XP box won't join 2003 AD/Domain

knudsen

Distinguished
Jul 23, 2006
106
0
18,690
Hullo,

I have an XP SP2 box out on a VLAN that just won't join the domain. Other XP boxes in the same VLAN and same physical path (same switches) join up and see the resources no problem. We are using XP SP2 clients (plus a few 2k here and there), 2003 server for the DC, 2003 storage server for the NAS/print spooler and a Cisco ASA-5100 routes the VLAN's and provides a fire wall.

This was on the domain, but it was not running the login scripts and could not access domain resources. The logon scripts are simple file share and printer connections that are working on the rest of the PC's on that VLAN. When this happened, I did the simple stuff, pings, double checked settings, log off/on, reboot, replace the cable to the PC, try another interface on the switch, check log files. I noticed the application log was getting 4 errors one each logon. The first error would say to the effect that it could not reach %network path%/gpt.ini (errors quoted at the bottom of this post). The second states, "Windows cannot query for the list of Group Policy objects." Then both errors repeat once.

Also noted was a Warning that windows saved the registry while an application still had it open during shutdown.


It can Ping anything it is supposed to be able to see. Internet access is good and I am able to download as fast as 450 MB/min (yes, we have a screaming connection). The AD and servers are in a DMZ and all can be reached. When I try to join xxx.local, I get a user/pass dialog right away, followed by the usual wait then "network path not found" If I try just xxxx I get quickly get domain does not exist.

After the problem seemed to be isolated to the local PC, I tried an XP repair, which completed sucessfully, but made no changes to the symptoms.

Finally, we disjoined the domain. After that we were unable to rejoin. We retraced the troubleshooting and it still seems to be the PC. The network path seems to be working, other PC's on the same switch are on the, domain using directory resources. The cat5 patch cable to the switch was replaced again. Still can ping anything and Internet access is very fast. BTW: We go through the same infrastructure to access the Internat as we do to access the DC.

Topo is something like this:

XP boxes (Working and bad one)<--->[unman switch]<--->[Cisco 10/100/1000 switch VLANxxx]<--->[Dell 5324 10/100/1000 switch]<--(TRUNK)-->[Cisco ASA]<--(TRUNK)-->[Dell 5324 10/100/1000 switch]<--->DMZ (AD DC and other servers + Internet)

(AD DC = Ative Directory Domain Controller)

I have bypassed the unmannaged switch as well.

This network is coming out of test and very few PC's are on it as of yet, but others are not having this problem. Traffic is minimal at this point.

First Error:

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1058
Date: 5/6/2008
Time: 11:58:31 AM
User: XXX (Local PC GUID)
Computer: XXX (Local PC Name)
Description:
Windows cannot access the file gpt.ini for GPO
cn={XXX},cn=policies,cn=system,DC=oisc,DC=local.
The file must be present at the location
<\\oisc.local\SysVol\oisc.local\Policies\{XXX}\gpt.ini>.
(The network path was not found. ). Group Policy processing aborted.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.


2nd error:

Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1030
Date: 5/6/2008
Time: 11:58:31 AM
User: XXX (Local PC GUID)
Computer: XXX (Local PC Name)
Description:
Windows cannot query for the list of Group Policy objects. A message that
describes the reason for this was previously logged by the policy engine.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Warning:

Event Type: Warning
Event Source: Userenv
Event Category: None
Event ID: 1517
Date: 5/6/2008
Time: 11:57:29 AM
User: NT AUTHORITY\SYSTEM
Computer: XXX (Local PC Name)
Description:
Windows saved user XXX (Domain Name)\XXX (Login Name) registry while an application or service was still using the registry during log off. The memory used by the user's registry
has not been freed. The registry will be unloaded when it is no longer in use.

This is often caused by services running as a user account, try configuring the
services to run in either the LocalService or NetworkService account.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Any ideas???

I'm ready for the looney bin :pt1cable: :pt1cable: :pt1cable:
 

knudsen

Distinguished
Jul 23, 2006
106
0
18,690
Another detail: We use static IP's, 172.x.x.x masked 255.255.255.0

and the DC is the DNS server. So we hiot the DC when getting to the Internet.
 

lotussama

Distinguished
Dec 19, 2006
172
0
18,690
Here are a couple things to note:

1) You said XP SP2....I'll assume it's XP Pro SP2. XP Home won't join to an AD Domain.

2) Have you deleted the computer's account from active directory? It's possible that the computer's account has gotten out of sync with AD. Delete that account, then try to rejoin the domain.
 

knudsen

Distinguished
Jul 23, 2006
106
0
18,690
Thanks for the tip. Yes it's Pro. The name was not on the DC after it was disjoined, so that was not the problem. I also checked in DNS. I found a KB (887303) that goes into great detail about what to check for Event ID: 1058. It was all verification... nothing to change. I did run "ipconfig /flushdns" which changed the symptoms. I no longer get the errors in the event log, but I still can't join. It still pops up the same error, can't find xxx.local. Hummmph. I'm going to try and change the SID tomorrow. http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx I will follow up if I get it, but appreciate any more input from anyone. Thanks lotussama! Oh, someone on another forum said I should be fired LOL.
 

sacdan

Distinguished
May 16, 2008
16
0
18,510
Your SID will be recreated when you join the Domain. Try changing the Workgroup name. Then try to join the Domain. I have also seen instances of multiple NICs causing problems when joinging a Domain. You also want to make sure you don't have a static IP.
 

knudsen

Distinguished
Jul 23, 2006
106
0
18,690
sacdan, thanks for the tips. We only have static IPs. IT does have a 2nd NIC, but I did try to disable it then join. My choice would be DHCP, but how does that effect joining? I did try different IP's. I tried plugging it into the switch closest to the ASA, the one with all the VLANs. And I tried putting it on the same VLAN as the DC (bypassing the ASA firewall). Still grumpy.

Integrated NIC, the one I disabled is for the instruments. The other NIC is a card, the one I am trying to join the domain.

I am curious about the static IP problem, but I'm not sure if there is anything I can do about it.
 
G

Guest

Guest
Did you make sure that the "File & Printer Sharing" checkbox is checked in the Network properties of the NIC you're using for the LAN? I know it might sound like an obvious point, but I've gone through hours of troubleshooting before realizing this was the problem that caused clients not to join the domain.