Networking

Troubleshooting Windows NT domains

Sometimes, getting Windows NT into a domain can be tricky. In this Daily Drill Down, Brien Posey helps you solve those annoying domain problems.


Have you ever had difficulty trying to attach a Windows NT Workstation to a domain? If so, you know just how frustrating the process of trying to join a domain can be. In this Daily Drill Down, I’ll discuss reasons you might be having this problem and then walk you through some solutions.

What’s a domain?
In the world of Windows NT networking, a domain is an administrative, not a physical, unit that includes and controls access to such network resources as printers, users, or groups. The network can be set up as one domain or divided up into many. When you join a domain, you gain access to its resources. You will need an account on a Windows NT server to join a domain.

Joining a domain
There are two basic ways to join a Windows NT domain. The first method is by joining during Windows NT setup. The second method involves joining later on, or switching domains after Windows NT has been installed.

Joining during Setup
After Setup completes its initial phases, it begins configuring NT’s network connection. Setup will ask if your computer will be participating in a network, if it’s wired to the network or will be using remote access, the type of network adapter installed, and the network protocol that will be used.

After you select and configure your protocols, you’ll enter the workgroup and domain phase of the Setup program. This phase begins when Windows NT initializes the network components you’ve installed. After the network has been started, Windows NT Setup will ask if your machine will participate in a workgroup or in a domain. Select the Domain radio button and enter the name of your domain in the domain field. Before continuing, select the option Create A Computer Account In This Domain. Just as a user account lets a user interact with the domain, a computer account lets a computer interact with the domain. Only machines running Windows NT or Windows 2000 require a computer account. At this point, enter a username and password for the Administrator or for another user with the authority to create computer accounts and click Next. After a few seconds, you should see a message welcoming you to the domain.

Joining after Setup
After Windows NT has already been installed, the process of joining a domain or of switching to a different domain is very similar. Open Control Panel and double-click the Network icon. You’ll see the Network properties sheet, shown in Figure A. After verifying that all the appropriate services and protocols are installed, click the Change button. The next screen allows you to change either the computer name or the domain name. Enter the domain that you want to join and click OK. After Windows NT locates the domain controller for that domain, you may be prompted for the username and password of a user who has the authority to create a computer account in the new domain. Once you’ve joined the new domain, you’ll have to reboot your computer.

Figure A
The Network properties sheet allows you to change your computer’s domain.


Troubleshooting problems during Setup
Start simple

A problem joining a domain during Windows NT Setup doesn’t have to be complicated. The problem could be as simple as a spelling error. Check the spelling of the domain name, or the administrator’s account name and password. You may also simply have a bad network cable. Check the lights on the back of your network card to see if they indicate a live network link, and if there’s a flashing light to indicate network traffic flowing through the card. If the link light isn’t lit or if you can’t verify traffic flowing across the card, you might try plugging into a different network port with a different patch cable. If this doesn’t solve the problem, you might try replacing your network card.

Check network card drivers

As you can see, joining a domain during setup involves a lot of steps. If something goes wrong during any one of them, you won’t be able to join the domain. The first common problem is that the wrong type of network card is selected. This occurs most often when the auto-detect option is used. Many times cards that are similar to the Novell NE2000 cards are mistaken for NE2000 cards. However, the NE2000 driver works only on true NE2000-compatible network adapters. Likewise, many generic cards are commonly mistaken for Intel network cards. If you’re having trouble joining a domain during Setup and the auto-detect function identified one of these two types of cards as being in your system, I recommend double-checking the card to make sure it was identified correctly.

Check network protocol

Another common problem occurs when the wrong protocol is selected. For example, if all of your domain controllers are running IPX/SPX, but you choose NetBEUI as your protocol, your computer won’t be able to communicate with the domain controller. To solve this problem, just make sure that the domain controllers are running the same protocol that you are.

There are several other protocol-related problems that can cause the domain controller not to be seen by your workstation. For example, if you use NetBEUI on your network, you should know that NetBEUI isn’t routable. This means that if there’s a router on your network, the workstation will only be able to communicate with computers that are on the same side of the router. If the domain controller is on the other side, your workstation won’t be able to see it and won’t be able to join the domain. In such a situation, the best thing to do is to install a routable protocol, such as TCP/IP or IPX/SPX, on the server and the workstations.

