321708 ---
>>> netdiag and how to install support tools.
>>>
>>>
>>> "Jelle" <nomail@nomail.com> wrote in message
>>> news:eox5ucnIFHA.4060@TK2MSFTNGP14.phx.gbl...
>>>> Hi Steven,
>>>>
>>>> Thanks for your solution. Checked everything, tried to join the domain
>>>> again, but alas... no luck :-(
>>>> What else could be wrong?
>>>>
>>>> Jelle
>>>>
>>>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>>>> news:uvybxQnIFHA.2852@TK2MSFTNGP09.phx.gbl...
>>>>> Verify that the time is correct on the server that you are trying to
>>>>> join the domain. Check day/month/year/time zone/AM & PM. Then make
>>>>> sure it is pointing to only your domain controller as it's preferred
>>>>> dns server in tcp/ip properties. Make sure you enter the fully
>>>>> qualified domain name for the domain when you join the domain and that
>>>>> you can ping the domain name as in ping mydomain.com and that the ping
>>>>> response is to the correct IP address for a domain controller. You can
>>>>> also use nslookup to make sure you can query the _srv records for the
>>>>> domain as shown in the KB link below. Also check Event Viewer on the
>>>>> server you are trying to joining to the domain for any pertinent error
>>>>> messages. --- Steve
>>>>>
>>>>> http://support.microsoft.com/?kbid=241515
>>>>>
>>>>> Using Nslookup
>>>>> 1. From your DNS server, type nslookup at a command prompt.
>>>>> 2. Type set type=all, and then press ENTER.
>>>>> 3. Type _ldap._tcp.dc._msdcs.domainname (where domainname is the
>>>>> name of your domain), and then press ENTER.
>>>>> Nslookup returns one or more SRV service location records in the
>>>>> following format
>>>>> hostname.domainname internet address = ipaddress
>>>>>
>>>>>
>>>>> "news.microsoft.com" <nomail@nomail.com> wrote in message
>>>>> news:ezNUy2kIFHA.3588@TK2MSFTNGP14.phx.gbl...
>>>>>> Hi there,
>>>>>>
>>>>>> I have recently encountered a problem with joining a computer to the
>>>>>> my
>>>>>> local domain.
>>>>>> The machine that needs to join the domain is a Win2K Server. The DC
>>>>>> (AD
>>>>>> integrated) is also a Win2K Server.
>>>>>> In total, there are six machines on the LAN. All are working fine
>>>>>> (network-wise), except this one.
>>>>>>
>>>>>> When I try to let it join the domain (domain name = 'Merrick') I get
>>>>>> the
>>>>>> following error:
>>>>>>
>>>>>> ---
>>>>>> The following error occurred validating the name "Merrick".
>>>>>> This condition may be caused by a DNS lookup problem. For information
>>>>>> about
>>>>>> troubleshooting common DNS lookup problems, please see the following
>>>>>> Microsoft Web site:
>>>>>> http://go.microsoft.com/fwlink/?LinkID=5171
>>>>>>
>>>>>> The specified domain either does not exist or could not be contacted.
>>>>>> ----
>>>>>>
>>>>>> Unfortunately, any solutions listed on that page have failed to solve
>>>>>> this
>>>>>> problem. Everything has been configured exactly as stated on that
>>>>>> page, but
>>>>>> I still can't join the domain.
>>>>>>
>>>>>> Other facts that may be of importance here:
>>>>>> - the machine that has to be joined to the domain is reachable from
>>>>>> other
>>>>>> machines and can reach other machines.
>>>>>> - i can connect to the machine using remote desktop
>>>>>> - from the machine that has to be joined, i can not reach the
>>>>>> internet
>>>>>> - nslookup from the fawlty machine returns right results, even for
>>>>>> external
>>>>>> sites
>>>>>> - normal local network functionality seems to be ok, except where AD
>>>>>> user
>>>>>> authentication is required
>>>>>> - when looking up the main browser or pdc using browstat.exe
>>>>>> (status/getmaster/getpdc) it returns the right results
>>>>>> - the dns settings on the fawlty machine points to the PDC only
>>>>>> - I have joined two other machines to the domain without any
>>>>>> problems, so
>>>>>> the problem does not seem to be with the PDC
>>>>>> - there is only one NIC in the fawlty machine
>>>>>>
>>>>>> I can't think of anything else and I hope someone here can help me.
>>>>>>
>>>>>> Thanks, regards,
>>>>>> Jelle
>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
Anonymous
March 8, 2005 1:41:03 AM

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.networking (More info?)

Yikes. There must be something else going on here beyond a configuration
problem to be able to join the computer to the domain. I would be sure to
run a full virus scan on it using the latest virus definitions. The fact
that you have an unknown service called Internet Explorer and that the IIS
services can not be started because the module can not be found is
troubling. The "real" explorer.exe lives in the \winnt folder and often
malware will use legitimate file names but installed in a non default
location. You might try the free tools Process Explorer, TCPView, and
Autoruns from SysInternals to try and find out more information about that
service/process. These tools will show if a publisher name is associated
with the executable which can help track down what is going on. No publisher
name often, but not always, indicates malware. I also like to use the free
Sysclean tool from Trend Micro to check for malware as it is a stand alone
detection and removal tool for many malwares.

http://www.sysinternals.com/ntw2k/freeware/procexp.shtm... --- Process
Explorer and other utilities.
http://www.trendmicro.com/download/dcs.asp --- Sysclean
http://www.trendmicro.com/download/pattern.asp --- pattern file for
Sysclean in zip file

