IT Employment

General discussion



By mshahan ·
Problem: While using the Network Identification Wizard to join a Windows 2000 domain with an existing account from a new Windows XP Professional workstation, the process failed.
A dialog box stating that "The user could not be added because the following error has occurred: The trust relationship between this workstation and the primary domain failed" appeared.
The workstation's Event View contains the following error: "No suitable Domain Controller is available for domain RCMG. An NT4 or older domain controller is available but it cannot be used for authentication purposes in the Windows 2000 or newer domain that this computer is a member of. The following error occurred: There are currently no logon servers available to service thelogon request."
1-Cisco router with NAT
1-Windows 2000 Server as DC w/DHCP w/DNS w/WINS
1-Windows NT 4 Server as BDC
The LAN uses private IP addressing.
The Windows 2000 Server provides the private IP addresses with DHCP services.
The Cisco router provides NAT for 1-static private IP address.
All workstations recieve their private IP address from the Windows 2000 DHCP server.
The DHCP server's scope options push the following to each workstion:
1. a private IP address andmatching subnet mask
2. the router's 1-static private IP address as the gateway entry
3. both the (a) router's public IP addresses and (b) the Domain Controller's IP address as the DNS entries
Current Conditions:
All Windows NT 4 Workstations and Windows 2000 Professional workstations can both login to the domain and surf the Internet.
Only the new Windows XP Professional workstations cannot login to the domain, but can surf the Internet.
When I switch order of DHCP DNS entries pushed to each workstation from (a) & (b) to (b) & (a), all XP clients can login but not surf but all other workstations could still do both.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Join the xp machines to the domain

by LordInfidel In reply to WinXP-ProTrustReltnshpFai ...

When you join them to the domain,
you need to specify a domain level admin account or higher to join the machine to the domain.

You can't use a local account on the xp machine to access resources or join the domain.

Make sure that it is joined to the correct domain.
Also when joining the xp machine to the domain, make sure that you have the correct dns server listed in it's settings, and that you use the full domain name of the domain, ie company.local not the netbios name which would just be company.

Collapse -

Reply:Join the xp machines to the domain

by mshahan In reply to Join the xp machines to t ...

Yes, the Domain Administrator's account is used to join the domain. Keep in mind, when the DHCP's DNS entries are switched then login occurs but Internet does not work. Thank you.

Collapse -

That is first step

by LordInfidel In reply to Reply:Join the xp machine ...

The first goal is to get you logged onto/joined to the domain.

AD works on the principal of DNS. Your local machine must point to a DNS server that is Active Directory intergrated and accepting dynamic dns entries.

So, If pointing the machines dns to the server used by AD let's you join and login to the domain. But disables your ability to web surf. That is because your AD dns server is unable to resolve domains outside it's area of authority.

This is easy to fix. Add forwarders tothe DNS server that AD is using and allow recursion. Then your machine will be able to surf the web.

Collapse -

Type of account ?

by dkmc00 In reply to WinXP-ProTrustReltnshpFai ...

When you say an existing account, are you referring to a user a/c OR a computer a/c ?

If the computer a/c already exists in Server Manager then delete that a/c there, then rejoin
the XP machine with the same or new computer a/c
to the domain. See if this helps.

Collapse -

Reply: Type of account ?

by mshahan In reply to Type of account ?

The account is a domain account, not a computer account. Remember in the problem description that login to the domain works fine when I switch DHCP's DNS scope entries. I believe it is a DNS issue. Thank you.

Collapse -

Check Q&A's

by Oz_Media In reply to WinXP-ProTrustReltnshpFai ...

You'd probaly get more responses if you posted your Question in the Questions and Answers forum instead.
Although many people visit both, a lot of TR members just surf Q&A's all day to test their troubleshooting skills.

Related Discussions

Related Forums