Check name recognition

TCP/IP is the most complicated protocol that’s natively supported by Windows NT. Therefore, it should come as no surprise that TCP/IP can be the culprit for many different reasons. The most common cause of not being able to join a domain on a TCP/IP network is that the domain controller’s name isn’t recognized. Remember that TCP/IP works with numbers instead of names. For example, on my personal network my primary domain controller is named TALAINIA and the IP address is 147.100.100.25. (I don’t own this address and the server isn’t accessible to the outside world.) Even though the computer’s name is TALAINIA, without some outside help, the other computers on my network only see it as 147.100.100.25. To associate the computer name (and domain name) with the IP address, I use a WINS server (a DNS server could also be used). Each workstation knows the address of my WINS server. Therefore, if a system needs to communicate with another computer on my network by name, it looks the name up on the WINS server. The WINS server tells the workstation the IP address in use by that machine so that communications may begin.

If your network consists of a single subnet and no routers, you may be able to get away with not using a WINS or a DNS server, but as your network grows, you may eventually have to add one.

Check your service pack

I’ve also seen situations in which some brands of network cards use more complicated drivers than most other brands. In a situation like this, the card may not function correctly unless the current service pack is installed. Obviously, you can’t install a service pack during setup. What you can do, though, is just set up the workstation as if it were going to be part of a workgroup. After Setup completes, you can install the current service pack and then join the domain.

I should also mention that Service Packs 6 and 6A have both caused problems for me. I’ve had several computers running Windows NT Workstation with Service Pack 5 that were functioning perfectly. After installing Service Pack 6, most of the machines could no longer communicate with the domain. The few that could ran extremely slowly. The only way that I was able to correct the problem was to uninstall Service Pack 6 or to upgrade to Windows 2000. Unfortunately, if you didn’t select the option during the Service Pack 6 Setup that lets you uninstall the service pack, you’ll pretty much have to either format the hard disk and start over or upgrade to Windows 2000. Simply reloading Windows NT and installing Service Pack 5 won’t get the job done.

Troubleshooting problems after Setup
Although any of the problems associated with not being able to join a domain during Setup can come into play when switching domains, the chances are pretty slim. After all, if the machine was able to communicate with another domain, then the network card and protocols are obviously working. There are really only two questions you should ask in such a situation.

Is the domain controller accessible?

First, is the domain accessible? Even if the network is physically functional, a routing problem such as the ones I described earlier may prevent you from accessing a domain controller in the new domain. To test to see if this is the case, open a Command Prompt window and try to ping the new domain’s primary domain controller to see if it’s accessible. To help you narrow down the problem, try pinging by computer name and by IP address.

Is there a duplicate computer name?

If the domain controller is accessible and all of your security credentials check out, there’s a possibility that a computer account that matches your computer name already exists in the domain. To check for this situation, go to a machine that’s already a member of the domain and open Server Manager. As you can see in Figure B, Server Manager contains a list of every known Windows NT machine in the domain. Search the list for a computer with the same name as yours. If you find such a computer, look at its icon. If the icon is grayed out, the computer is currently turned off, disconnected from the network, or no longer exists. If the icon isn’t grayed out, a computer with the same name as yours is already online in the domain, and you’ll have no choice but to rename your machine.

Figure B
Server Manager contains a list of every known Windows NT machine in the domain.


If the icon is grayed out, you’ll have to start doing some digging to determine whether it represents a machine that still exists on the network. If the machine doesn’t exist anymore, simply remove the reference to it from Server Manager. Remember that after you remove a computer account from a domain, it may take some time for the change to be replicated to all of the domain controllers. This means that you may not be able to join the domain immediately, even after the account has been removed. If this causes a problem, you can always come up with a new name that's not in use for your computer and join the domain immediately.

Conclusion
Joining a Windows NT domain can be frustrating if your network isn’t configured just right. In this Daily Drill Down, I’ve discussed some common causes for Windows NT Workstation to be rejected when trying to join a domain. I also provided you with some solutions for the various problems.

Brien M. Posey is an MCSE who works as a freelance technical writer and as a network engineer for the Department of Defense. If you’d like to contact Brien, send him an e-mail. (Because of the large volume of e-mail he receives, it's impossible for him to respond to every message. However, he does read them all.)

The authors and editors have taken care in preparation of the content contained herein, but make no expressed or implied warranty of any kind and assume no responsibility for errors or omissions. No liability is assumed for any damages. Always have a verified backup before making any changes.

Editor's Picks