We just set up our new Win 2008 Server, and we would like to join this Win
2008 from workgroup to the existed Win 2003 domain MyDomain.com.
The Win2008's DNS is set to the Win2003 AD domain controler, and the DNS in
the 2003 AD Domain Controler, I've added an A
record for the Win 2008 Server (FQDN = Win2008.MyDomain.com).
However, still won't make it.
I'm thinking the Win 2008 is very different from the Win 2003...
How can I fix the problem?
Thanks for help.
Jason
First there is no need to pre-create an A record, will be done automatically
when the domain is joined.
Which error message is shown when you try to join the server to the domain?
Normally there is no problem to join a Windows server 2008 to the Windows
server 2003 domain. Only if the 2008 machien should become domain controller
you have to upgrade the schema for it, but this is also no problem.
Additional post an unedited ipconfig /all from the 2008 and the 2003 machine,
so we can exclude DNS as a problem.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"Jason Huang" <JasonHu...@hotmail.com> wrote in message
news:uvwoDfRj...@TK2MSFTNGP02.phx.gbl...
Windows 2008 and 2003 functionality is basically the same regarding domain
memberships. Please provide the info requested by Paul and Meinolf to help
us assist in diagnosing this issue.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP: Directory Services
For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MVP Directory Services
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Jason Huang" <JasonHu...@hotmail.com> wrote in message
news:uvwoDfRj...@TK2MSFTNGP02.phx.gbl...
Error message is: Logon Failure: The target account name is incorrect.
The Win 2003 Server ipconfig /all output:
Windows IP Configuration
Host Name . . . . . . . . . . . . : Win2003
Primary Dns Suffix . . . . . . . : mycom.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : Yes
DNS Suffix Search List. . . . . . : mycom.com
com
Ethernet adapter :
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-aa-bb-cc-dd-ee
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.1
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 192.168.0.51
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.0.51
Primary WINS Server . . . . . . . : 192.168.0.200
The Win 2008 Server ipconfig /all output:
Windows IP Configuration
Host Name . . . . . . . . . . . . : Win2008
Primary Dns Suffix . . . . . . . : mycom.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mycom.com
Ethernet adapter ???? 3:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE
(NDIS VBD ???) #2
Physical Address. . . . . . . . . : 00-aa-cc-DC-48-02
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter ???? 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE
(NDIS VBD ???)
Physical Address. . . . . . . . . : 00-aa-cc-DC-48-00
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
168.95.1.1
Primary WINS Server . . . . . . . : 192.168.0.200
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{3DE69E6B-1374-422A-8E42-C0CC5768BA2B}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{8067047D-397A-4917-8A94-9DB2260D971D}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . :
2001:0:cf2e:3096:3885:75b:3f57:9b37(Preferred)
Link-local IPv6 Address . . . . . :
fe80::3885:75b:3f57:9b37%17(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
"Paul Bergson [MVP-DS]" <pbbergs@no_spammsn.com> ���g��l��s�D:%23nD%23NBUjK...@TK2MSFTNGP05.phx.gbl...
Thank you for posting the requested info.
The reason why you are seeing errors, is because of a DNS IP addresses are
incorrect on the machines.
1. On Win2003, the DNS should be only set to 192.168.1.1. Your gateway is
192.168.0.51, but that is the router, and it doesn't have DNS running on it.
If your DC queries for a record in its own domain, it may be asking the
router, and it will not have the answer.
2. On Win2003, you should also disable WINS proxy. That's done in the
registry. Please backup your reg before making any changes.
Set the value for "EnableProxy" to 0 in the following key. This will disable
it.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netbt\Parameters\EnableProxy
More info on WINS proxy can be found here:
How to Disable NetBT Proxy on Incoming Connections
http://support.microsoft.com/kb/319848
3. On Win2008, it's using 192.168.1.1 an 168.95.1.1. I don't know what the
second IP is, so I looked it up. It is an internet DNS server. My
explanation applies to this machine, too. It must ONLY use 192.168.1.1 for
DNS. If there's anything else in there, it will cause problems to the point
that it cannot find the domain.
4. Win2003 shows 192.168.0.200 for WINS. If that is a real WINS server, also
specify that on the Win2003 machine.
Ace
Server: Win23.mycom.com
Address: 192.168.1.1
Name: mycom.com
Addresses: 192.168.1.1
192.168.2.208
192.168.2.209
192.168.2.111
192.168.2.2
192.168.2.222
192.168.2.201
192.168.2.202
192.168.2.213
192.168.2.130
192.168.2.203
192.168.2.205
192.168.2.206
192.168.2.207
Where all the 192.168.2.X is the Secondary AD controler (Win 2003) which has
multiple IP.
I'm not sure will this cause the Win 2008 join domain problem.
Thanks.
Ace already give you a good starting point for the 2 servers. Now your 3rd
machien comes into play, A DC shold NEVER be multihomed, more then one ip
address.
