IT Employment·20,064 discussions

machine won’t add to domain

Locked

Hope I can get some quick ones for this one.

I had this problem b4 and did what I HATE to do as a solution – reformatted windows. I hate doing it because I believe everything has a solution, time was of the essence then (as it is now) but I have no intention of resorting to that.

I upgraded a PDC for a medium sized biz (finally convinced them to get the Win2k3) from win2k server. All machines have been re-added to domain seamlessly except one (and yes, all users and computers are set up in ‘AD users and computers’)

Of course, I had to log on locally onto the machines (i.e. log into “this computer” since the old domain no longer existed – changed the Domain name, long story) but adding them to the domain was no problem for both win2kpro and winXP machines. This troublemaker is a win2k pro (older) machine, and it keeps telling me it cannot find the specified domain (“does not exist, or not connected”). To cover some of the basics, the domain does exist – that much I have been able to establish :}, the machine in question is physically connected to the network (cable ok & NIC ok). Why would I be getting this error, and how can it be resolved (the login used has administrator privileges, and in any event it does eventually ask for a user with rights to add the machine to the domain, but I don’t even get that far!)

Topic

First steps

In reply to machine won’t add to domain

Logon locally with an Admin account to the workstation. Then in the properties of My Computer add the computer to a workgroup, like badcomps. The shut down the workstation.
On the Domain controller make sure there is no computer account for this win2k workstation; if there is delete it. Refresh the domain list and then create a computer account for this machine.
Boot the win2k workstation and go back into the properties and join it to the domain.

Also try searching Microsofr Technet for “join a windows 2000 to 2003 domain”

Ping

In reply to First steps

You can ping the domain controller, right? The system has all it’s updates and is virus and spyware free? You could also try renaming it or even sysprep it to remove the SID.

tried it…

In reply to First steps

Alas! No luck.

Take a look at the reply I posted to johnny –>

DNS

In reply to First steps

Did you try to flush DNS?
ipconfig /flushdns
ipconfig /registerdns

That worked for me on trouble machines. Sure sounds like a DNS issue to me.

networking

In reply to machine won’t add to domain

You could also make sure that the computer you are on can see the pdc ping with ip and name that way you?ll rule out any dns issues, I?ve had this problem before and I realized that the comp was not seeing the pdc. Other than that what the previous guy said is the other thing I would do.

You’re not making any sense.

In reply to machine won’t add to domain

I can’t clearly get an idea of your network. Your sentence, “I upgraded a PDC for a medium sized biz (finally convinced them to get the Win2k3) from win2k server”, does not make sense. Upgrading a PDC to Windows 2000 Active Directory would make sense, but not upgrading a PDC from a Windows 2000 Server.
It’s obvious you are running AD, but you should clearly state you steps. Now the follow sentence, “All machines have been re-added to domain seamlessly except one (and yes, all users and computers are set up in ‘AD users and computers’)”, doesn’t make any correlation with your previous sentence. If you truly upgraded your PDC, or Windows NT Domain, to AD properly, you would not have to rejoin any computers. What exactly did you do and did you do it properly?
Let’s assume you created a new AD Domain and REJoined all your workstations. On this “problem computer”, please use ipconfig through a command prompt to view it’s NIC configurations. Your NIC may be ok through your Device Manager, but does it have the correct TCP/IP Settings? Do you run DHCP? I would hope so. Does it have all the proper TCP/IP settings, like, DHCP, DNS Servers? Do you run WINS?
If all of your TCP/IP settings are current, then try accessing the Domain Controller using a UNC path, such as, \\ServerDC1. Can you access this DC? Is it online and DNS is working?
Your root of the problem may exist in the paragraphs above that I mentioned.
If NIC is ok, then do what was mentioned in a previous post; Join the PC to a workgroup; Rename workstation; Log on as local Administrator and join the Domain.

ok johnny, slowly now….

In reply to You’re not making any sense.

Alright, I’m just kidding – I may not have represented the situation quite accurately. So I’ll try to be more clear.

In essence it was not a ‘true upgrade’ because I did change the domain name (I’m sure I mentioned that) which is the reason for me re-adding all machines. I did try what was suggested earlier (change workstation name, change workgroup – no cigar!). Cables tested – they’re ok.

But here’s what I found!

Workstation can ping server, but the server can’t ping the workstation (not a firewall problem – I checked that). I did go as far as to manually put in the WINS and DNS server config in workstation tcp/ip settings. Nada!

