Can't join the domain

I am trying to join a computer to the domain. Both the server and the
client can ping each other , but the client cannot find the domain.I
am running 2k3.

Is there anything that I am not doing?
Would appreciate any help.

Make it so you can ping using FQDN.. (i.e. hostname.domain.com). I'm
guessing you are only pinging the Dc by its NETBIOS name or IP. That is not
good enough to join an AD domain. Bottom line, name resolution/DNS issue.

If you can ping by FQDN, try joining the domain using that name rather than
a NETBIOS name.

-Frank

"john" <(E-Mail Removed)> wrote in message
news:7de9d01a-bd12-424b-ad7d-(E-Mail Removed)...
>I am trying to join a computer to the domain. Both the server and the
> client can ping each other , but the client cannot find the domain.I
> am running 2k3.
>
> Is there anything that I am not doing?
> Would appreciate any help.

In news:7de9d01a-bd12-424b-ad7d-(E-Mail Removed),
john <(E-Mail Removed)> typed:
> I am trying to join a computer to the domain. Both the server and the
> client can ping each other , but the client cannot find the domain.I
> am running 2k3.
>
> Is there anything that I am not doing?
> Would appreciate any help.

As Frankster says, it's more than likely a DNS resolution issue. Keep in
mind, AD relies on DNS. Therefore the basic rules for AD to work is to make
absolutely sure that only the DNS server that is hosting the AD zone name is
used in all machines' IP properties. More than likely in your case DNS is
running on your domain controller. So make sure all machines (even the DC
itself) are ONLY using the domain controller's IP address for their DNS
address. If you use your ISP's DNS address, numerous things can go wrong.

Other things that can cause probles (such as joining, long logon times, many
AD errors, etc):
1. The AD zone name is a single label name ("domain" rather than
"domain.com")
2. The domain controller is multihomed (more than one NIC and/or IP address)

If you need further assistance, please post an unedited 'ipconfig /all' from
the domain controller and from the workstation you are trying to join.

Thank you,

--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Infinite Diversities in Infinite Combinations

On Apr 27, 12:22 pm, "Ace Fekay [MVP]" <PleaseAs...@SomeDomain.com>
wrote:
> Innews:7de9d01a-bd12-424b-ad7d-(E-Mail Removed),
> john <johnbah...@hotmail.com> typed:
>
> > I am trying to join a computer to the domain. Both the server and the
> > client can ping each other , but the client cannot find the domain.I
> > am running 2k3.
>
> > Is there anything that I am not doing?
> > Would appreciate any help.
>
> As Frankster says, it's more than likely a DNS resolution issue. Keep in
> mind, AD relies on DNS. Therefore the basic rules for AD to work is to make
> absolutely sure that only the DNS server that is hosting the AD zone name is
> used in all machines' IP properties. More than likely in your case DNS is
> running on your domain controller. So make sure all machines (even the DC
> itself) are ONLY using the domain controller's IP address for their DNS
> address. If you use your ISP's DNS address, numerous things can go wrong.
>
> Other things that can cause probles (such as joining, long logon times, many
> AD errors, etc):
> 1. The AD zone name is a single label name ("domain" rather than
> "domain.com")
> 2. The domain controller is multihomed (more than one NIC and/or IP address)
>
> If you need further assistance, please post an unedited 'ipconfig /all' from
> the domain controller and from the workstation you are trying to join.
>
> Thank you,
>
> --
> Regards,
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
> MVP Microsoft MVP - Directory Services
> Microsoft Certified Trainer
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> checkhttp://support.microsoft.comfor regional support phone numbers.
>
> Infinite Diversities in Infinite Combinations
This is multi-homed, with one going to internet and the other going to
the private network. The DNS server is the IP address of the private
NIC. By the way, I got a screenshot from the Ipconfig /all, but I
could not paste it to this reply.

You should not be running a multihomed DC (unless you are running sbs
server, which is designed to run like that). There are all sorts of name
resolution and browsing problems which arise if your DC is multihomed.

If you must run that way, make sure that Netbios over TCP/IP is disabled
on the public NIC and that the public NIC does not register in your local
DNS.

"john" <(E-Mail Removed)> wrote in message
news:9b1d55d7-fb52-4975-87fb-(E-Mail Removed)...
> On Apr 27, 12:22 pm, "Ace Fekay [MVP]" <PleaseAs...@SomeDomain.com>
> wrote:
>> Innews:7de9d01a-bd12-424b-ad7d-(E-Mail Removed),
>> john <johnbah...@hotmail.com> typed:
>>
>> > I am trying to join a computer to the domain. Both the server and the
>> > client can ping each other , but the client cannot find the domain.I
>> > am running 2k3.
>>
>> > Is there anything that I am not doing?
>> > Would appreciate any help.
>>
>> As Frankster says, it's more than likely a DNS resolution issue. Keep in
>> mind, AD relies on DNS. Therefore the basic rules for AD to work is to
>> make
>> absolutely sure that only the DNS server that is hosting the AD zone name
>> is
>> used in all machines' IP properties. More than likely in your case DNS is
>> running on your domain controller. So make sure all machines (even the DC
>> itself) are ONLY using the domain controller's IP address for their DNS
>> address. If you use your ISP's DNS address, numerous things can go wrong.
>>
>> Other things that can cause probles (such as joining, long logon times,
>> many
>> AD errors, etc):
>> 1. The AD zone name is a single label name ("domain" rather than
>> "domain.com")
>> 2. The domain controller is multihomed (more than one NIC and/or IP
>> address)
>>
>> If you need further assistance, please post an unedited 'ipconfig /all'
>> from
>> the domain controller and from the workstation you are trying to join.
>>
>> Thank you,
>>
>> --
>> Regards,
>> Ace
>>
>> This posting is provided "AS-IS" with no warranties or guarantees and
>> confers no rights.
>>
>> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
>> MVP Microsoft MVP - Directory Services
>> Microsoft Certified Trainer
>>
>> For urgent issues, you may want to contact Microsoft PSS directly. Please
>> checkhttp://support.microsoft.comfor regional support phone numbers.
>>
>> Infinite Diversities in Infinite Combinations
> This is multi-homed, with one going to internet and the other going to
> the private network. The DNS server is the IP address of the private
> NIC. By the way, I got a screenshot from the Ipconfig /all, but I
> could not paste it to this reply.