The other thing you could try after checking for malwares is to run System
File Checker as in sfc /sacnnow to check for proper system files. There can
be problems with SFC if you are not at SP4. Beyond that if all your problems
still persist you may need to try a repair install which will require that
you first reinstall your service pack and then all critical updates. The
links below tell more. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;222471
http://support.microsoft.com/default.aspx?scid=kb;en-us;814510
http://support.microsoft.com/kb/292175 -- requires product key and install
disk

"Jelle" <nomail@nomail.com> wrote in message
news:e9xBf7tIFHA.3076@tk2msftngp13.phx.gbl...
> Hi Steven,
>
> Thanks for the further idea's. I've tried it all, including using netmon
> to see what happens. No results, still the same error.
>
> With Netmon capturing on both machines, I tried to join the domain again.
> The only frames I found that were from or to that machine were the first
> two line from your example. So only the Std. Query & Response where
> exchanged. After that: nothing.
>
> While doing all this, I noticed a few other things:
>
> I can't start services WWW, SMTP or FTP: "error 126: Module could not be
> found", although IIS Admin service has been started.
>
> I have a service(!) called 'Internet Explorer' on the fawlty machine. I
> have never seen that before. Any idea what this does?
> The description is 'Internet Explorer Management', the file is
> 'C:\WINNT\System32\explorer.exe' and it's set to automatic startup.
>
> After rebooting this machine, a few entries in the system event log
> appear, which may be related:
>
> Event Source: DCOM
> Event ID: 10010
> The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with
> DCOM within the required timeout.
>
> Event Source: Service Control Manager
> Event ID: 7023
> The Task Scheduler service terminated with the following error:
> Not enough resources are available to complete this operation.
>
> Event Source: Service Control Manager
> Event ID: 7024
> The Background Intelligent Transfer Service service terminated with
> service-specific error 2147952506.
>
> I've lookup them up, but so far haven't found anything conclusive to solve
> this.
>
> Any other suggestions you may have are very welcome!
>
> Regards,
> Jelle
>
>
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:%23LA4iZoIFHA.2648@TK2MSFTNGP14.phx.gbl...
>> Yes delete the computer account and try again. If your dns is correctly
>> configured, you can access the sysvol share, and all the netdiag tests
>> passed it is puzzling that you can not join the domain. If there is any
>> software firewall, ipsec filtering, or any other port filtering that
>> could also cause problems when trying to join the domain. Reboot the
>> server before you try to rejoin the domain if at all possible. If you are
>> familiar with netmon you may want to use it on the server you are trying
>> to join to the domain to see what is happening at the packet level by
>> enabling netmon just before you try to join the computer to the domain.
>> If the server you are trying to join to the domain has more than one
>> network adapter, make sure that the internal lan network adapter is at
>> the top of the list in network connections, advanced/advanced settings.
>> You also might want to use the command line tool netdom to join the
>> computer to the domain as explained in the link below. Also below is a
>> network trace of a computer being joined to the domain. The trace was on
>> the domain controller which is 192.168.1.105 and the computer joining the
>> domain is 192.168.1.53. It is not a capture of the whole event but this
>> shows how a successful domain join starts. Note the first line is the
>> computer querying for a domain controller via a domain _srv record and
>> the second line is the response. You can see in this example that the
>> computer and domain controller are having a successful xchange. ---
>> Steve
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;329721 -- netdom
>>
>> 192.168.1.105 DNS Standard query SRV _ldap._tcp.dc._msdcs.test.com
>> 192.168.1.53 DNS Standard response SRV 0 100 389
>> server1.test.com
>> 192.168.1.105 CLDAP MsgId=1 Search Request, Base DN=\(null\)
>> 192.168.1.53 CLDAP MsgId=1 Search Entry, 1 result
>> 192.168.1.105 DNS Standard query SRV
>> _ldap._tcp.dc._msdcs.test.com
>> 192.168.1.53 DNS Standard response SRV 0 100 389
>> server1.test.com
>> 192.168.1.105 CLDAP MsgId=2 Search Request, Base DN=\(null\)
>> 192.168.1.53 CLDAP MsgId=2 Search Entry, 1 result) putline
>> 192.168.1.105 CLDAP MsgId=3 Search Request, Base DN=\(null\)
>> 192.168.1.53 CLDAP MsgId=3 Search Entry, 1 result) putline
>> 192.168.1.105 CLDAP MsgId=4 Search Request, Base DN=\(null\)
>> 192.168.1.53 CLDAP MsgId=4 Search Entry, 1 result) putline
>>
>>
>> "Jelle" <nomail@nomail.com> wrote in message
>> news:%23Q0ND$nIFHA.2476@TK2MSFTNGP12.phx.gbl...
>>> Hi Steve,
>>>
>>> I've run netdiag on both the DC and the recalcitrant machine, but the
>>> only results where either 'passed' or 'skipped'.
>>> I have also tried to access the sysvol on the DC and that works fine as
>>> well, altough I didn't get the request for authorization.
>>> Does it matter that the machine is still listed under AD Users &
>>> Computers? Should I delete the computer and let it create a new account
>>> on joining the domain?
>>>
>>> Regards,
>>> Jelle
>>>
>>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>>> news:%23PaZzxnIFHA.1096@tk2msftngp13.phx.gbl...
>>>> Make sure that it is pointing to only the domain controller as it's