When I do change the workgroup on the workstation, the server (and other machines) sees the workgroup .

Hope that was a bit more coherent.

Sorry man…

In reply to ok johnny, slowly now….

I must be having a bad week.

WINS Settings

In reply to machine won’t add to domain

Check the WINS server settings on the work-station and make sure it is pointing to your network’s WINS server

Wrong forum

In reply to machine won’t add to domain

This is a tech. problem, in search of a solution.

It properly belongs in “Technical Q&A,” not in “Discussions.”

Please re-post there.

Check time of PC

In reply to machine won’t add to domain

I had this problem with a new WinXP Pro…the solution was to change the time to the correct time zone and adjust the time to be in sync with the server.

Not that, trusty sidekick….

In reply to Check time of PC

Time zone was correct. I was really hoping that it would have been something like that I could just slap myself about – but this is a whopper!

yup .. it happins

In reply to Not that, trusty sidekick….

i remember i could not connect to my server, and i was getting very mad.. and then i looked, and saw that my cat5 was not plugged in lol.. ahahah..

im getting mad just thinking about that lol

glad you fixed that problem 🙂

I know that this might be so obvious that you’ve overlooked it

In reply to machine won’t add to domain

Just how many units/workstations are on this server and does the version of 2003 support that many?

It’s always the simple things that catch us out. 😉

Col

same thing here…

In reply to machine won’t add to domain

I had a problem just like this…the way I fixed it was to change the computer name (I just put an a at the end of the computer name) restart, and it added to the domain no problem. Another tidbit is to run a program called Ghstwalk (part of the norton ghost program). This will change the SID quickly, and easily, and then try to join the domain again. good luck!

This is weird!!

In reply to machine won’t add to domain

I just don’t get it. NONE OF THE ABOVE SUGGESTIONS HAVE WORKED!

Oddly enough, I can ping the server from the trouble machine, but I can’t ping the machine from the server. And when I run nslookup, for example, the first thing I get is “Server: Unknown” & “Domain doesn’t exist” yet it does give me the server IP address.

Changing name, changing workgroup, checking time zone, adding/removing protocols, physically adding a host in the DNS forward lookup zone (because there was none for the computer), nothing has worked. And I’m not at all pleased or satisfied with what seems like my final option – OS re-install. That’s just not problem-solving!

Thanks for the suggestions guys, if there are any more keep them coming….

Well in that case

In reply to This is weird!!

There is something at the server that is causing the problem.

You didn’t limit the IP addresses or something similar did you? It has to be something in the configuration of the server as the problem unit can ping the server but not the other way around that is why you are not getting a connection. When you setup the server did you go with the defaults on the install?

I take it here we are talking about 2003 ES and not the SBE version as that has a limited number of concurrent connections possible but even still with a few units turned off you should still be able to log on.

OK I’ve just reread all of your postings and I’m at a loss as well when I was working as a Mech Engineer we would call something like this “The Jesus Factor” where everything is perfect but the assembled item just doesn’t work.

All I can suggest is that you look at every setting in the server and try to find the offending setting as it just has to be there somewhere. Of course it will be so obvious when you eventually find it that you’ll be kicking yourself for months to come for missing it. 😉

Col

I had the same problem last year…

In reply to machine won’t add to domain

…with a user who moved between different project offices domains. I tried everything except removing the network card driver. I removed the NIC driver, re-booted and started from there. Worked after that.
I had to do this on two occasions for the same user to the same laptop.

suggest changing the nic

In reply to I had the same problem last year…

bindings might be messed up, install a new nic with the network ip setup you have & trying joining again with only that one corrected.

Machine won’t add to domain

In reply to machine won’t add to domain

I resolved this same problem by doing the following: I found the SID was invalid. I removed the computer and users from the AD. Renamed the computer. Rebooted the machine and logon on locally using an account with local admin rights. Manually put in network info (IP, subnet, WINS, DNS). Plugged the network cable back in. Rebooted again! This allow me to join the domain without any issues.
afl

Why this happens

In reply to Machine won’t add to domain

There will have been a computer account still listed in Active Directory in the computers section you would need to select the computer then right click it and select reset computer account
You must then manually replicate Active Directory using Sites and Services or wait until Active Directory replicates the changes you have made
then you will be able to join the domain with the same computer name

More info

In reply to Why this happens

Bear some of these things in mind:

Can ping server from troublemaker, but cannot ping trouble machine from server (just remembered! I haven’t tried pinging the server by name)

Very weird – if I run nslookup from server, and execute ls -d domain, it actually gives an error to the effect “cannot transfer zone to this machine (server)” or “domain doesn’t exist”. Will check again to be sure

Server see the workgroup to which troublemaker is attached, but can’t access workgroup

Trouble machine is getting IP et al from DHCP on server

I’ve tried the static IP, WINS and DNS server config to no avail

Removed NIC driver, allowed it to reinstall, no dice!

