oining a domain

Hi all:

I am trying to join a computer to my test domain, but for some reason I
cannot do so. The server info is:

crmserver1.smallbusiness.local
192.168.1.91

So when I try to add the client I use "smallbusiness" as the domain, but it
fails. I can ping the server from the client both via the server IP and the
server name, and the client TCPIP is set up thus:

IP: 192.168.1.55
Sub: 255.255.255.0
gateway: 192.168.1.1

Primary dns: 192.168.1.91
Secondary DNS: 24.226.10.193

Can anyone offer a suggestion how I can fix this?

Thanks.

John.
--
John [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of any included script or code samples are subject to the terms
specified at
http://www.microsoft.com/info/cpyright.htm.

In news:%(E-Mail Removed),
John [MSFT] <(E-Mail Removed)> made this post, which I then commented
about below:
> Hi all:
>
> I am trying to join a computer to my test domain, but for some reason
> I cannot do so. The server info is:
>
> crmserver1.smallbusiness.local
> 192.168.1.91
>
> So when I try to add the client I use "smallbusiness" as the domain,
> but it fails. I can ping the server from the client both via the
> server IP and the server name, and the client TCPIP is set up thus:
>
> IP: 192.168.1.55
> Sub: 255.255.255.0
> gateway: 192.168.1.1
>
> Primary dns: 192.168.1.91
> Secondary DNS: 24.226.10.193
>
> Can anyone offer a suggestion how I can fix this?
>
> Thanks.
>
> John.

One thing, remove the DNS address 24.266.10.193. Only use the internal DNS
for that is the guy that stores the domain's service location records. The
24. address, assuming your cable company's DNS, has NO idea where your
domain controllers are. Keep in mind, AD relies on DNS for locating specific
domain services and what DCs hold those services.

The test computer (well ALL your machines for that matter), must ONLY use
192.168.1.55, or it may be asking your cable company, "Where is the domain
controller for my domain so I can authenticate this transaction?" Configure
a forwarder for efficient internet access to the 24.266.10.193 DNS. Use this
link to show you how (pick your OS: Win2000 or Win2003):

323380 - HOW TO Configure DNS for Internet Access in Windows Server 2003 :
http://support.microsoft.com/?id=323380

300202 - HOW TO Configure DNS for Internet Access in Windows Server 2000 :
http://support.microsoft.com/?id=300202

Once you've taken care of that, attempt to use smallbusiness.local as the
domain name when attempting to join. Provide the credentials as
smallbusiness\administrator, then the password.

Here's some additional reading to understand AD and it's DNS requirements:

291382 - Frequently asked questions about Windows 2000 DNS and Windows
Server 2003 DNS
http://support.microsoft.com/default...b;en-us;291382

825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003
http://support.microsoft.com/?id=825036

Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
Domain (whether it was upgraded or not, this is full of useful information
relating to AD and DNS, among other info):
http://support.microsoft.com/default...b;en-us;555040

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply
unless that website posts replies back to the original Microsoft forum.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit or ensure the web community
posts it back to the original forum.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft MVP - Windows Server Directory Services
Microsoft Certified Trainer
Infinite Diversities in Infinite Combinations.
=================================

Hi Ace and all:

Thanks for the info. I am pretty sure the server is being found, and now the
error is

"The following error occurred attempting to join the domain "smallbusiness"
Multiple connections to a server or shared resource, using more than one
user name, are not allowed. Disconnect all previous connections to the
server or shared resource and try again"

Not really sure what all that means, there are no other connections to this
server at all..

John.

