Help required

mishy · March 2008

sorry to bother you but I need a bit of help to connect my pc to domain. Here is a list of what I have and the questions below. Sorry about the questions but the 290 Microsoft press does not provide any info on configuring a server most of the items have been skipped.

1 pc with Win 2003 server enterprise named Server01 with Domain called Contoso.com
2 pc with XP Pro with SP2
1 8 port switch
1 wireless router connected to broadband modem

The Server01 has 1 NIC card so I have connected that to port 2 on the switch and I have also connected the wireless router using ethernet to the uplink port for the switch and then plugged my 2 XP pro computers to the switch using the available ports.

On Server01 in the contoso domain I have added the computer names to the domain and also created user accountso n the domain and created a dhcp scope of 192.168.0.10-254 and allocated the server01 a static IP of 192.168.0.10 and a default gateway of 192.168.1.1 which is provided by the wireless router.I installed an active directory. I installed a dhcp server and Dns forwarder. I have not changed anything on the xp pcs besides try to join them to domain and failed. I have disabled the firewall on server01.

I have verified that the DHCP, AD, User accounts, Computer Accounts are there in the Contoso.com domain under the admin tools section.

I went through to system properties-change- join to domain- entered domain name- then a box came up whereby I had to enter a username and password and I entered the user details I had created on Server01 but I keep getting wrong username or bad password.

Am I doing something wrong or is there something I need to setup on the XP or Server01?
Should I disable DHCP server+ DNS on my wireless Router?
How can I make all my connections by the XP pcs go through the Server01?
Why am I getting error message when the user accounts are valid and passwords in the Contoso Domain?
How can I create a subnet mask so I can carry on using my wireless internet whilst tinkering around with the DC and XP pcs?

pryde7 · March 2008

Which password/username are you using?
It must be the domain administrator account of the server not the local computer or user account.
Note that only an account with domain administrator priviledges can join a client to a domain.

I think your Ip address scope is wrong, if the router is the dhcp server with 192.168.1.1, how come you use 192.168.0.0 network for ip addressing. You have just one network segment so use the same subnet, the router in your scenario is just for internet connectivity.

ajs1976 · March 2008

check the IP config on the computers. What are the IPs and DNS settings?

sprkymrk · March 2008

misheckmberi wrote:

Why am I getting error message when the user accounts are valid and passwords in the Contoso Domain?

When you create the computer account, first try joining it to the domain with a domain admin account to eliminate any errors there. When it comes time to join the computer to the domain, don't just use "username", but use the syntax:

Contoso\username

Aslo, unless you just typed it wrong, your ip scheme has a couple of problems. First, as pryde7 pointed out your default gateway is on another subnet, which won't work when it comes time to connect to the Internet. That shouldn't affect your computers communicating the DC though (especially since you are being prompted for a username/password).

Second, you created a scope in DHCP of 192.168.0.10-254, but then stole one of those and hard coded it on your DC (192.168.0.10) which could cause a conflict if the DHCP server tries to assign 192.168.0.10 to a client. Change your server's IP to something between 2-9, and then use .1 for your gateway (192.168.0.1, not 192.168.1.1) or change the scope to 11-254 to avoid messing up SRV records in DNS and leave the DC as 192.168.0.10.

misheckmberi wrote:

Should I disable DHCP server+ DNS on my wireless Router?

Well for AD you should run DNS on your DC but just have it use the router as a forwarder. Make sure your clients point to your DC and not the router. It sounds like you already have it set up correctly or you wouldn't get prompted for a username and password when joining the domain. You'd get a message "domain not found" or something similar. DHCP is entirely up to you, just don't run it on both at the same time.

misheckmberi wrote:

How can I make all my connections by the XP pcs go through the Server01?

You would need a second NIC in the server and turn on RRAS. Then you need to connect one NIC and all your clients to the switch, and connect your second NIC to another switch that is connected to the router (or use a crossover cable and connect the second NIC directly to the router). I wouldn't do this though, it's not something a DC is meant for, and having a second NIC can make DNS a little hairy.

mishy · March 2008

I will try joining the computers using a domain account. Thanks for all your help. I will let you know soon.

sprkymrk · March 2008

Okay, good luck!

mishy · March 2008

I am still getting the wrong username or bad password even though I have created a username and password in the domains account group.

sprkymrk · March 2008

Did you specify domain\usename at the prompt? In other words, did you create an AD account (not local) and then when prompted enter the domain name, followed by a slash, followed by the username?

So in ADUC you create a user "Jimmy". Make him a domain admin (for this excersize) so you don't have to change the default "Domain Administrators" for adding the computer to the domain. Assuming your domain is "Contoso", then when you change from a workgroup to a domain on the computer, you would specify this at the prompt:

contoso\jimmy

Also make sure you logged in as a local admin on the workstation.

mishy · March 2008

the first screen that comes up in computer properties is the one with 2 options

Member of

Domain or work group and I clicked on Domain and entered contoso because everything I have tried seems to fail.

