Joint 2003 Server to Domain over Checkpoint VPN

Hi

I have installed a 2003 Server in a branch office, unfortunately I am not
able to join it to domain. I have reviewed many articles, but can not find
any work-arounds?

Any help very much appreciated

Richard


Rich@DT

Hi Richard,
You have two Checkpoint firewalls making a site to site VPN? Is all traffic
allowed over the VPN? Do you already have clients at the branch that are
connected, or is this the first connection? What exactly is the error you
get? Are you able fully to manage the unjoined server remotely, or does
anything fail?
Anthony,
http://www.airdesk.co.uk


"Rich@DT" <(E-Mail Removed)> wrote in message
news:FB668867-66D2-48E3-AF7A-(E-Mail Removed)...
> Hi
>
> I have installed a 2003 Server in a branch office, unfortunately I am not
> able to join it to domain. I have reviewed many articles, but can not find
> any work-arounds?
>
> Any help very much appreciated
>
> Richard

Hi Anthony,

Its a site to site vpn, with existing xp clients, apparently joined to the
domain prior to site deliver. Here are a few example logs from the 2003
Server:
Event Type: Error
Event Source: Userenv
Event Category: None
Event ID: 1053
Date: 02/04/2008
Time: 14:46:58
User: NT AUTHORITY\SYSTEM
Computer: GHOSTPARIS
Description:
Windows cannot determine the user or computer name. (The specified domain
either does not exist or could not be contacted. ). Group Policy processing
aborted.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Warning
Event Source: W32Time
Event Category: None
Event ID: 18
Date: 02/04/2008
Time: 15:06:08
User: N/A
Computer: GHOSTPARIS
Description:
The time provider NtpClient failed to establish a trust relationship between
this computer and the dt.net domain in order to securely synchronize time.
NtpClient will try again in 30 minutes. The error was: The trust relationship
between this workstation and the primary domain failed. (0x800706FD)

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.

Event Type: Error
Event Source: NETLOGON
Event Category: None
Event ID: 5719
Date: 02/04/2008
Time: 14:28:50
User: N/A
Computer: GHOSTPARIS
Description:
This computer was not able to set up a secure session with a domain
controller in domain DT due to the following:
Not enough storage is available to process this command.
This may lead to authentication problems. Make sure that this computer is
connected to the network. If the problem persists, please contact your domain
administrator.

ADDITIONAL INFO
If this computer is a domain controller for the specified domain, it sets up
the secure session to the primary domain controller emulator in the specified
domain. Otherwise, this computer sets up the secure session to any domain
controller in the specified domain.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 17 00 00 c0 ...À


Best regards
Richard





"Anthony [MVP]" wrote:

> Hi Richard,
> You have two Checkpoint firewalls making a site to site VPN? Is all traffic
> allowed over the VPN? Do you already have clients at the branch that are
> connected, or is this the first connection? What exactly is the error you
> get? Are you able fully to manage the unjoined server remotely, or does
> anything fail?
> Anthony,
> http://www.airdesk.co.uk
>
>
> "Rich@DT" <(E-Mail Removed)> wrote in message
> news:FB668867-66D2-48E3-AF7A-(E-Mail Removed)...
> > Hi
> >
> > I have installed a 2003 Server in a branch office, unfortunately I am not
> > able to join it to domain. I have reviewed many articles, but can not find
> > any work-arounds?
> >
> > Any help very much appreciated
> >
> > Richard
>
>
>

OK, all we know at the moment is that the server can not connect to the DC.
We need to a) see whether the VPN is working correctly and b) see whether
the server is configured correctly.

-----VPN-----
Is all traffic allowed, or is it filtered?
Do the XP workstations have any similar errors?
Can you do domain operations between the workstations and the DC, like
Manage the computer, remote registry etc.
Can you copy a large file successfully over the VPN?