--
John [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of any included script or code samples are subject to the terms
specified at
http://www.microsoft.com/info/cpyright.htm.
"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@ho tmail.com> wrote in
message news:OYTHt%(E-Mail Removed)...
> In news:%(E-Mail Removed),
> John [MSFT] <(E-Mail Removed)> made this post, which I then commented
> about below:
>> Hi all:
>>
>> I am trying to join a computer to my test domain, but for some reason
>> I cannot do so. The server info is:
>>
>> crmserver1.smallbusiness.local
>> 192.168.1.91
>>
>> So when I try to add the client I use "smallbusiness" as the domain,
>> but it fails. I can ping the server from the client both via the
>> server IP and the server name, and the client TCPIP is set up thus:
>>
>> IP: 192.168.1.55
>> Sub: 255.255.255.0
>> gateway: 192.168.1.1
>>
>> Primary dns: 192.168.1.91
>> Secondary DNS: 24.226.10.193
>>
>> Can anyone offer a suggestion how I can fix this?
>>
>> Thanks.
>>
>> John.
>
> One thing, remove the DNS address 24.266.10.193. Only use the internal DNS
> for that is the guy that stores the domain's service location records. The
> 24. address, assuming your cable company's DNS, has NO idea where your
> domain controllers are. Keep in mind, AD relies on DNS for locating
> specific domain services and what DCs hold those services.
>
> The test computer (well ALL your machines for that matter), must ONLY use
> 192.168.1.55, or it may be asking your cable company, "Where is the domain
> controller for my domain so I can authenticate this transaction?"
> Configure a forwarder for efficient internet access to the 24.266.10.193
> DNS. Use this link to show you how (pick your OS: Win2000 or Win2003):
>
> 323380 - HOW TO Configure DNS for Internet Access in Windows Server 2003 :
> http://support.microsoft.com/?id=323380
>
> 300202 - HOW TO Configure DNS for Internet Access in Windows Server 2000 :
> http://support.microsoft.com/?id=300202
>
> Once you've taken care of that, attempt to use smallbusiness.local as the
> domain name when attempting to join. Provide the credentials as
> smallbusiness\administrator, then the password.
>
> Here's some additional reading to understand AD and it's DNS requirements:
>
> 291382 - Frequently asked questions about Windows 2000 DNS and Windows
> Server 2003 DNS
> http://support.microsoft.com/default...b;en-us;291382
>
> 825036 - Best practices for DNS client settings in Windows 2000 Server and
> in Windows Server 2003
> http://support.microsoft.com/?id=825036
>
> Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
> Domain (whether it was upgraded or not, this is full of useful information
> relating to AD and DNS, among other info):
> http://support.microsoft.com/default...b;en-us;555040
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> If this post is viewed at a non-Microsoft community website, and you were
> to respond to it through that community's website, I may not see your
> reply unless that website posts replies back to the original Microsoft
> forum. Therefore, please direct all replies ONLY to the Microsoft public
> newsgroup this thread originated in so all can benefit or ensure the web
> community posts it back to the original forum.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft MVP - Windows Server Directory Services
> Microsoft Certified Trainer
> Infinite Diversities in Infinite Combinations.
> =================================
>
>

Hi all:

Just an FYI that I found the solution to this in turning off the firewall on
teh DC. I then found this article on the topic:

http://www.howtonetworking.com/cases...ewallissue.htm

John [MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights.
Use of any included script or code samples are subject to the terms
specified at
http://www.microsoft.com/info/cpyright.htm.
"John [MSFT]" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi Ace and all:
>
> Thanks for the info. I am pretty sure the server is being found, and now
> the error is
>
> "The following error occurred attempting to join the domain
> "smallbusiness"
> Multiple connections to a server or shared resource, using more than one
> user name, are not allowed. Disconnect all previous connections to the
> server or shared resource and try again"
>
> Not really sure what all that means, there are no other connections to
> this server at all..
>
> John.
>
> --
> John [MSFT]
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
> Use of any included script or code samples are subject to the terms
> specified at
> http://www.microsoft.com/info/cpyright.htm.
> "Ace Fekay [MVP]"
> <PleaseSubstituteMyActualFirstName&LastNameHere@ho tmail.com> wrote in
> message news:OYTHt%(E-Mail Removed)...
>> In news:%(E-Mail Removed),
>> John [MSFT] <(E-Mail Removed)> made this post, which I then commented
>> about below:
>>> Hi all:
>>>
>>> I am trying to join a computer to my test domain, but for some reason
>>> I cannot do so. The server info is:
>>>
>>> crmserver1.smallbusiness.local
>>> 192.168.1.91
>>>
>>> So when I try to add the client I use "smallbusiness" as the domain,
>>> but it fails. I can ping the server from the client both via the
>>> server IP and the server name, and the client TCPIP is set up thus:
>>>
>>> IP: 192.168.1.55
>>> Sub: 255.255.255.0
>>> gateway: 192.168.1.1
>>>
>>> Primary dns: 192.168.1.91
>>> Secondary DNS: 24.226.10.193
>>>
>>> Can anyone offer a suggestion how I can fix this?
>>>
>>> Thanks.
>>>
>>> John.
>>
>> One thing, remove the DNS address 24.266.10.193. Only use the internal
>> DNS for that is the guy that stores the domain's service location
>> records. The 24. address, assuming your cable company's DNS, has NO idea
>> where your domain controllers are. Keep in mind, AD relies on DNS for
>> locating specific domain services and what DCs hold those services.
>>
>> The test computer (well ALL your machines for that matter), must ONLY use
>> 192.168.1.55, or it may be asking your cable company, "Where is the
>> domain controller for my domain so I can authenticate this transaction?"
>> Configure a forwarder for efficient internet access to the 24.266.10.193
>> DNS. Use this link to show you how (pick your OS: Win2000 or Win2003):
>>
>> 323380 - HOW TO Configure DNS for Internet Access in Windows Server 2003
>> :
>> http://support.microsoft.com/?id=323380
>>
>> 300202 - HOW TO Configure DNS for Internet Access in Windows Server 2000
>> :
>> http://support.microsoft.com/?id=300202
>>
>> Once you've taken care of that, attempt to use smallbusiness.local as the
>> domain name when attempting to join. Provide the credentials as
>> smallbusiness\administrator, then the password.
>>
>> Here's some additional reading to understand AD and it's DNS
>> requirements:
>>
>> 291382 - Frequently asked questions about Windows 2000 DNS and Windows
>> Server 2003 DNS
>> http://support.microsoft.com/default...b;en-us;291382
>>
>> 825036 - Best practices for DNS client settings in Windows 2000 Server
>> and
>> in Windows Server 2003
>> http://support.microsoft.com/?id=825036
>>
>> Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
>> Domain (whether it was upgraded or not, this is full of useful
>> information relating to AD and DNS, among other info):
>> http://support.microsoft.com/default...b;en-us;555040
>>
>> --
>> Ace
>>
>> This posting is provided "AS-IS" with no warranties or guarantees and
>> confers no rights.
>>
>> If this post is viewed at a non-Microsoft community website, and you were
>> to respond to it through that community's website, I may not see your
>> reply unless that website posts replies back to the original Microsoft
>> forum. Therefore, please direct all replies ONLY to the Microsoft public
>> newsgroup this thread originated in so all can benefit or ensure the web
>> community posts it back to the original forum.
>>
>> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
>> Microsoft MVP - Windows Server Directory Services
>> Microsoft Certified Trainer
>> Infinite Diversities in Infinite Combinations.
>> =================================
>>
>>
>
>

In news:(E-Mail Removed),
John [MSFT] <(E-Mail Removed)> made this post, which I then commented
about below:
> Hi all:
>
> Just an FYI that I found the solution to this in turning off the
> firewall on teh DC. I then found this article on the topic:
>
> http://www.howtonetworking.com/cases...ewallissue.htm
>
> John [MSFT]
>
> This posting is provided "AS IS" with no warranties, and confers no
> rights. Use of any included script or code samples are subject to the
> terms specified at
> http://www.microsoft.com/info/cpyright.htm.


That's good to hear, John. That's a good link explaining ports required for
DC communications. If it were enabled, I would actually even add UDP >1023
as well, for the empherical response ports that Windows machines use
communicating between other Window machines.

I'll tell you, the firewall is a nice feature, but it sure can hinder
communications on a DC. I've found as a basic rule to keep the firewall
disabled on DCs and on internal machines to eliminate any possibiity that it
may cause communication issues, and normally rely on an entry point firewall
or ISA.

Take care, John!

:-)

Ace