>>>> preferred dns server [never an ISP dns server in the preferred dns
>>>> servers list] and then run the support tool netdiag first on the domain
>>>> controller first and then on the server you are trying to join the
>>>> domain assuming the domain controller netdiag output looks good.
>>>> Netdiag will do a battery of tests for network connectivity, name
>>>> resolution, and domain computer account integrity. When you run netdiag
>>>> on a non domain computer a lot of tests will be skipped however since
>>>> they are not pertinent but it still is a good idea running it as it can
>>>> report problems with related items that are needed for a computer to
>>>> join a domain. Another thing to try is to go to My Network Places and
>>>> find the domain controller and then try to access the sysvol share or
>>>> enter \\dcname\sysvol in the run box. You will be prompted for
>>>> credentials if you are logged onto the server with a local user account
>>>> that does not exist in the domain and then you should be able to access
>>>> and browse the sysvol share. That would establish whether or not you
>>>> have basic smb access to the domain controller or not. --- Steve
>>>>
>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;321708 ---
>>>> netdiag and how to install support tools.
>>>>
>>>>
>>>> "Jelle" <nomail@nomail.com> wrote in message
>>>> news:eox5ucnIFHA.4060@TK2MSFTNGP14.phx.gbl...
>>>>> Hi Steven,
>>>>>
>>>>> Thanks for your solution. Checked everything, tried to join the domain
>>>>> again, but alas... no luck :-(
>>>>> What else could be wrong?
>>>>>
>>>>> Jelle
>>>>>
>>>>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>>>>> news:uvybxQnIFHA.2852@TK2MSFTNGP09.phx.gbl...
>>>>>> Verify that the time is correct on the server that you are trying to
>>>>>> join the domain. Check day/month/year/time zone/AM & PM. Then make
>>>>>> sure it is pointing to only your domain controller as it's preferred
>>>>>> dns server in tcp/ip properties. Make sure you enter the fully
>>>>>> qualified domain name for the domain when you join the domain and
>>>>>> that you can ping the domain name as in ping mydomain.com and that
>>>>>> the ping response is to the correct IP address for a domain
>>>>>> controller. You can also use nslookup to make sure you can query the
>>>>>> _srv records for the domain as shown in the KB link below. Also check
>>>>>> Event Viewer on the server you are trying to joining to the domain
>>>>>> for any pertinent error messages. --- Steve
>>>>>>
>>>>>> http://support.microsoft.com/?kbid=241515
>>>>>>
>>>>>> Using Nslookup
>>>>>> 1. From your DNS server, type nslookup at a command prompt.
>>>>>> 2. Type set type=all, and then press ENTER.
>>>>>> 3. Type _ldap._tcp.dc._msdcs.domainname (where domainname is the
>>>>>> name of your domain), and then press ENTER.
>>>>>> Nslookup returns one or more SRV service location records in the
>>>>>> following format
>>>>>> hostname.domainname internet address = ipaddress
>>>>>>
>>>>>>
>>>>>> "news.microsoft.com" <nomail@nomail.com> wrote in message
>>>>>> news:ezNUy2kIFHA.3588@TK2MSFTNGP14.phx.gbl...
>>>>>>> Hi there,
>>>>>>>
>>>>>>> I have recently encountered a problem with joining a computer to the
>>>>>>> my
>>>>>>> local domain.
>>>>>>> The machine that needs to join the domain is a Win2K Server. The DC
>>>>>>> (AD
>>>>>>> integrated) is also a Win2K Server.
>>>>>>> In total, there are six machines on the LAN. All are working fine
>>>>>>> (network-wise), except this one.
>>>>>>>
>>>>>>> When I try to let it join the domain (domain name = 'Merrick') I get
>>>>>>> the
>>>>>>> following error:
>>>>>>>
>>>>>>> ---
>>>>>>> The following error occurred validating the name "Merrick".
>>>>>>> This condition may be caused by a DNS lookup problem. For
>>>>>>> information about
>>>>>>> troubleshooting common DNS lookup problems, please see the following
>>>>>>> Microsoft Web site:
>>>>>>> http://go.microsoft.com/fwlink/?LinkID=5171
>>>>>>>
>>>>>>> The specified domain either does not exist or could not be
>>>>>>> contacted.
>>>>>>> ----
>>>>>>>
>>>>>>> Unfortunately, any solutions listed on that page have failed to
>>>>>>> solve this
>>>>>>> problem. Everything has been configured exactly as stated on that
>>>>>>> page, but
>>>>>>> I still can't join the domain.
>>>>>>>
>>>>>>> Other facts that may be of importance here:
>>>>>>> - the machine that has to be joined to the domain is reachable from
>>>>>>> other
>>>>>>> machines and can reach other machines.
>>>>>>> - i can connect to the machine using remote desktop
>>>>>>> - from the machine that has to be joined, i can not reach the
>>>>>>> internet
>>>>>>> - nslookup from the fawlty machine returns right results, even for
>>>>>>> external
>>>>>>> sites
>>>>>>> - normal local network functionality seems to be ok, except where AD
>>>>>>> user
>>>>>>> authentication is required
>>>>>>> - when looking up the main browser or pdc using browstat.exe
>>>>>>> (status/getmaster/getpdc) it returns the right results
>>>>>>> - the dns settings on the fawlty machine points to the PDC only
>>>>>>> - I have joined two other machines to the domain without any
>>>>>>> problems, so
>>>>>>> the problem does not seem to be with the PDC
>>>>>>> - there is only one NIC in the fawlty machine
>>>>>>>
>>>>>>> I can't think of anything else and I hope someone here can help me.
>>>>>>>
>>>>>>> Thanks, regards,
>>>>>>> Jelle
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
Anonymous
March 8, 2005 9:10:35 PM

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.networking (More info?)

