Question

Locked

Cant join winXPpro workstation to the domain

By chrislambeth ·
this has been bugging me for a few days now, and maybe somebody here will have seen this one before. I have a win2k3 enterprise server that is acting as both my domain controller and internal DNS server. netbois is enabled on both the workstation and the DC server. the windows firewall service is disabled on both as well. neither are running any software firewalls (theyre installed, i just have them shut down to try and join the xp box to the domain).

the problem is that i cannot get the xp pro box joined to the domain. it has been joined to the domain of a previous workplace before, and i dont know if a box can be joined to multiple domains (though i dont see where that would be a problem). the error i keep getting on the xp box is: "The following error occurred attempting to join the domain 'mydomain': Access is denied." now the user creds that i am using for the join is a domain user on the DC that is a member of both the Administrators and the Domain Admins groups.

so what in the world is it that im doing wrong here? (or is it something ive overlooked and not doing at all?) if anybody can shed some light on this issue, it would be greatly appreciated.

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

remove it from the previous domain

by w2ktechman In reply to Cant join winXPpro workst ...

and put it in a workgroup. reboot and re-add.

If that does not work, try renaming the system, and adding the new computername to the AD before adding.

Collapse -

A couple of things to try

by Jacky Howe In reply to Cant join winXPpro workst ...

Check that the PC has been removed from the previous Domain and is in a Workgroup.
Check that Client for MS Networks is installed.
Also make sure the Computer Name conforms to correct Netbios naming conventions and isn't already in use.
Delete any existing computer accounts on the File Server.
Make sure DNS points to the Domain DNS.
If you are using DHCP or a Static IP DNS and Gateway change them to something different and restart the PC.
This should flush the Registry if there was old information in there. Reconfigure the IP's.
Check that the computer's clock is within 5 minutes of a domain controller, otherwise network logons will fail.

Delegate rights using Active Directory Users and Computers:
1. Open the Active Directory Users and Computers snap-in.
2. Right-click the container under which you want the computers added, and press Delegate Control.
3. Press Next.
4. Press Add.
5. After adding all the users and/or groups, press Next.
6. Select Create custom task to delegate and press Next.
7. Select Only the following objects in the folder, check Computer objects, check the Create selected objects in this folder box, and press Next.
8. Check the Create all child object box and press Next.
9. Press Finish.

Collapse -

found it!

by chrislambeth In reply to Cant join winXPpro workst ...

ok i finally nailed down the source of the problem. i dont know if it had anything to do at all with pulling the workstation off of the domain to which it was previously joined (thankfully the cached domain profile was easy enough to move over to a local user), but there were 2 registry values that i changed that finally did the trick. the values were as follows:


localhost\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\enablesecuritysignature

and:

localhost\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\enablesecuritysignature

the values of these registry entries were both defaulting to 0, and i changed them both to 1. a quick reboot of the workstation to reload the registry, and everything worked smoothly.

who'd have thought that a registry entry could disallow a domain admin's creds to authenticate to a DC?

Back to Networks Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums