Problem: While using the Network Identification Wizard to join a Windows 2000 domain with an existing account from a new Windows XP Professional workstation, the process failed.
A dialog box stating that “The user could not be added because the following error has occurred: The trust relationship between this workstation and the primary domain failed” appeared.
The workstation’s Event View contains the following error: “No suitable Domain Controller is available for domain RCMG. An NT4 or older domain controller is available but it cannot be used for authentication purposes in the Windows 2000 or newer domain that this computer is a member of. The following error occurred: There are currently no logon servers available to service thelogon request.”
Environment:
1-Cisco router with NAT
1-Windows 2000 Server as DC w/DHCP w/DNS w/WINS
1-Windows NT 4 Server as BDC
The LAN uses private IP addressing.
The Windows 2000 Server provides the private IP addresses with DHCP services.
The Cisco router provides NAT for 1-static private IP address.
All workstations recieve their private IP address from the Windows 2000 DHCP server.
The DHCP server’s scope options push the following to each workstion:
1. a private IP address andmatching subnet mask
2. the router’s 1-static private IP address as the gateway entry
3. both the (a) router’s public IP addresses and (b) the Domain Controller’s IP address as the DNS entries
Current Conditions:
All Windows NT 4 Workstations and Windows 2000 Professional workstations can both login to the domain and surf the Internet.
Only the new Windows XP Professional workstations cannot login to the domain, but can surf the Internet.
When I switch order of DHCP DNS entries pushed to each workstation from (a) & (b) to (b) & (a), all XP clients can login but not surf but all other workstations could still do both.