Hi Steven,

Well, you were right. Trend Micro found two viruses.
(Unbelievable: As long as I've been using computers, I've sworn by
Symantec - I'm a bit upset that NAV didn't catch this)

I'll see if there's a way to restore the damage done, and if not I guess
I'll have to reinstall.

Thanks for the help!


"Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
news:elpdgj5IFHA.2136@TK2MSFTNGP14.phx.gbl...
> Yikes. There must be something else going on here beyond a configuration
> problem to be able to join the computer to the domain. I would be sure to
> run a full virus scan on it using the latest virus definitions. The fact
> that you have an unknown service called Internet Explorer and that the IIS
> services can not be started because the module can not be found is
> troubling. The "real" explorer.exe lives in the \winnt folder and often
> malware will use legitimate file names but installed in a non default
> location. You might try the free tools Process Explorer, TCPView, and
> Autoruns from SysInternals to try and find out more information about that
> service/process. These tools will show if a publisher name is associated
> with the executable which can help track down what is going on. No
> publisher name often, but not always, indicates malware. I also like to
> use the free Sysclean tool from Trend Micro to check for malware as it is
> a stand alone detection and removal tool for many malwares.
>
> http://www.sysinternals.com/ntw2k/freeware/procexp.shtm... --- Process
> Explorer and other utilities.
> http://www.trendmicro.com/download/dcs.asp --- Sysclean
> http://www.trendmicro.com/download/pattern.asp --- pattern file for
> Sysclean in zip file
>
> The other thing you could try after checking for malwares is to run System
> File Checker as in sfc /sacnnow to check for proper system files. There
> can be problems with SFC if you are not at SP4. Beyond that if all your
> problems still persist you may need to try a repair install which will
> require that you first reinstall your service pack and then all critical
> updates. The links below tell more. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;en-us;222471
> http://support.microsoft.com/default.aspx?scid=kb;en-us;814510
> http://support.microsoft.com/kb/292175 -- requires product key and
> install disk
>
> "Jelle" <nomail@nomail.com> wrote in message
> news:e9xBf7tIFHA.3076@tk2msftngp13.phx.gbl...
>> Hi Steven,
>>
>> Thanks for the further idea's. I've tried it all, including using netmon
>> to see what happens. No results, still the same error.
>>
>> With Netmon capturing on both machines, I tried to join the domain again.
>> The only frames I found that were from or to that machine were the first
>> two line from your example. So only the Std. Query & Response where
>> exchanged. After that: nothing.
>>
>> While doing all this, I noticed a few other things:
>>
>> I can't start services WWW, SMTP or FTP: "error 126: Module could not be
>> found", although IIS Admin service has been started.
>>
>> I have a service(!) called 'Internet Explorer' on the fawlty machine. I
>> have never seen that before. Any idea what this does?
>> The description is 'Internet Explorer Management', the file is
>> 'C:\WINNT\System32\explorer.exe' and it's set to automatic startup.
>>
>> After rebooting this machine, a few entries in the system event log
>> appear, which may be related:
>>
>> Event Source: DCOM
>> Event ID: 10010
>> The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with
>> DCOM within the required timeout.
>>
>> Event Source: Service Control Manager
>> Event ID: 7023
>> The Task Scheduler service terminated with the following error:
>> Not enough resources are available to complete this operation.
>>
>> Event Source: Service Control Manager
>> Event ID: 7024
>> The Background Intelligent Transfer Service service terminated with
>> service-specific error 2147952506.
>>
>> I've lookup them up, but so far haven't found anything conclusive to
>> solve this.
>>
>> Any other suggestions you may have are very welcome!
>>
>> Regards,
>> Jelle
>>
>>
>>
>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>> news:%23LA4iZoIFHA.2648@TK2MSFTNGP14.phx.gbl...
>>> Yes delete the computer account and try again. If your dns is correctly
>>> configured, you can access the sysvol share, and all the netdiag tests
>>> passed it is puzzling that you can not join the domain. If there is any
>>> software firewall, ipsec filtering, or any other port filtering that
>>> could also cause problems when trying to join the domain. Reboot the
>>> server before you try to rejoin the domain if at all possible. If you
>>> are familiar with netmon you may want to use it on the server you are
>>> trying to join to the domain to see what is happening at the packet
>>> level by enabling netmon just before you try to join the computer to the
>>> domain. If the server you are trying to join to the domain has more than
>>> one network adapter, make sure that the internal lan network adapter is
>>> at the top of the list in network connections, advanced/advanced
>>> settings. You also might want to use the command line tool netdom to
>>> join the computer to the domain as explained in the link below. Also
>>> below is a network trace of a computer being joined to the domain. The
>>> trace was on the domain controller which is 192.168.1.105 and the
>>> computer joining the domain is 192.168.1.53. It is not a capture of the
>>> whole event but this shows how a successful domain join starts. Note the
>>> first line is the computer querying for a domain controller via a domain
>>> _srv record and the second line is the response. You can see in this
>>> example that the computer and domain controller are having a successful
>>> xchange. --- Steve
>>>
>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;329721 --
>>> netdom
>>>
>>> 192.168.1.105 DNS Standard query SRV
>>> _ldap._tcp.dc._msdcs.test.com
>>> 192.168.1.53 DNS Standard response SRV 0 100 389
>>> server1.test.com
>>> 192.168.1.105 CLDAP MsgId=1 Search Request, Base DN=\(null\)
>>> 192.168.1.53 CLDAP MsgId=1 Search Entry, 1 result
>>> 192.168.1.105 DNS Standard query SRV
>>> _ldap._tcp.dc._msdcs.test.com
>>> 192.168.1.53 DNS Standard response SRV 0 100 389
>>> server1.test.com
>>> 192.168.1.105 CLDAP MsgId=2 Search Request, Base DN=\(null\)
>>> 192.168.1.53 CLDAP MsgId=2 Search Entry, 1 result) putline
>>> 192.168.1.105 CLDAP MsgId=3 Search Request, Base DN=\(null\)
>>> 192.168.1.53 CLDAP MsgId=3 Search Entry, 1 result) putline