-------Server Config-------
Is the DNS set up correctly?
Can you ping "dt" and "dt.com"?
Did it join the domain successfully (is it a Ghosted image or is that just a
coincidence?)?
What error do you get if, from the server, you try to "Manage" the DC or
bring up an Active Directory mmc to connect to the DC? and vice versa?
What OS and Service Pack? If W2K3 SP2, is it this:
http://support.microsoft.com/kb/936594/en-us

Hope that helps,
Anthony
http://www.airdesk.co.uk



"Rich@DT" <(E-Mail Removed)> wrote in message
news:7CBAC8B2-9074-4AFC-A024-(E-Mail Removed)...
> Hi Anthony,
>
> Its a site to site vpn, with existing xp clients, apparently joined to the
> domain prior to site deliver. Here are a few example logs from the 2003
> Server:
> Event Type: Error
> Event Source: Userenv
> Event Category: None
> Event ID: 1053
> Date: 02/04/2008
> Time: 14:46:58
> User: NT AUTHORITY\SYSTEM
> Computer: GHOSTPARIS
> Description:
> Windows cannot determine the user or computer name. (The specified domain
> either does not exist or could not be contacted. ). Group Policy
> processing
> aborted.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> Event Type: Warning
> Event Source: W32Time
> Event Category: None
> Event ID: 18
> Date: 02/04/2008
> Time: 15:06:08
> User: N/A
> Computer: GHOSTPARIS
> Description:
> The time provider NtpClient failed to establish a trust relationship
> between
> this computer and the dt.net domain in order to securely synchronize time.
> NtpClient will try again in 30 minutes. The error was: The trust
> relationship
> between this workstation and the primary domain failed. (0x800706FD)
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> Event Type: Error
> Event Source: NETLOGON
> Event Category: None
> Event ID: 5719
> Date: 02/04/2008
> Time: 14:28:50
> User: N/A
> Computer: GHOSTPARIS
> Description:
> This computer was not able to set up a secure session with a domain
> controller in domain DT due to the following:
> Not enough storage is available to process this command.
> This may lead to authentication problems. Make sure that this computer is
> connected to the network. If the problem persists, please contact your
> domain
> administrator.
>
> ADDITIONAL INFO
> If this computer is a domain controller for the specified domain, it sets
> up
> the secure session to the primary domain controller emulator in the
> specified
> domain. Otherwise, this computer sets up the secure session to any domain
> controller in the specified domain.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
> Data:
> 0000: 17 00 00 c0 ...À
>
>
> Best regards
> Richard
>
>
>
>
>
> "Anthony [MVP]" wrote:
>
>> Hi Richard,
>> You have two Checkpoint firewalls making a site to site VPN? Is all
>> traffic
>> allowed over the VPN? Do you already have clients at the branch that are
>> connected, or is this the first connection? What exactly is the error you
>> get? Are you able fully to manage the unjoined server remotely, or does
>> anything fail?
>> Anthony,
>> http://www.airdesk.co.uk
>>
>>
>> "Rich@DT" <(E-Mail Removed)> wrote in message
>> news:FB668867-66D2-48E3-AF7A-(E-Mail Removed)...
>> > Hi
>> >
>> > I have installed a 2003 Server in a branch office, unfortunately I am
>> > not
>> > able to join it to domain. I have reviewed many articles, but can not
>> > find
>> > any work-arounds?
>> >
>> > Any help very much appreciated
>> >
>> > Richard
>>
>>
>>

Hi Anthony

When we use any resource on the home network, the XP machines get prompted
for a domain login.

Does 2003 use a directed broadcast to find a DC? or does it use DNS to
locate a DC record. I'm wondering if this is a fragmentation problem on the
VPN. Will do a network capture and let you know.