So please post also an unedited ipconfig /all from all additional existing
DC/DNS servers here and describe why this DC has that amount of ip addresses.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009
Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.
"Jason Huang" <JasonHu...@hotmail.com> wrote in message
news:udlp6ddj...@TK2MSFTNGP06.phx.gbl...
WOW! and WOW! Where did they come from? Is there another DC??
If there is no additional DC that is multhomed, I think possibly that you
have extra entries in DNS called the LdapIpAddress record, which shows up as
a "(same as parent)" entry. They all need to be removed leaving only the
ones for the DC.
Also, please run the following and post the results. Keep in mind, you must
go into your _msdcs. and your testadservs.net zones properties, Zone
transfers, and allow zone transfers for the commands to run. You can turn
this off after you've completed the run
c:\nslookup
> ls -t srv _msdcs.testadservs.net
(hit enter and copy/paste results)
While still in the command, then run:
> ls -d testadservs.net
(hit enter and copy/paste results)
Ace
Then you said that your existing DC (that is running Windows 2003) has the
following configuration:
IP Address 192.168.1.1
Subnet Mask 255.255.0.0
Default Gateway 192.168.0.51
DNS Servers 192.168.1.1
192.168.0.51
WINS Server 192.168.0.200
- I also assume that this DC doesn't run any other services than "Active
Directory" and "DNS", if it does, please say which ones.
- What server is the "192.168.0.200"? Is it a DC or a dedicated WINS server?
- As already stated, you should NOT USE the "192.168.0.51" as secondary DNS
server. To remove it:
1 - Remove the entry DNS entry "192.168.0.51" from IP adapter.
2 - Go to command line and run the following command (without the quotes)
"ipconfig /flushdns"
3 - Restart the DNS service on that DC.
- The second step is to run the tests that I already mentioned in my
previous post (let me know if you need help with that).
Assuming that everything is alright, now it's time to check the Server
(Windows 2008) to be added to your domain.
According with your post, the windows 2008 server to be added has the
following configuration:
IPv4 Address 192.168.1.2
Subnet Mask 255.255.0.0
Default Gateway 192.168.1.1
DNS Servers 192.168.1.1
168.95.1.1
Primary WINS Server 192.168.0.200
- The first thing that comes into my head when I look at this configuration,
is that you're running these servers to lab purposes, 16Bit mask address
sounds pretty big for 2 servers only :) and can complicate things.
Now:
- Where did the 168.95.1.1 come from?
- Again, What server is the "192.168.0.200"? Is it a DC or a dedicated WINS
server? Why it's in a different subnet?
- What is the purpose of that Windows 2008 new Server? Are you planning RRAS
for that server or something else?
My opinion, is that you're trying to do something else than just adding it
to the domain, and that should explain the reason why you're adding it so
many addresses, perhaps if you explain your entire infrastructure and your
plans for that server we could better assist you with that.
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MVP Directory Services
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Jorge Silva" <jorges...@hotmail.com> wrote in message
news:FC491F9F-AD82-4703...@microsoft.com...
The known problem for the DC ksever is it's account can't sync with the
Primary DC.
This is another DC ipconfig/all output:
Windows IP Configuration
Host Name . . . . . . . . . . . . : kserver
Primary Dns Suffix . . . . . . . : mycom.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mycom.com
com
Ethernet adapter �??�u:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/0 CT Network Connection
Physical Address. . . . . . . . . : 00-11-mm-aa-cc-80
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.2.222
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.213
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.209
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.208
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.207
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.206
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.205
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.203
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.202
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.201
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.130
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.111
Subnet Mask . . . . . . . . . . . : 255.255.0.0
IP Address. . . . . . . . . . . . : 192.168.2.2
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . : 192.168.0.51
DNS Servers . . . . . . . . . . . : 192.168.1.1
168.95.1.1
Primary WINS Server . . . . . . . : 192.168.0.200
The IP 192.168.0.200 is a real WINS Server's IP.
"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de>
???????:6cb2911dbba68...@msnews.microsoft.com...
The Win 2008 will NOT be a DC, just wanna join the Win 2003 MyCom.com
domain.
192.168.0.200 is WINS Server, not a DC.
There are two DCs in my domain, 192.168.1.1(Primary) and 192.168.2.2
(Secondary).
These two DCs have problem to SYNC with each other, due to fail to sync over
some time limit,
and these two DCs has DNS server running, but the Secondary has not added
any zone yet.
Now these two DC's tcp/ip has to only 1 dsn: 192.168.1.1, and have done the
ipconfig/flushdns.
The 168.95.1.1 is the ISP's dns.
And I have also removed some "(same as parent)" (host) A entries from the
192.168.1.1 DNS service,
leaves only two "(same as parent)" (host)A entries: 192.168.1.1,
192.168.2.2.
The reason that the DC 192.168.1.2 is multimhomed is because it is also
working as the .Net web server,
we assigned each .Net web application with a 192.168.2.x ip.