>>> 192.168.1.105 CLDAP MsgId=4 Search Request, Base DN=\(null\)
>>> 192.168.1.53 CLDAP MsgId=4 Search Entry, 1 result) putline
>>>
>>>
>>> "Jelle" <nomail@nomail.com> wrote in message
>>> news:%23Q0ND$nIFHA.2476@TK2MSFTNGP12.phx.gbl...
>>>> Hi Steve,
>>>>
>>>> I've run netdiag on both the DC and the recalcitrant machine, but the
>>>> only results where either 'passed' or 'skipped'.
>>>> I have also tried to access the sysvol on the DC and that works fine as
>>>> well, altough I didn't get the request for authorization.
>>>> Does it matter that the machine is still listed under AD Users &
>>>> Computers? Should I delete the computer and let it create a new account
>>>> on joining the domain?
>>>>
>>>> Regards,
>>>> Jelle
>>>>
>>>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>>>> news:%23PaZzxnIFHA.1096@tk2msftngp13.phx.gbl...
>>>>> Make sure that it is pointing to only the domain controller as it's
>>>>> preferred dns server [never an ISP dns server in the preferred dns
>>>>> servers list] and then run the support tool netdiag first on the
>>>>> domain controller first and then on the server you are trying to join
>>>>> the domain assuming the domain controller netdiag output looks good.
>>>>> Netdiag will do a battery of tests for network connectivity, name
>>>>> resolution, and domain computer account integrity. When you run
>>>>> netdiag on a non domain computer a lot of tests will be skipped
>>>>> however since they are not pertinent but it still is a good idea
>>>>> running it as it can report problems with related items that are
>>>>> needed for a computer to join a domain. Another thing to try is to go
>>>>> to My Network Places and find the domain controller and then try to
>>>>> access the sysvol share or enter \\dcname\sysvol in the run box. You
>>>>> will be prompted for credentials if you are logged onto the server
>>>>> with a local user account that does not exist in the domain and then
>>>>> you should be able to access and browse the sysvol share. That would
>>>>> establish whether or not you have basic smb access to the domain
>>>>> controller or not. --- Steve
>>>>>
>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;321708 ---
>>>>> netdiag and how to install support tools.
>>>>>
>>>>>
>>>>> "Jelle" <nomail@nomail.com> wrote in message
>>>>> news:eox5ucnIFHA.4060@TK2MSFTNGP14.phx.gbl...
>>>>>> Hi Steven,
>>>>>>
>>>>>> Thanks for your solution. Checked everything, tried to join the
>>>>>> domain again, but alas... no luck :-(
>>>>>> What else could be wrong?
>>>>>>
>>>>>> Jelle
>>>>>>
>>>>>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>>>>>> news:uvybxQnIFHA.2852@TK2MSFTNGP09.phx.gbl...
>>>>>>> Verify that the time is correct on the server that you are trying to
>>>>>>> join the domain. Check day/month/year/time zone/AM & PM. Then make
>>>>>>> sure it is pointing to only your domain controller as it's preferred
>>>>>>> dns server in tcp/ip properties. Make sure you enter the fully
>>>>>>> qualified domain name for the domain when you join the domain and
>>>>>>> that you can ping the domain name as in ping mydomain.com and that
>>>>>>> the ping response is to the correct IP address for a domain
>>>>>>> controller. You can also use nslookup to make sure you can query the
>>>>>>> _srv records for the domain as shown in the KB link below. Also
>>>>>>> check Event Viewer on the server you are trying to joining to the
>>>>>>> domain for any pertinent error messages. --- Steve
>>>>>>>
>>>>>>> http://support.microsoft.com/?kbid=241515
>>>>>>>
>>>>>>> Using Nslookup
>>>>>>> 1. From your DNS server, type nslookup at a command prompt.
>>>>>>> 2. Type set type=all, and then press ENTER.
>>>>>>> 3. Type _ldap._tcp.dc._msdcs.domainname (where domainname is
>>>>>>> the name of your domain), and then press ENTER.
>>>>>>> Nslookup returns one or more SRV service location records in the
>>>>>>> following format
>>>>>>> hostname.domainname internet address = ipaddress
>>>>>>>
>>>>>>>
>>>>>>> "news.microsoft.com" <nomail@nomail.com> wrote in message
>>>>>>> news:ezNUy2kIFHA.3588@TK2MSFTNGP14.phx.gbl...
>>>>>>>> Hi there,
>>>>>>>>
>>>>>>>> I have recently encountered a problem with joining a computer to
>>>>>>>> the my
>>>>>>>> local domain.
>>>>>>>> The machine that needs to join the domain is a Win2K Server. The DC
>>>>>>>> (AD
>>>>>>>> integrated) is also a Win2K Server.
>>>>>>>> In total, there are six machines on the LAN. All are working fine
>>>>>>>> (network-wise), except this one.
>>>>>>>>
>>>>>>>> When I try to let it join the domain (domain name = 'Merrick') I
>>>>>>>> get the
>>>>>>>> following error:
>>>>>>>>
>>>>>>>> ---
>>>>>>>> The following error occurred validating the name "Merrick".
>>>>>>>> This condition may be caused by a DNS lookup problem. For
>>>>>>>> information about
>>>>>>>> troubleshooting common DNS lookup problems, please see the
>>>>>>>> following
>>>>>>>> Microsoft Web site:
>>>>>>>> http://go.microsoft.com/fwlink/?LinkID=5171
>>>>>>>>
>>>>>>>> The specified domain either does not exist or could not be
>>>>>>>> contacted.
>>>>>>>> ----
>>>>>>>>
>>>>>>>> Unfortunately, any solutions listed on that page have failed to
>>>>>>>> solve this
>>>>>>>> problem. Everything has been configured exactly as stated on that
>>>>>>>> page, but
>>>>>>>> I still can't join the domain.
>>>>>>>>
>>>>>>>> Other facts that may be of importance here:
>>>>>>>> - the machine that has to be joined to the domain is reachable from
>>>>>>>> other
>>>>>>>> machines and can reach other machines.
>>>>>>>> - i can connect to the machine using remote desktop
>>>>>>>> - from the machine that has to be joined, i can not reach the
>>>>>>>> internet
>>>>>>>> - nslookup from the fawlty machine returns right results, even for
>>>>>>>> external
>>>>>>>> sites
>>>>>>>> - normal local network functionality seems to be ok, except where
>>>>>>>> AD user
>>>>>>>> authentication is required
>>>>>>>> - when looking up the main browser or pdc using browstat.exe
>>>>>>>> (status/getmaster/getpdc) it returns the right results
>>>>>>>> - the dns settings on the fawlty machine points to the PDC only
>>>>>>>> - I have joined two other machines to the domain without any
>>>>>>>> problems, so
>>>>>>>> the problem does not seem to be with the PDC
>>>>>>>> - there is only one NIC in the fawlty machine
>>>>>>>>
>>>>>>>> I can't think of anything else and I hope someone here can help me.
>>>>>>>>
>>>>>>>> Thanks, regards,
>>>>>>>> Jelle
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
Anonymous
March 8, 2005 9:10:36 PM