Richard



"Anthony [MVP]" wrote:

> OK, all we know at the moment is that the server can not connect to the DC.
> We need to a) see whether the VPN is working correctly and b) see whether
> the server is configured correctly.
>
> -----VPN-----
> Is all traffic allowed, or is it filtered?
> Do the XP workstations have any similar errors?
> Can you do domain operations between the workstations and the DC, like
> Manage the computer, remote registry etc.
> Can you copy a large file successfully over the VPN?
>
> -------Server Config-------
> Is the DNS set up correctly?
> Can you ping "dt" and "dt.com"?
> Did it join the domain successfully (is it a Ghosted image or is that just a
> coincidence?)?
> What error do you get if, from the server, you try to "Manage" the DC or
> bring up an Active Directory mmc to connect to the DC? and vice versa?
> What OS and Service Pack? If W2K3 SP2, is it this:
> http://support.microsoft.com/kb/936594/en-us
>
> Hope that helps,
> Anthony
> http://www.airdesk.co.uk
>
>
>
> "Rich@DT" <(E-Mail Removed)> wrote in message
> news:7CBAC8B2-9074-4AFC-A024-(E-Mail Removed)...
> > Hi Anthony,
> >
> > Its a site to site vpn, with existing xp clients, apparently joined to the
> > domain prior to site deliver. Here are a few example logs from the 2003
> > Server:
> > Event Type: Error
> > Event Source: Userenv
> > Event Category: None
> > Event ID: 1053
> > Date: 02/04/2008
> > Time: 14:46:58
> > User: NT AUTHORITY\SYSTEM
> > Computer: GHOSTPARIS
> > Description:
> > Windows cannot determine the user or computer name. (The specified domain
> > either does not exist or could not be contacted. ). Group Policy
> > processing
> > aborted.
> >
> > For more information, see Help and Support Center at
> > http://go.microsoft.com/fwlink/events.asp.
> >
> > Event Type: Warning
> > Event Source: W32Time
> > Event Category: None
> > Event ID: 18
> > Date: 02/04/2008
> > Time: 15:06:08
> > User: N/A
> > Computer: GHOSTPARIS
> > Description:
> > The time provider NtpClient failed to establish a trust relationship
> > between
> > this computer and the dt.net domain in order to securely synchronize time.
> > NtpClient will try again in 30 minutes. The error was: The trust
> > relationship
> > between this workstation and the primary domain failed. (0x800706FD)
> >
> > For more information, see Help and Support Center at
> > http://go.microsoft.com/fwlink/events.asp.
> >
> > Event Type: Error
> > Event Source: NETLOGON
> > Event Category: None
> > Event ID: 5719
> > Date: 02/04/2008
> > Time: 14:28:50
> > User: N/A
> > Computer: GHOSTPARIS
> > Description:
> > This computer was not able to set up a secure session with a domain
> > controller in domain DT due to the following:
> > Not enough storage is available to process this command.
> > This may lead to authentication problems. Make sure that this computer is
> > connected to the network. If the problem persists, please contact your
> > domain
> > administrator.
> >
> > ADDITIONAL INFO
> > If this computer is a domain controller for the specified domain, it sets
> > up
> > the secure session to the primary domain controller emulator in the
> > specified
> > domain. Otherwise, this computer sets up the secure session to any domain
> > controller in the specified domain.
> >
> > For more information, see Help and Support Center at
> > http://go.microsoft.com/fwlink/events.asp.
> > Data:
> > 0000: 17 00 00 c0 ...À
> >
> >
> > Best regards
> > Richard
> >
> >
> >
> >
> >
> > "Anthony [MVP]" wrote:
> >
> >> Hi Richard,
> >> You have two Checkpoint firewalls making a site to site VPN? Is all
> >> traffic
> >> allowed over the VPN? Do you already have clients at the branch that are
> >> connected, or is this the first connection? What exactly is the error you
> >> get? Are you able fully to manage the unjoined server remotely, or does
> >> anything fail?
> >> Anthony,
> >> http://www.airdesk.co.uk
> >>
> >>
> >> "Rich@DT" <(E-Mail Removed)> wrote in message
> >> news:FB668867-66D2-48E3-AF7A-(E-Mail Removed)...
> >> > Hi
> >> >
> >> > I have installed a 2003 Server in a branch office, unfortunately I am
> >> > not
> >> > able to join it to domain. I have reviewed many articles, but can not
> >> > find
> >> > any work-arounds?
> >> >
> >> > Any help very much appreciated
> >> >
> >> > Richard
> >>
> >>
> >>
>
>
>

As Anthony said, the first thing to check is that the routing and name
resolution is working across the link. Do all machines use the DC as their
DNS server? Can you do an nslookup from the branch office for the original
DC at the main office?

Active Directory uses DNS to find a logon server. Are the workstations
in the branch joined to the domain?

"Rich@DT" <(E-Mail Removed)> wrote in message
news:4E8B4BD5-123D-450E-990B-(E-Mail Removed)...
> Hi Anthony
>
> When we use any resource on the home network, the XP machines get prompted
> for a domain login.
>
> Does 2003 use a directed broadcast to find a DC? or does it use DNS to
> locate a DC record. I'm wondering if this is a fragmentation problem on
> the
> VPN. Will do a network capture and let you know.
>
> Richard
>
>
>
> "Anthony [MVP]" wrote:
>
>> OK, all we know at the moment is that the server can not connect to the
>> DC.
>> We need to a) see whether the VPN is working correctly and b) see whether
>> the server is configured correctly.
>>
>> -----VPN-----
>> Is all traffic allowed, or is it filtered?
>> Do the XP workstations have any similar errors?
>> Can you do domain operations between the workstations and the DC, like
>> Manage the computer, remote registry etc.
>> Can you copy a large file successfully over the VPN?
>>
>> -------Server Config-------
>> Is the DNS set up correctly?
>> Can you ping "dt" and "dt.com"?
>> Did it join the domain successfully (is it a Ghosted image or is that
>> just a
>> coincidence?)?
>> What error do you get if, from the server, you try to "Manage" the DC or
>> bring up an Active Directory mmc to connect to the DC? and vice versa?
>> What OS and Service Pack? If W2K3 SP2, is it this:
>> http://support.microsoft.com/kb/936594/en-us
>>
>> Hope that helps,
>> Anthony
>> http://www.airdesk.co.uk
>>
>>
>>
>> "Rich@DT" <(E-Mail Removed)> wrote in message
>> news:7CBAC8B2-9074-4AFC-A024-(E-Mail Removed)...
>> > Hi Anthony,
>> >
>> > Its a site to site vpn, with existing xp clients, apparently joined to
>> > the
>> > domain prior to site deliver. Here are a few example logs from the 2003
>> > Server:
>> > Event Type: Error
>> > Event Source: Userenv
>> > Event Category: None
>> > Event ID: 1053
>> > Date: 02/04/2008
>> > Time: 14:46:58
>> > User: NT AUTHORITY\SYSTEM
>> > Computer: GHOSTPARIS
>> > Description:
>> > Windows cannot determine the user or computer name. (The specified
>> > domain
>> > either does not exist or could not be contacted. ). Group Policy
>> > processing
>> > aborted.
>> >
>> > For more information, see Help and Support Center at
>> > http://go.microsoft.com/fwlink/events.asp.
>> >
>> > Event Type: Warning
>> > Event Source: W32Time
>> > Event Category: None
>> > Event ID: 18
>> > Date: 02/04/2008
>> > Time: 15:06:08
>> > User: N/A
>> > Computer: GHOSTPARIS
>> > Description:
>> > The time provider NtpClient failed to establish a trust relationship
>> > between
>> > this computer and the dt.net domain in order to securely synchronize
>> > time.
>> > NtpClient will try again in 30 minutes. The error was: The trust
>> > relationship
>> > between this workstation and the primary domain failed. (0x800706FD)
>> >
>> > For more information, see Help and Support Center at
>> > http://go.microsoft.com/fwlink/events.asp.
>> >
>> > Event Type: Error
>> > Event Source: NETLOGON
>> > Event Category: None
>> > Event ID: 5719
>> > Date: 02/04/2008
>> > Time: 14:28:50
>> > User: N/A
>> > Computer: GHOSTPARIS
>> > Description:
>> > This computer was not able to set up a secure session with a domain
>> > controller in domain DT due to the following:
>> > Not enough storage is available to process this command.
>> > This may lead to authentication problems. Make sure that this computer
>> > is
>> > connected to the network. If the problem persists, please contact your
>> > domain
>> > administrator.
>> >
>> > ADDITIONAL INFO
>> > If this computer is a domain controller for the specified domain, it
>> > sets
>> > up
>> > the secure session to the primary domain controller emulator in the
>> > specified
>> > domain. Otherwise, this computer sets up the secure session to any
>> > domain
>> > controller in the specified domain.
>> >
>> > For more information, see Help and Support Center at
>> > http://go.microsoft.com/fwlink/events.asp.
>> > Data:
>> > 0000: 17 00 00 c0 ...À
>> >
>> >
>> > Best regards
>> > Richard
>> >
>> >
>> >
>> >
>> >
>> > "Anthony [MVP]" wrote:
>> >
>> >> Hi Richard,
>> >> You have two Checkpoint firewalls making a site to site VPN? Is all
>> >> traffic
>> >> allowed over the VPN? Do you already have clients at the branch that
>> >> are
>> >> connected, or is this the first connection? What exactly is the error
>> >> you
>> >> get? Are you able fully to manage the unjoined server remotely, or
>> >> does
>> >> anything fail?
>> >> Anthony,
>> >> http://www.airdesk.co.uk
>> >>
>> >>
>> >> "Rich@DT" <(E-Mail Removed)> wrote in message
>> >> news:FB668867-66D2-48E3-AF7A-(E-Mail Removed)...
>> >> > Hi
>> >> >
>> >> > I have installed a 2003 Server in a branch office, unfortunately I
>> >> > am
>> >> > not
>> >> > able to join it to domain. I have reviewed many articles, but can
>> >> > not
>> >> > find
>> >> > any work-arounds?
>> >> >
>> >> > Any help very much appreciated
>> >> >
>> >> > Richard
>> >>
>> >>
>> >>
>>
>>
>>

