problem with xp clients and windows 2003

Hello All,
I have a win2k3 AD with XP pro clients running GP. There are several floors
in my environment each having thier own subnet. During deployment, while
trying to add clients to the domain, I have encountered numerous errors
including RPC server not available and Domain controller is down or
unavailable. After a few tries on the same workstations it would finally
allow me to join the domain. Eventually, all machines were finally able to
join. I configured them with all GPOs policies applied.
Now, after working for a few hours or so, it does not gather GPO policy but
logs into the server. In the event viewer I am getting errors event id 1054,
stating "no domain controller available". I am aware that this is a DNS
issue but I have TRIPLE checked the DNS server and it is completely
configured properly. Also, I have looked and followed all the procedures I
found online based on this issue. If I do NSlookup from the problematic
clients, the correct DNS server shows and it responds to ping command. What
is further complicating the scenario, is that machines elsewhere are not
encountering this problem at all.
So, since it seems to be isolated, there are a few conclusions that I think.
First, all clients are attached to a hub which goes directly to the wire
closet (bad infrastructure, but this was before me) then into a switch. Are
there known issues involving this type of wiring scenario?
Second, All client station are gigabit cards but are running on 10/100, so I
am not sure if it is the negotiation problem known with Gigabit NICs.
Third, Why would it originally work, that is locating the domain controller
and then all of sudden not be able to. Is there something that may need to
be configured on GPO about timeout in network connections?
Fourth, I have read that SMB has issues with XP and 2003. I have disable
digital signatuires and I am still having this problem. I am also logging
W32time service errors......Can this also prevent clients from locating the
proper domain controller (BTW, this event is happening at the server not the
clients).
Fifth, after looking AD users and computer, I find that some computer
accounts are becoming disabled by the server. I literally have to go and
enable each one. I have absolutely no clue why this is happening!!!!

Any suggestions,
TIA,
Altria

In news:(E-Mail Removed),
Altria <(E-Mail Removed)> asked for help and I offered my suggestions
below:
> Hello All,
> I have a win2k3 AD with XP pro clients running GP. There are several
> floors in my environment each having thier own subnet. During
> deployment, while trying to add clients to the domain, I have
> encountered numerous errors including RPC server not available and
> Domain controller is down or unavailable. After a few tries on the
> same workstations it would finally allow me to join the domain.
> Eventually, all machines were finally able to join. I configured them
> with all GPOs policies applied.
> Now, after working for a few hours or so, it does not gather GPO
> policy but logs into the server. In the event viewer I am getting
> errors event id 1054, stating "no domain controller available". I am
> aware that this is a DNS issue but I have TRIPLE checked the DNS
> server and it is completely configured properly. Also, I have looked
> and followed all the procedures I found online based on this issue.
> If I do NSlookup from the problematic clients, the correct DNS server
> shows and it responds to ping command. What is further complicating
> the scenario, is that machines elsewhere are not encountering this
> problem at all.
> So, since it seems to be isolated, there are a few conclusions that I
> think. First, all clients are attached to a hub which goes directly
> to the wire closet (bad infrastructure, but this was before me) then
> into a switch. Are there known issues involving this type of wiring
> scenario?
> Second, All client station are gigabit cards but are running on
> 10/100, so I am not sure if it is the negotiation problem known with
> Gigabit NICs. Third, Why would it originally work, that is locating
> the domain controller and then all of sudden not be able to. Is there
> something that may need to be configured on GPO about timeout in
> network connections?
> Fourth, I have read that SMB has issues with XP and 2003. I have
> disable digital signatuires and I am still having this problem. I am
> also logging W32time service errors......Can this also prevent
> clients from locating the proper domain controller (BTW, this event
> is happening at the server not the clients).
> Fifth, after looking AD users and computer, I find that some computer
> accounts are becoming disabled by the server. I literally have to go
> and enable each one. I have absolutely no clue why this is
> happening!!!!
>
> Any suggestions,
> TIA,
> Altria

Well, to start off, the Gigabit NICs are running downlevel since the hub or
switch its connected to probably doesn't support Gigabit. Unless, there is a
bad wire somewhere, which I've found can cause a nightmare of headaches and
issues if not found.

That said, usually GPO, and other AD issues, (RPC, domain controller not
found, etc) tend to be DNS issues if all other things are eliminated (such
as above). I've seen multitude of times when it works sometimes and
sometimes not, could be a DNS client config, and not necessarily the DNS
server itself. If you like, please post ths info below from one of your DCs
and one of your clients, and I can at least eliminate that as a possiblity


1. Unedited ipconfig /all
2. The zone name in DNS and whether updates are allowed on the zone.
3. The AD DNS domain name.
4. If the SRV records exist under your zone.

Also, the SMB issue is usually not between XP and 2003, but rather from
backward level clients, NT4, 98 and older. That's actually 'Network Server:
always negotiate secure setting as shown in the article below. When we use a
DOS machine to connect, we need to disable that setting:

811497 - Error Message When Windows 95 or Windows NT 4.0 Client Logs On to
Windows Server 2003 Domain:
http://support.microsoft.com/?id=811497

Looking forward to your config info.

Thanks!