Tried different cable (tested original cable also)

Checked, rechecked, triple checked Active Dir. configs – Users and computers (removed the user and computer, added using different name, login), sites and services. DNS config (no host A for computer, added one manually – didn’t work)

I always knew there was a hell!!!!!! I’m being punished – that’s what it is!

Have you tried

In reply to More info

Changing the work-group name and rights?

Sounds very much like the server in question just doesn’t want to play nice with that work-group for some reason. It might be seeing it as something too similar to another work-group or even allocating it the same IP address as another work-group.

Have you tried actually seeing what is available through an unrestricted account from the trouble maker?

How is this unit connected to the domain? Through what type of connection a Hub, Switch, Router or what? Are other units on this Hub/Switch/Router working? Or is this just an isolated unit that just doesn’t want to play nice at all?

Col

Try this

In reply to machine won’t add to domain

I’ve faced this problem fewtimes with windows XP computers.What I did has solved my problems.Try it may work in ur case too.The difference is between XP & W2k.Gotto find out the way.
———————-
Log on as a local administrator(This machine).Go to control panel.Click on Users.(“U’ve to install SP2 for xp”.)Add the admin account of the domain,specify the domain.Apply -ok

Log off>& try with domain admin account.

I’ll be expecting ur reply.

I was hoping…

In reply to Try this

after reading your post I thought “y’know, of all the responses, this just feels like it’s the right one!”

Unfortunately, the accounts on this machine arre REAAALLY local – there isn’t even an option for specifying domain when adding a new user. So, suffice it to say, that didn’t work out for me, but I really think this is the right track. Dunno why.

Tried the previous stuff re: removing NIC driver and even deleted SID from registry, allowing it to be replaced upon reboot. Still NADA!

I will try a different NIC though, but I’m doubtful, to be honest.

Try this

In reply to Try this

Try joining a workgroup, any workgroup, first and then join the domain.

Seen this before. This was the fix

In reply to machine won’t add to domain

I had the same problem with a couple of PCs when upgrading to 2003. What I finally did was run norton Systemworks and found that there was id corruption in the Registry. Ran automatic fix and the computers joined quite easily.

I have been through this too

In reply to Seen this before. This was the fix

I don’t claim to understand what is happening behind the scenes but this is what worked for me (after trying many of the suggestions above). If the wayward PC has Antivirus software installed … uninstall it. If it HAD antivirus software installed that was DELETED, re-install it and then UNINSTALL it. If you can then join the domain, re-install the antivirus. I was told that when some antivirus software is deleted, it leaves some settings on that blocks communication. Someone out there may understand the exact workings. Hope something besides re-format works for you

You’ve got an ODD one, that’s for sure……

In reply to machine won’t add to domain

Reading all the things suggested, and that you’ve tried, I would say you have 3 choices, and you’re not going to like the third.

1) Check the LMHosts, (and the Hosts), files on the perp machine. One out-of-date entry can stop the show. (I haven’t seen this mentioned yet, but it’s a long shot, anyway).

2)Replace the NIC
(I don’t remember if you’ve tried that or not)

3)Save any unbacked-up data and reformat the machine.
(I know you dislike this answer, but how much time can you invest in solving this issue?)

Same situation

In reply to You’ve got an ODD one, that’s for sure……

I have the same problem. Built four PCs same day. Two are fine, two are have this problem. Reloding OS doesn’t work. I swear it has something to do with XP SP2. More info: domain users CAN log onto bad PCs. When I ping the bad PC from DC, DNS resolves it completely and accurately, but get no reply. BTW, I am posting this from one of the bad PCs. I am logged in as a domain user and I obviously have a physical connection to the network, an IP address, a gateway record, a DNS record, etc.

Bloody Computers….

In reply to Same situation

I had the same problem……..
Turned out to be a faulty CPU!
Yes I know, how does that affect the NIC? The instructions still have to pass through the CPU, changed it whala! Worked for me.

Over & out

In reply to You’ve got an ODD one, that’s for sure……

Thanks for all the suggestions and advice – this still was a great learning experience (which I believe should characterise each day of life).