Name rsolution works fine.

I spoke with our firewall people, and they see fragmentation happening on
the vpn, that being the case the DC is proably dropping the fragmented
packets?



"Bill Grant" wrote:

> As Anthony said, the first thing to check is that the routing and name
> resolution is working across the link. Do all machines use the DC as their
> DNS server? Can you do an nslookup from the branch office for the original
> DC at the main office?
>
> Active Directory uses DNS to find a logon server. Are the workstations
> in the branch joined to the domain?
>
> "Rich@DT" <(E-Mail Removed)> wrote in message
> news:4E8B4BD5-123D-450E-990B-(E-Mail Removed)...
> > Hi Anthony
> >
> > When we use any resource on the home network, the XP machines get prompted
> > for a domain login.
> >
> > Does 2003 use a directed broadcast to find a DC? or does it use DNS to
> > locate a DC record. I'm wondering if this is a fragmentation problem on
> > the
> > VPN. Will do a network capture and let you know.
> >
> > Richard
> >
> >
> >
> > "Anthony [MVP]" wrote:
> >
> >> OK, all we know at the moment is that the server can not connect to the
> >> DC.
> >> We need to a) see whether the VPN is working correctly and b) see whether
> >> the server is configured correctly.
> >>
> >> -----VPN-----
> >> Is all traffic allowed, or is it filtered?
> >> Do the XP workstations have any similar errors?
> >> Can you do domain operations between the workstations and the DC, like
> >> Manage the computer, remote registry etc.
> >> Can you copy a large file successfully over the VPN?
> >>
> >> -------Server Config-------
> >> Is the DNS set up correctly?
> >> Can you ping "dt" and "dt.com"?
> >> Did it join the domain successfully (is it a Ghosted image or is that
> >> just a
> >> coincidence?)?
> >> What error do you get if, from the server, you try to "Manage" the DC or
> >> bring up an Active Directory mmc to connect to the DC? and vice versa?
> >> What OS and Service Pack? If W2K3 SP2, is it this:
> >> http://support.microsoft.com/kb/936594/en-us
> >>
> >> Hope that helps,
> >> Anthony
> >> http://www.airdesk.co.uk
> >>
> >>
> >>
> >> "Rich@DT" <(E-Mail Removed)> wrote in message
> >> news:7CBAC8B2-9074-4AFC-A024-(E-Mail Removed)...
> >> > Hi Anthony,
> >> >
> >> > Its a site to site vpn, with existing xp clients, apparently joined to
> >> > the
> >> > domain prior to site deliver. Here are a few example logs from the 2003
> >> > Server:
> >> > Event Type: Error
> >> > Event Source: Userenv
> >> > Event Category: None
> >> > Event ID: 1053
> >> > Date: 02/04/2008
> >> > Time: 14:46:58
> >> > User: NT AUTHORITY\SYSTEM
> >> > Computer: GHOSTPARIS
> >> > Description:
> >> > Windows cannot determine the user or computer name. (The specified
> >> > domain
> >> > either does not exist or could not be contacted. ). Group Policy
> >> > processing
> >> > aborted.
> >> >
> >> > For more information, see Help and Support Center at