Archived from groups: microsoft.public.win2000.active_directory,microsoft.public.win2000.networking (More info?)

OK. Well I guess that explains the odd behavior. Hope you don't have too
much of a hassle getting things sorted out. It is not entirely unusual for
one antivirus program to catch something that another does not. I would not
give up on Symantec but based often a second opinion is worth a try. The
"root kits" that are going around can be a real nightmare as they are hard
to detect and will escape normal detection means. SysInternals has a new
tool to help find root kits as shown in the link below. --- Steve

http://www.sysinternals.com/ntw2k/freeware/rootkitrevea...

"Jelle" <nomail@nomail.com> wrote in message
news:o jLvdHAJFHA.3356@TK2MSFTNGP12.phx.gbl...
> Hi Steven,
>
> Well, you were right. Trend Micro found two viruses.
> (Unbelievable: As long as I've been using computers, I've sworn by
> Symantec - I'm a bit upset that NAV didn't catch this)
>
> I'll see if there's a way to restore the damage done, and if not I guess
> I'll have to reinstall.
>
> Thanks for the help!
>
>
> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> news:elpdgj5IFHA.2136@TK2MSFTNGP14.phx.gbl...
>> Yikes. There must be something else going on here beyond a configuration
>> problem to be able to join the computer to the domain. I would be sure to
>> run a full virus scan on it using the latest virus definitions. The fact
>> that you have an unknown service called Internet Explorer and that the
>> IIS services can not be started because the module can not be found is
>> troubling. The "real" explorer.exe lives in the \winnt folder and often
>> malware will use legitimate file names but installed in a non default
>> location. You might try the free tools Process Explorer, TCPView, and
>> Autoruns from SysInternals to try and find out more information about
>> that service/process. These tools will show if a publisher name is
>> associated with the executable which can help track down what is going
>> on. No publisher name often, but not always, indicates malware. I also
>> like to use the free Sysclean tool from Trend Micro to check for malware
>> as it is a stand alone detection and removal tool for many malwares.
>>
>> http://www.sysinternals.com/ntw2k/freeware/procexp.shtm... --- Process
>> Explorer and other utilities.
>> http://www.trendmicro.com/download/dcs.asp --- Sysclean
>> http://www.trendmicro.com/download/pattern.asp --- pattern file for
>> Sysclean in zip file
>>
>> The other thing you could try after checking for malwares is to run
>> System File Checker as in sfc /sacnnow to check for proper system files.
>> There can be problems with SFC if you are not at SP4. Beyond that if all
>> your problems still persist you may need to try a repair install which
>> will require that you first reinstall your service pack and then all
>> critical updates. The links below tell more. --- Steve
>>
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;222471
>> http://support.microsoft.com/default.aspx?scid=kb;en-us;814510
>> http://support.microsoft.com/kb/292175 -- requires product key and
>> install disk
>>
>> "Jelle" <nomail@nomail.com> wrote in message
>> news:e9xBf7tIFHA.3076@tk2msftngp13.phx.gbl...
>>> Hi Steven,
>>>
>>> Thanks for the further idea's. I've tried it all, including using netmon
>>> to see what happens. No results, still the same error.
>>>
>>> With Netmon capturing on both machines, I tried to join the domain
>>> again. The only frames I found that were from or to that machine were
>>> the first two line from your example. So only the Std. Query & Response
>>> where exchanged. After that: nothing.
>>>
>>> While doing all this, I noticed a few other things:
>>>
>>> I can't start services WWW, SMTP or FTP: "error 126: Module could not be
>>> found", although IIS Admin service has been started.
>>>
>>> I have a service(!) called 'Internet Explorer' on the fawlty machine. I
>>> have never seen that before. Any idea what this does?
>>> The description is 'Internet Explorer Management', the file is
>>> 'C:\WINNT\System32\explorer.exe' and it's set to automatic startup.
>>>
>>> After rebooting this machine, a few entries in the system event log
>>> appear, which may be related:
>>>
>>> Event Source: DCOM
>>> Event ID: 10010
>>> The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register with
>>> DCOM within the required timeout.
>>>
>>> Event Source: Service Control Manager
>>> Event ID: 7023
>>> The Task Scheduler service terminated with the following error:
>>> Not enough resources are available to complete this operation.
>>>
>>> Event Source: Service Control Manager
>>> Event ID: 7024