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
=================================

Thanks Ace,
I have isolated the problem to bad wiring which I thought originally. The
cross cable running from the switch(replaced hub) does not run directly into
the wiring closet switch but actually interfaces an old DATA/VOICE(phone)
box then to the switch. Network consultants have done a shabby job to say
the least. We now have the cross cable running from the room's switch
directly into another closet switch and the connection seems stable.
If I encounter the problems again i will keep you posted!!
Thanks again,
Altria
"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@ho tmail.com> wrote in
message news:(E-Mail Removed)...
> In news:(E-Mail Removed),
> Altria <(E-Mail Removed)> asked for help and I offered my suggestions
> below:
> > Hello All,
> > I have a win2k3 AD with XP pro clients running GP. There are several
> > floors in my environment each having thier own subnet. During
> > deployment, while trying to add clients to the domain, I have
> > encountered numerous errors including RPC server not available and
> > Domain controller is down or unavailable. After a few tries on the
> > same workstations it would finally allow me to join the domain.
> > Eventually, all machines were finally able to join. I configured them
> > with all GPOs policies applied.
> > Now, after working for a few hours or so, it does not gather GPO
> > policy but logs into the server. In the event viewer I am getting
> > errors event id 1054, stating "no domain controller available". I am
> > aware that this is a DNS issue but I have TRIPLE checked the DNS
> > server and it is completely configured properly. Also, I have looked
> > and followed all the procedures I found online based on this issue.
> > If I do NSlookup from the problematic clients, the correct DNS server
> > shows and it responds to ping command. What is further complicating
> > the scenario, is that machines elsewhere are not encountering this
> > problem at all.
> > So, since it seems to be isolated, there are a few conclusions that I
> > think. First, all clients are attached to a hub which goes directly
> > to the wire closet (bad infrastructure, but this was before me) then
> > into a switch. Are there known issues involving this type of wiring
> > scenario?
> > Second, All client station are gigabit cards but are running on
> > 10/100, so I am not sure if it is the negotiation problem known with
> > Gigabit NICs. Third, Why would it originally work, that is locating
> > the domain controller and then all of sudden not be able to. Is there
> > something that may need to be configured on GPO about timeout in
> > network connections?
> > Fourth, I have read that SMB has issues with XP and 2003. I have
> > disable digital signatuires and I am still having this problem. I am
> > also logging W32time service errors......Can this also prevent
> > clients from locating the proper domain controller (BTW, this event
> > is happening at the server not the clients).
> > Fifth, after looking AD users and computer, I find that some computer
> > accounts are becoming disabled by the server. I literally have to go
> > and enable each one. I have absolutely no clue why this is
> > happening!!!!
> >
> > Any suggestions,
> > TIA,
> > Altria
>
> Well, to start off, the Gigabit NICs are running downlevel since the hub
or
> switch its connected to probably doesn't support Gigabit. Unless, there is
a
> bad wire somewhere, which I've found can cause a nightmare of headaches
and
> issues if not found.
>
> That said, usually GPO, and other AD issues, (RPC, domain controller not
> found, etc) tend to be DNS issues if all other things are eliminated (such
> as above). I've seen multitude of times when it works sometimes and
> sometimes not, could be a DNS client config, and not necessarily the DNS
> server itself. If you like, please post ths info below from one of your
DCs
> and one of your clients, and I can at least eliminate that as a possiblity
>
>
> 1. Unedited ipconfig /all
> 2. The zone name in DNS and whether updates are allowed on the zone.
> 3. The AD DNS domain name.
> 4. If the SRV records exist under your zone.
>
> Also, the SMB issue is usually not between XP and 2003, but rather from
> backward level clients, NT4, 98 and older. That's actually 'Network
Server:
> always negotiate secure setting as shown in the article below. When we use
a
> DOS machine to connect, we need to disable that setting:
>
> 811497 - Error Message When Windows 95 or Windows NT 4.0 Client Logs On to
> Windows Server 2003 Domain:
> http://support.microsoft.com/?id=811497
>
> Looking forward to your config info.
>
> Thanks!
>
> --
> Regards,
> Ace
>
> Please direct all replies ONLY to the Microsoft public newsgroups
> so all can benefit.
>
> This posting is provided "AS-IS" with no warranties or guarantees
> and confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
> Microsoft Windows MVP - Windows Server - Directory Services
>
> Security Is Like An Onion, It Has Layers
> HAM AND EGGS: A day's work for a chicken;
> A lifetime commitment for a pig.
> --
> =================================
>
>

In news:(E-Mail Removed),
Altria <(E-Mail Removed)> made a post then I commented below
> Thanks Ace,
> I have isolated the problem to bad wiring which I thought originally.
> The cross cable running from the switch(replaced hub) does not run
> directly into the wiring closet switch but actually interfaces an old
> DATA/VOICE(phone) box then to the switch. Network consultants have
> done a shabby job to say the least. We now have the cross cable
> running from the room's switch directly into another closet switch
> and the connection seems stable.
> If I encounter the problems again i will keep you posted!!
> Thanks again,
> Altria

Wiring! :-)
If the prob continues, please do post back!

:-)

Ace