On Apr 27, 7:23 pm, "Bill Grant" <not.available@online> wrote:
> You should not be running a multihomed DC (unless you are running sbs
> server, which is designed to run like that). There are all sorts of name
> resolution and browsing problems which arise if your DC is multihomed.
>
> If you must run that way, make sure that Netbios over TCP/IP is disabled
> on the public NIC and that the public NIC does not register in your local
> DNS.
>
> "john" <johnbah...@hotmail.com> wrote in message
>
> news:9b1d55d7-fb52-4975-87fb-(E-Mail Removed)...
>
> > On Apr 27, 12:22 pm, "Ace Fekay [MVP]" <PleaseAs...@SomeDomain.com>
> > wrote:
> >> Innews:7de9d01a-bd12-424b-ad7d-(E-Mail Removed),
> >> john <johnbah...@hotmail.com> typed:
>
> >> > I am trying to join a computer to the domain. Both the server and the
> >> > client can ping each other , but the client cannot find the domain.I
> >> > am running 2k3.
>
> >> > Is there anything that I am not doing?
> >> > Would appreciate any help.
>
> >> As Frankster says, it's more than likely a DNS resolution issue. Keep in
> >> mind, AD relies on DNS. Therefore the basic rules for AD to work is to
> >> make
> >> absolutely sure that only the DNS server that is hosting the AD zone name
> >> is
> >> used in all machines' IP properties. More than likely in your case DNS is
> >> running on your domain controller. So make sure all machines (even the DC
> >> itself) are ONLY using the domain controller's IP address for their DNS
> >> address. If you use your ISP's DNS address, numerous things can go wrong.
>
> >> Other things that can cause probles (such as joining, long logon times,
> >> many
> >> AD errors, etc):
> >> 1. The AD zone name is a single label name ("domain" rather than
> >> "domain.com")
> >> 2. The domain controller is multihomed (more than one NIC and/or IP
> >> address)
>
> >> If you need further assistance, please post an unedited 'ipconfig /all'
> >> from
> >> the domain controller and from the workstation you are trying to join.
>
> >> Thank you,
>
> >> --
> >> Regards,
> >> Ace
>
> >> This posting is provided "AS-IS" with no warranties or guarantees and
> >> confers no rights.
>
> >> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
> >> MVP Microsoft MVP - Directory Services
> >> Microsoft Certified Trainer
>
> >> For urgent issues, you may want to contact Microsoft PSS directly. Please
> >> checkhttp://support.microsoft.comforregional support phone numbers.
>
> >> Infinite Diversities in Infinite Combinations
> > This is multi-homed, with one going to internet and the other going to
> > the private network. The DNS server is the IP address of the private
> > NIC. By the way, I got a screenshot from the Ipconfig /all, but I
> > could not paste it to this reply.

It is exactly setup that way, with Netbios over TCp/IP disabled and
public NIC is not registered in DNS.

In news:a4e42538-0a22-4d1c-9ebe-(E-Mail Removed),
john <(E-Mail Removed)> typed:

> It is exactly setup that way, with Netbios over TCp/IP disabled and
> public NIC is not registered in DNS.

Also make sure File and Print Services are disabled on the NIC.
In DNS, make sure it is only listening to the inside interface IP.
In Network Connections window, go to Advanced, Advanced. Make sure the
inside interface is on top in the Binding order.

My feeling is the LdapIpAddress for the outside NIC is registering. The
LdapIpAddress record looks like:
(same as parent) A x.x.x.x (IP of outside NIC)

The netlogon service registers that record. Clients side extensions use it
such as when "finding" the domain, logging on, authenticate to printers,
GPOs, domain based DFS, etc etc. The GcIpAddress is probably doing the same
thing. If the two interfaces are registering (outside and inside NIC) for
both of these records, a client query may be getting the wrong IP on a
query, depending on what service (SRV) records it's querying for. The
netlogon service registers these records. If this is the case, you'll have
to disable netlogon from doing so by a registry entry. But then again, the
correct record for the inside interface must exist for domain functionality,
therefore you must create a registry entry to 'publish' the correct records.

btw- Regarding the ipconfig /all's, you can copy/paste from the command line
into your post response.

Ace

In news:(E-Mail Removed),
Ace Fekay [MVP] <(E-Mail Removed)> typed:

One more: delete any entry for the outside IP in the zone properties,
Nameservers tab.

If interested, I have a whole write-up on this, why not to use multihomed
DCs, and the steps to make it work. However, I would highly suggest to
single-home it and use an inexpensive NAT/firewall like a Linksys (if budget
is the issue), or something better like a PIX.

Ace