>>> The Background Intelligent Transfer Service service terminated with
>>> service-specific error 2147952506.
>>>
>>> I've lookup them up, but so far haven't found anything conclusive to
>>> solve this.
>>>
>>> Any other suggestions you may have are very welcome!
>>>
>>> Regards,
>>> Jelle
>>>
>>>
>>>
>>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>>> news:%23LA4iZoIFHA.2648@TK2MSFTNGP14.phx.gbl...
>>>> Yes delete the computer account and try again. If your dns is correctly
>>>> configured, you can access the sysvol share, and all the netdiag tests
>>>> passed it is puzzling that you can not join the domain. If there is any
>>>> software firewall, ipsec filtering, or any other port filtering that
>>>> could also cause problems when trying to join the domain. Reboot the
>>>> server before you try to rejoin the domain if at all possible. If you
>>>> are familiar with netmon you may want to use it on the server you are
>>>> trying to join to the domain to see what is happening at the packet
>>>> level by enabling netmon just before you try to join the computer to
>>>> the domain. If the server you are trying to join to the domain has more
>>>> than one network adapter, make sure that the internal lan network
>>>> adapter is at the top of the list in network connections,
>>>> advanced/advanced settings. You also might want to use the command line
>>>> tool netdom to join the computer to the domain as explained in the link
>>>> below. Also below is a network trace of a computer being joined to the
>>>> domain. The trace was on the domain controller which is 192.168.1.105
>>>> and the computer joining the domain is 192.168.1.53. It is not a
>>>> capture of the whole event but this shows how a successful domain join
>>>> starts. Note the first line is the computer querying for a domain
>>>> controller via a domain _srv record and the second line is the
>>>> response. You can see in this example that the computer and domain
>>>> controller are having a successful xchange. --- Steve
>>>>
>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;329721 --
>>>> netdom
>>>>
>>>> 192.168.1.105 DNS Standard query SRV
>>>> _ldap._tcp.dc._msdcs.test.com
>>>> 192.168.1.53 DNS Standard response SRV 0 100 389
>>>> server1.test.com
>>>> 192.168.1.105 CLDAP MsgId=1 Search Request, Base DN=\(null\)
>>>> 192.168.1.53 CLDAP MsgId=1 Search Entry, 1 result
>>>> 192.168.1.105 DNS Standard query SRV
>>>> _ldap._tcp.dc._msdcs.test.com
>>>> 192.168.1.53 DNS Standard response SRV 0 100 389
>>>> server1.test.com
>>>> 192.168.1.105 CLDAP MsgId=2 Search Request, Base DN=\(null\)
>>>> 192.168.1.53 CLDAP MsgId=2 Search Entry, 1 result) putline
>>>> 192.168.1.105 CLDAP MsgId=3 Search Request, Base DN=\(null\)
>>>> 192.168.1.53 CLDAP MsgId=3 Search Entry, 1 result) putline
>>>> 192.168.1.105 CLDAP MsgId=4 Search Request, Base DN=\(null\)
>>>> 192.168.1.53 CLDAP MsgId=4 Search Entry, 1 result) putline
>>>>
>>>>
>>>> "Jelle" <nomail@nomail.com> wrote in message
>>>> news:%23Q0ND$nIFHA.2476@TK2MSFTNGP12.phx.gbl...
>>>>> Hi Steve,
>>>>>
>>>>> I've run netdiag on both the DC and the recalcitrant machine, but the
>>>>> only results where either 'passed' or 'skipped'.
>>>>> I have also tried to access the sysvol on the DC and that works fine
>>>>> as well, altough I didn't get the request for authorization.
>>>>> Does it matter that the machine is still listed under AD Users &
>>>>> Computers? Should I delete the computer and let it create a new
>>>>> account on joining the domain?
>>>>>
>>>>> Regards,
>>>>> Jelle
>>>>>
>>>>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>>>>> news:%23PaZzxnIFHA.1096@tk2msftngp13.phx.gbl...
>>>>>> Make sure that it is pointing to only the domain controller as it's
>>>>>> preferred dns server [never an ISP dns server in the preferred dns
>>>>>> servers list] and then run the support tool netdiag first on the
>>>>>> domain controller first and then on the server you are trying to join
>>>>>> the domain assuming the domain controller netdiag output looks good.
>>>>>> Netdiag will do a battery of tests for network connectivity, name
>>>>>> resolution, and domain computer account integrity. When you run
>>>>>> netdiag on a non domain computer a lot of tests will be skipped
>>>>>> however since they are not pertinent but it still is a good idea
>>>>>> running it as it can report problems with related items that are
>>>>>> needed for a computer to join a domain. Another thing to try is to go
>>>>>> to My Network Places and find the domain controller and then try to
>>>>>> access the sysvol share or enter \\dcname\sysvol in the run box. You
>>>>>> will be prompted for credentials if you are logged onto the server
>>>>>> with a local user account that does not exist in the domain and then