> >> > http://go.microsoft.com/fwlink/events.asp.
> >> >
> >> > Event Type: Warning
> >> > Event Source: W32Time
> >> > Event Category: None
> >> > Event ID: 18
> >> > Date: 02/04/2008
> >> > Time: 15:06:08
> >> > User: N/A
> >> > Computer: GHOSTPARIS
> >> > Description:
> >> > The time provider NtpClient failed to establish a trust relationship
> >> > between
> >> > this computer and the dt.net domain in order to securely synchronize
> >> > time.
> >> > NtpClient will try again in 30 minutes. The error was: The trust
> >> > relationship
> >> > between this workstation and the primary domain failed. (0x800706FD)
> >> >
> >> > For more information, see Help and Support Center at
> >> > http://go.microsoft.com/fwlink/events.asp.
> >> >
> >> > Event Type: Error
> >> > Event Source: NETLOGON
> >> > Event Category: None
> >> > Event ID: 5719
> >> > Date: 02/04/2008
> >> > Time: 14:28:50
> >> > User: N/A
> >> > Computer: GHOSTPARIS
> >> > Description:
> >> > This computer was not able to set up a secure session with a domain
> >> > controller in domain DT due to the following:
> >> > Not enough storage is available to process this command.
> >> > This may lead to authentication problems. Make sure that this computer
> >> > is
> >> > connected to the network. If the problem persists, please contact your
> >> > domain
> >> > administrator.
> >> >
> >> > ADDITIONAL INFO
> >> > If this computer is a domain controller for the specified domain, it
> >> > sets
> >> > up
> >> > the secure session to the primary domain controller emulator in the
> >> > specified
> >> > domain. Otherwise, this computer sets up the secure session to any
> >> > domain
> >> > controller in the specified domain.
> >> >
> >> > For more information, see Help and Support Center at
> >> > http://go.microsoft.com/fwlink/events.asp.
> >> > Data:
> >> > 0000: 17 00 00 c0 ...À
> >> >
> >> >
> >> > Best regards
> >> > Richard
> >> >
> >> >
> >> >
> >> >
> >> >
> >> > "Anthony [MVP]" wrote:
> >> >
> >> >> Hi Richard,
> >> >> You have two Checkpoint firewalls making a site to site VPN? Is all
> >> >> traffic
> >> >> allowed over the VPN? Do you already have clients at the branch that
> >> >> are
> >> >> connected, or is this the first connection? What exactly is the error
> >> >> you
> >> >> get? Are you able fully to manage the unjoined server remotely, or
> >> >> does
> >> >> anything fail?
> >> >> Anthony,
> >> >> http://www.airdesk.co.uk
> >> >>
> >> >>
> >> >> "Rich@DT" <(E-Mail Removed)> wrote in message
> >> >> news:FB668867-66D2-48E3-AF7A-(E-Mail Removed)...
> >> >> > Hi
> >> >> >
> >> >> > I have installed a 2003 Server in a branch office, unfortunately I
> >> >> > am
> >> >> > not
> >> >> > able to join it to domain. I have reviewed many articles, but can
> >> >> > not
> >> >> > find
> >> >> > any work-arounds?
> >> >> >
> >> >> > Any help very much appreciated
> >> >> >
> >> >> > Richard
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
>
>