As suggested by the penultimate post (rfortson) all efforts must be weighed against the time invested in solving such a problem. Though as many of you may be able to empathise, their is no worst feeling than having an IT problem unsolved. Sleepless nights!!!! Nonetheless, I have signed off on this machine – our client has decided to discontinue its use for the time being. Will inform of any future changes.

That is the “easy” way out of the problem

In reply to Over & out

Now you will be lying sleepless at night wondering just what else you could have done to get it to work or worse still you’ll be dreaming about this very problem until you either go mad or come up with a solution.

Either way it isn’t a good outcome.

Cheers

Col

I had this problem . . .

In reply to Over & out

and the cause was a bad address in the NIC. I made it an available static address and all worked well. Another time I had this problem and I changed the troublemaker PC from the Domain to a Workgroup, and saved that decision, then without rebooting, went to the Domain Server and deleted the account. Then went back to the errant PC and added it to the Domain, it worked. Maybe one of these will work for you.

wow, a lot of suggestions with no fixes

In reply to machine won’t add to domain

This thread is evidence of the diversity that we have on this website. A lot of these are good suggestions but I think that everyone is missing the root of the issue.

He’s not able to ping back from the server. When you have a failure to ping, this should be looked at as the primary problem before trying to solve DNS, NIC drivers, etc.

The key pieces to the puzzle are that he can ping from the workstation and get a response from the server and that the server can’t ping the workstation.

That should lead you down the path of trying to find out what’s happening to the ICMP inbound from the network. Could it be a name resultion isse or an ICMP issue? When you really think about it, there are only a few things that can exibit this perculure pair of symptoms.

Now, questions must be answered. The first question:

1) When you pinged the workstation from the server, did you use the DNS name of the workstation or the IP address?

2) Have you manually scanned ActiveDirectory for the computer name and removed it if it exists? This includes the DNS server AND the Computers OU.

3) Have you tripple checked all of the TCP/IP DNS settings on both the server and the client. I’ve seen suggestions on WINS here … Ignore them. Windows 2000 Active Directory has no use for WINS when Windows 2000 Workstations are concerned.

4) Do you get different results if you add NETBEUI to the list of protocols on both the domain controller AND the workstation? This is not a fix, but rather a troubleshooting measure.

There are plenty more questions once these have been answered.

– Steve Bostedor
http://www.vncscan.com

Join workgroup first

In reply to machine won’t add to domain

Try joining a workgroup, any workgroup, first and then join the domain. Sorry for the duplicate reply, wasn’t looking where I was the first time.

DNS and Time plus others

In reply to machine won’t add to domain

You may have tried this: I have seen the improper reply to nslookup before. To fix it set up a reverse lookup zone and then flush the cache. Re-run nslookup and you should have a proper reply at the server. You can’t ping the desktop from the server because it didn’t register in DNS.

On the PC on question – do : net time /querysntp and see what time server it is using. If it isn’t the PDC force it by: net time /setsntp:PDC name – assumes time zone is correct as previously stated.

We have had this happen when systems were moved to domains and for some reason the time provider didn’t reset.

Make sure you have NOTHING set in the TCP/IP properties of the PC especially filters, etc. Check the 2003 server and make sure that the security policy settings aren’t such that they conflict with the local security policy of the PC.

When you check ipconfig /all does it show the correct DNS server, gateway, etc? IF you do a nslookup at different PCs do they register the PDC as the name server?

If you set the PC to a workgroup of the same name does it browse the network successfully?

Reply To: machine won’t add to domain

In reply to machine won’t add to domain

Make sure the machine wasn’t setup with a static IP, dns and wins. If it was, putting it back to dhcp or editig the static information to the correct configuration may take care of this problem

Troubleshooting networks

In reply to machine won’t add to domain

Two things to try :
(i)Get netmon going on the server and start capturing some packets when you are pinging from and to the workstation – can help to resolve DNS versus WINS issues.
(ii) Install a second version of OS on same machine to see if the problem still exists when booted up in this version. Will help pinpoint the problem.

machine won’t add to domain

In reply to machine won’t add to domain

The proble could be with dns. Take a look at ip configuration. Client machines must be able to locate a domain controller and this is achieved through dns.

Ensure the correct dns server ip address is entered in the ip properties of the client and that the dns cache is empty. (ipconfig / flushdns) You may also need to perform an ipconfig /registerdns.

[Author]

Replies