>>>>>> you should be able to access and browse the sysvol share. That would
>>>>>> establish whether or not you have basic smb access to the domain
>>>>>> controller or not. --- Steve
>>>>>>
>>>>>> http://support.microsoft.com/default.aspx?scid=kb;en-us;321708 ---
>>>>>> netdiag and how to install support tools.
>>>>>>
>>>>>>
>>>>>> "Jelle" <nomail@nomail.com> wrote in message
>>>>>> news:eox5ucnIFHA.4060@TK2MSFTNGP14.phx.gbl...
>>>>>>> Hi Steven,
>>>>>>>
>>>>>>> Thanks for your solution. Checked everything, tried to join the
>>>>>>> domain again, but alas... no luck :-(
>>>>>>> What else could be wrong?
>>>>>>>
>>>>>>> Jelle
>>>>>>>
>>>>>>> "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
>>>>>>> news:uvybxQnIFHA.2852@TK2MSFTNGP09.phx.gbl...
>>>>>>>> Verify that the time is correct on the server that you are trying
>>>>>>>> to join the domain. Check day/month/year/time zone/AM & PM. Then
>>>>>>>> make sure it is pointing to only your domain controller as it's
>>>>>>>> preferred dns server in tcp/ip properties. Make sure you enter the
>>>>>>>> fully qualified domain name for the domain when you join the domain
>>>>>>>> and that you can ping the domain name as in ping mydomain.com and
>>>>>>>> that the ping response is to the correct IP address for a domain
>>>>>>>> controller. You can also use nslookup to make sure you can query
>>>>>>>> the _srv records for the domain as shown in the KB link below. Also
>>>>>>>> check Event Viewer on the server you are trying to joining to the
>>>>>>>> domain for any pertinent error messages. --- Steve
>>>>>>>>
>>>>>>>> http://support.microsoft.com/?kbid=241515
>>>>>>>>
>>>>>>>> Using Nslookup
>>>>>>>> 1. From your DNS server, type nslookup at a command prompt.
>>>>>>>> 2. Type set type=all, and then press ENTER.
>>>>>>>> 3. Type _ldap._tcp.dc._msdcs.domainname (where domainname is
>>>>>>>> the name of your domain), and then press ENTER.
>>>>>>>> Nslookup returns one or more SRV service location records in the
>>>>>>>> following format
>>>>>>>> hostname.domainname internet address = ipaddress
>>>>>>>>
>>>>>>>>
>>>>>>>> "news.microsoft.com" <nomail@nomail.com> wrote in message
>>>>>>>> news:ezNUy2kIFHA.3588@TK2MSFTNGP14.phx.gbl...
>>>>>>>>> Hi there,
>>>>>>>>>
>>>>>>>>> I have recently encountered a problem with joining a computer to
>>>>>>>>> the my
>>>>>>>>> local domain.
>>>>>>>>> The machine that needs to join the domain is a Win2K Server. The
>>>>>>>>> DC (AD
>>>>>>>>> integrated) is also a Win2K Server.
>>>>>>>>> In total, there are six machines on the LAN. All are working fine
>>>>>>>>> (network-wise), except this one.
>>>>>>>>>
>>>>>>>>> When I try to let it join the domain (domain name = 'Merrick') I
>>>>>>>>> get the
>>>>>>>>> following error:
>>>>>>>>>
>>>>>>>>> ---
>>>>>>>>> The following error occurred validating the name "Merrick".
>>>>>>>>> This condition may be caused by a DNS lookup problem. For
>>>>>>>>> information about
>>>>>>>>> troubleshooting common DNS lookup problems, please see the
>>>>>>>>> following
>>>>>>>>> Microsoft Web site:
>>>>>>>>> http://go.microsoft.com/fwlink/?LinkID=5171
>>>>>>>>>
>>>>>>>>> The specified domain either does not exist or could not be
>>>>>>>>> contacted.
>>>>>>>>> ----
>>>>>>>>>
>>>>>>>>> Unfortunately, any solutions listed on that page have failed to
>>>>>>>>> solve this
>>>>>>>>> problem. Everything has been configured exactly as stated on that
>>>>>>>>> page, but
>>>>>>>>> I still can't join the domain.
>>>>>>>>>
>>>>>>>>> Other facts that may be of importance here:
>>>>>>>>> - the machine that has to be joined to the domain is reachable
>>>>>>>>> from other
>>>>>>>>> machines and can reach other machines.
>>>>>>>>> - i can connect to the machine using remote desktop
>>>>>>>>> - from the machine that has to be joined, i can not reach the
>>>>>>>>> internet
>>>>>>>>> - nslookup from the fawlty machine returns right results, even for
>>>>>>>>> external
>>>>>>>>> sites
>>>>>>>>> - normal local network functionality seems to be ok, except where
>>>>>>>>> AD user
>>>>>>>>> authentication is required
>>>>>>>>> - when looking up the main browser or pdc using browstat.exe
>>>>>>>>> (status/getmaster/getpdc) it returns the right results
>>>>>>>>> - the dns settings on the fawlty machine points to the PDC only
>>>>>>>>> - I have joined two other machines to the domain without any
>>>>>>>>> problems, so
>>>>>>>>> the problem does not seem to be with the PDC
>>>>>>>>> - there is only one NIC in the fawlty machine
>>>>>>>>>
>>>>>>>>> I can't think of anything else and I hope someone here can help
>>>>>>>>> me.
>>>>>>>>>
>>>>>>>>> Thanks, regards,
>>>>>>>>> Jelle
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>
!