I would make sure the VPN is working correctly first, yes.
Anthony,
http://www.airdesk.co.uk


"Richard@dt" <(E-Mail Removed)> wrote in message
news3E54E46-6FC2-464F-8AB1-(E-Mail Removed)...
> Name rsolution works fine.
>
> I spoke with our firewall people, and they see fragmentation happening on
> the vpn, that being the case the DC is proably dropping the fragmented
> packets?
>
>
>
> "Bill Grant" wrote:
>
>> As Anthony said, the first thing to check is that the routing and name
>> resolution is working across the link. Do all machines use the DC as
>> their
>> DNS server? Can you do an nslookup from the branch office for the
>> original
>> DC at the main office?
>>
>> Active Directory uses DNS to find a logon server. Are the
>> workstations
>> in the branch joined to the domain?
>>
>> "Rich@DT" <(E-Mail Removed)> wrote in message
>> news:4E8B4BD5-123D-450E-990B-(E-Mail Removed)...
>> > Hi Anthony
>> >
>> > When we use any resource on the home network, the XP machines get
>> > prompted
>> > for a domain login.
>> >
>> > Does 2003 use a directed broadcast to find a DC? or does it use DNS to
>> > locate a DC record. I'm wondering if this is a fragmentation problem on
>> > the
>> > VPN. Will do a network capture and let you know.
>> >
>> > Richard
>> >
>> >
>> >
>> > "Anthony [MVP]" wrote:
>> >
>> >> OK, all we know at the moment is that the server can not connect to
>> >> the
>> >> DC.
>> >> We need to a) see whether the VPN is working correctly and b) see
>> >> whether
>> >> the server is configured correctly.
>> >>
>> >> -----VPN-----
>> >> Is all traffic allowed, or is it filtered?
>> >> Do the XP workstations have any similar errors?
>> >> Can you do domain operations between the workstations and the DC, like
>> >> Manage the computer, remote registry etc.
>> >> Can you copy a large file successfully over the VPN?
>> >>
>> >> -------Server Config-------
>> >> Is the DNS set up correctly?
>> >> Can you ping "dt" and "dt.com"?
>> >> Did it join the domain successfully (is it a Ghosted image or is that
>> >> just a
>> >> coincidence?)?
>> >> What error do you get if, from the server, you try to "Manage" the DC
>> >> or
>> >> bring up an Active Directory mmc to connect to the DC? and vice versa?
>> >> What OS and Service Pack? If W2K3 SP2, is it this:
>> >> http://support.microsoft.com/kb/936594/en-us
>> >>
>> >> Hope that helps,
>> >> Anthony
>> >> http://www.airdesk.co.uk
>> >>
>> >>
>> >>
>> >> "Rich@DT" <(E-Mail Removed)> wrote in message
>> >> news:7CBAC8B2-9074-4AFC-A024-(E-Mail Removed)...
>> >> > Hi Anthony,
>> >> >
>> >> > Its a site to site vpn, with existing xp clients, apparently joined
>> >> > to
>> >> > the
>> >> > domain prior to site deliver. Here are a few example logs from the
>> >> > 2003
>> >> > Server:
>> >> > Event Type: Error
>> >> > Event Source: Userenv
>> >> > Event Category: None
>> >> > Event ID: 1053
>> >> > Date: 02/04/2008
>> >> > Time: 14:46:58
>> >> > User: NT AUTHORITY\SYSTEM
>> >> > Computer: GHOSTPARIS
>> >> > Description:
>> >> > Windows cannot determine the user or computer name. (The specified
>> >> > domain
>> >> > either does not exist or could not be contacted. ). Group Policy
>> >> > processing