We are planning to set up the the new Win 2008 Server as MS SQL Server DB
server, and I wanna remote logging to the Win2008 from my Win XP which is
logged on to my domain already.
"Jorge Silva" <jorges...@hotmail.com>
???????:209F094F-9988-49EA...@microsoft.com...
Jason,
I can see why it can't sync. You really, and truly honestly need to not use
a DC to run a webserver. More than one IP causes numerous problems. Imagine
what happens when there are 10. I would highly suggest to use a member
server as a webserver and give it as many IPs as you want, but not a DC.
Otherwise, we really can't help you straighten this out, unless you're up to
some registry changes. Please read my following blog explaining the
implications to a DC, why it causes harm to a DC, and how to workaround it
(registry and other changes), if you want to continue using this as a DC.
Ace
As Ace said a DC shouldn't run any other application, especially no web server,
Exchange or SQL. Additional you have also the 168.x.x.x as DNS server on
the NIC listed. So at least kick this out and maybe you are lucky, presonal
i think it wan't even if the wrong DNS is removed.
Best regards
>>>> rs \EnableProxy
Move the webservices to another server and use only one ip address for the
DC with the correct DNS servers, remove 168.x.x.x, on the NIC and your problems
with the new machine will go away, i am sure.
Or think about demoting that server to member server, IF the applications
are not effected with that step and you can leave ti multihomed for the web
service.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
That your DCs are not in sync belongs to the above listd problem with multihoming
and external DNS servers on the NIC.
If they are over the tombstone lifetime, what i assume about the time limit
error, the safest way is to kick out the machine, with the error listed,
with dcpromo or dcpromo /forceremoval and check the AD database, DNS , AD
sites and services etc. for old entries of it according to:
http://support.microsoft.com/kb/555846/en-us
Please run "repadmin /showrepl" and post the output here from both DCs.
Best regards
Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
- Plug the unplugged DC to the network again.
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MVP Directory Services
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Jason Huang" <JasonHu...@hotmail.com> wrote in message
news:uk9B9apj...@TK2MSFTNGP06.phx.gbl...
Yes, replace it with mycom.com. However, it's ok, you don't have to run it.
The ipconfig you posted is enough to diagnose it, as we already did, and you
have our recommendations to resolve it, one of which I agree with Meinolf is
to demote this machine to a member server and remove the DNS address
168.95.1.1.
Even if you delete the "(same as parent)" record, it will return
automatically. This is because the netlogon service is putting it back in.
That is one of the services running on the DC that ensures proper SRV
records are registered in DNS. However, since there are 10-15 addresses, the
service is registering all of them.
A web server should never be a DC. Any reason this machine is a DC? Is it
safe for you to demote it?
If you really want to keep it, as I mentioned earlier there are steps you
can perform to change a dmoain controller's default functionality that
include multiple registry changes. I forgot to post my blog link, which I
apologize. I posted it below. It shows you why this configuration is
detrimental on a DC, but if you want to keep it as a DC for whatever reason,
it shows steps to alter the configuration to work with multiple IPs,
multiple NICs and/or RRAS installed.
Multihomed DCs with DNS, RRAS, multiple IPs, and/or PPPoE adapters
http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx
I hope you find it helpful.
Ace
"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de>
???????:6cb2911dbcbd8...@msnews.microsoft.com...
"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de>
???????:6cb2911dbcba8...@msnews.microsoft.com...
A DC is the heart of the domain and should only run it's basic tasks, AD,
DNS, GC and maybe DHCP. Any additional application requires additional performance
or more important depending on the application/role lowers security setttings
on a DC. Also if you have the need to demote the DC you have to be sure that
the SQL instances will work after demoting or you have to move SQL to another
server at that time.
Make sure to have the replication problems solved/corrected before going
into deeper changes of the network.
In addition, a DC once promoted, disables write-behind cache on the drive
controllers. SQL uses this feature for performance and transactional
logging. Same with Exchange. Disabling write-behind cache on the controller
affects performance as well, and impacts SQL and Exchange processes, besides
the fact that disabling this feature may hinder recovering emails or
database transactions during a power outage shutdown, but AD needs this
feature. And this feature cannot be enabled on a DC. If you change it, the
DC puts it back automatically within seconds. The only exception to the rule
is on SBS server, wihch was designed to deal with this condition.
Ace
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MVP Directory Services
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Jason Huang" <JasonHu...@hotmail.com> wrote in message
news:uk9B9apj...@TK2MSFTNGP06.phx.gbl...
"Jorge Silva" <jorges...@hotmail.com>
???????:1F09260B-38FA-4CD2...@microsoft.com...
--
I hope that the information above helps you.
Have a Nice day.
Jorge Silva
MVP Directory Services
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Jason Huang" <JasonHu...@hotmail.com> wrote in message
news:OzV0xFzk...@TK2MSFTNGP02.phx.gbl...
Good to hear. :-)
Ace