>> >> > aborted.
>> >> >
>> >> > For more information, see Help and Support Center at
>> >> > http://go.microsoft.com/fwlink/events.asp.
>> >> >
>> >> > Event Type: Warning
>> >> > Event Source: W32Time
>> >> > Event Category: None
>> >> > Event ID: 18
>> >> > Date: 02/04/2008
>> >> > Time: 15:06:08
>> >> > User: N/A
>> >> > Computer: GHOSTPARIS
>> >> > Description:
>> >> > The time provider NtpClient failed to establish a trust relationship
>> >> > between
>> >> > this computer and the dt.net domain in order to securely synchronize
>> >> > time.
>> >> > NtpClient will try again in 30 minutes. The error was: The trust
>> >> > relationship
>> >> > between this workstation and the primary domain failed. (0x800706FD)
>> >> >
>> >> > For more information, see Help and Support Center at
>> >> > http://go.microsoft.com/fwlink/events.asp.
>> >> >
>> >> > Event Type: Error
>> >> > Event Source: NETLOGON
>> >> > Event Category: None
>> >> > Event ID: 5719
>> >> > Date: 02/04/2008
>> >> > Time: 14:28:50
>> >> > User: N/A
>> >> > Computer: GHOSTPARIS
>> >> > Description:
>> >> > This computer was not able to set up a secure session with a domain
>> >> > controller in domain DT due to the following:
>> >> > Not enough storage is available to process this command.
>> >> > This may lead to authentication problems. Make sure that this
>> >> > computer
>> >> > is
>> >> > connected to the network. If the problem persists, please contact
>> >> > your
>> >> > domain
>> >> > administrator.
>> >> >
>> >> > ADDITIONAL INFO
>> >> > If this computer is a domain controller for the specified domain, it
>> >> > sets
>> >> > up
>> >> > the secure session to the primary domain controller emulator in the
>> >> > specified
>> >> > domain. Otherwise, this computer sets up the secure session to any
>> >> > domain
>> >> > controller in the specified domain.
>> >> >
>> >> > For more information, see Help and Support Center at
>> >> > http://go.microsoft.com/fwlink/events.asp.
>> >> > Data:
>> >> > 0000: 17 00 00 c0 ...À
>> >> >
>> >> >
>> >> > Best regards
>> >> > Richard
>> >> >
>> >> >
>> >> >
>> >> >
>> >> >
>> >> > "Anthony [MVP]" wrote:
>> >> >
>> >> >> Hi Richard,
>> >> >> You have two Checkpoint firewalls making a site to site VPN? Is all
>> >> >> traffic
>> >> >> allowed over the VPN? Do you already have clients at the branch
>> >> >> that
>> >> >> are
>> >> >> connected, or is this the first connection? What exactly is the
>> >> >> error
>> >> >> you
>> >> >> get? Are you able fully to manage the unjoined server remotely, or
>> >> >> does
>> >> >> anything fail?
>> >> >> Anthony,
>> >> >> http://www.airdesk.co.uk
>> >> >>
>> >> >>
>> >> >> "Rich@DT" <(E-Mail Removed)> wrote in message
>> >> >> news:FB668867-66D2-48E3-AF7A-(E-Mail Removed)...
>> >> >> > Hi
>> >> >> >
>> >> >> > I have installed a 2003 Server in a branch office, unfortunately
>> >> >> > I
>> >> >> > am
>> >> >> > not
>> >> >> > able to join it to domain. I have reviewed many articles, but can
>> >> >> > not
>> >> >> > find
>> >> >> > any work-arounds?
>> >> >> >
>> >> >> > Any help very much appreciated
>> >> >> >
>> >> >> > Richard
>> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>> >>
>>
>>