That brings me to enter username when I enter a user in the Domain Admin just as eg. jimmy password *********** I get wrong or bad usename. I have also tried username of contoso\jimmy and I still get wrong username or password. I have created the account in the admin under the contoso domain.

dynamik · March 2008

Haha. He PM'd me too. I didn't know this was a real thread. Here's my response if it adds anything to the discussion. Next time just PM me the thread link. That would have saved me some typing

misheckmberi wrote:

I went through to system properties-change- join to domain- entered domain name- then a box came up whereby I had to enter a username and password and I entered the user details I had created on Server01 but I keep getting wrong username or bad password.

Look at the default domain contollers security policy and check this setting: Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Add workstations to domain

By default, any authenticated user should be able to join 10 computers to the domain, so I'm not sure why you're having problems.

Maybe you need to join them with the account that created them computer objects in active directory.

Try using an account in the domain and/or enterprise administrators group.

If all else fails, delete the computer objects and try joining the computers again. The computer objects will be created automatically. The reason it's sometimes best to create computer objects ahead of time is that you can place them in a specific OU, so they will receive security settings, etc. immediately. Otherwise they just go in the computers container.

misheckmberi wrote:

Should I disable DHCP server+ DNS on my wireless Router?

I would disable DHCP on either your router or in Server 2003. You don't need both, and you might get some weird addressing problems if you keep them. I'd just go with the DHCP server on your right and disabled it on 2003. You can do all the DHCP configuration exercises in 2003, just don't authorize the server and/or activate the scope. If you want to disable it on your router and keep it on Server 2003, go ahead. It's up to you.

The DNS on your router points to your ISP's DNS servers, correct? And those are the servers you've set DNS in Server 2003 to forward too?

How did you setup DNS on Server 2003? Did you have it configured automatically during the AD promotion? If not, you either need to demote and re-promote it and choose that option, or run the netdiag /fix command after installing the support tools off the CD (they're located in [cd]:\support\tools\ on the cd, I believe).

What have you set your DNS servers to on your client machines. They absolutely have to point to your Server 2003 machine because that's the only way they can find the SRV record that refers them to domain controllers. You can't join a machine to a domain, log on to the domain, etc. without that record.

misheckmberi wrote:

How can I make all my connections by the XP pcs go through the Server01?

Do you just want to connect to the server or do you literally want all your connections to go through the server for things like network traffic monitoring? If you just want to connect to it, your setup is fine. If you want traffic to flow through it, do this [2 computers] > [switch] > [nic1] - [server] - [nic2] > [router]. And you'll need to install RRAS on Server 2003. I think that's more than you're ready for, but it'll be a fun exercise later on when you work with RRAS and network monitor.

misheckmberi wrote:

Why am I getting error message when the user accounts are valid and passwords in the Contoso Domain?

I think I covered this already. Give the above suggestions a shot and let me know.

misheckmberi wrote:

How can I create a subnet mask so I can carry on using my wireless internet whilst tinkering around with the DC and XP pcs?

You don't need to do anything special. You can use a basic 192.168.x.x address with a 255.255.255.0 subnet mask. Also, be sure to give your server a static IP. I forgot to mention this above, and be sure that that address is excluded from your DHCP pool, so you don't get any conflicting addresses. i.e. make your server 192.168.1.2, leave your gateway/router as 192.168.1.1, and setup a dhcp pool on your router for something like 192.168.1.100-192.168.1.199. Obviously you don't need a hundred address, but the point is to keep your server outside of that range. Using 192.168.0.x and 192.168.1.x just complicates things. Just keep everything on 192.168.1.x (or 0.x, it doesn't matter, just keep it consistent).

pryde7 · March 2008

I recommend you take it simple or perhaps like a beginner.

- Disconnect your router from the switch. I suggest you bring in the router when your small network test ok except you opt to use it as the dhcp server. (perhaps you may not be able to change dhcp settings on the router to reserve ip if its a low end comsumer stuff)

- Try using your three computer (ie server, and 2 XP machines) in a workgroup first.

- If it works fine, then proceed to switch to a domain.

- Make the ip addressing scheme simple if you're not good subnetting and get the network running before you can start obsessing about it.

mishy · March 2008

I have created a domain admin account and tried the same thing but I still I get the same error message. I have stopped thinking about the dhcp scope and connected both computers to my wireless router and tried joining them to the domain first before playing around with anything but I still get the same error wrong username.

Do you mean I should create an admin account on server01 and then use that as the username and password? ( Not a Domain Admin Account or Domain User or Domain Contoller because I have tried all these accounts and failed)

I am begining to think its authentication settings on Server01 because Iam sure I am using a correct username and password.

Should I not change the way users logon on the XP computers.

All I want to do now is just connect the computer to the domain and then the rest I will learn as I go.

sprkymrk · March 2008

I asked this earlier but didn't know if you saw it:

Are you first logging into the computer as the local admin? In other words, while the computer is still in the workgroup, you have to log on with a local administrator account.

Also, if you rename the computer while it is in a workgroup, you must reboot before trying to join it to the domain. Don't rename it AND try to join a domain at the same time. Reboot in between.

mishy · March 2008

My computer is already called misheck1 and has computer account on the contoso domain. I have logged on the computer as an administrator and tried to join it to domain and when asked for a username and password I have entered one that is in The domain controller, domain admin, admin and user and all these have failed with same result wrong username and password. The only thing I have noticed is that when I try to join to domain under system properties and change name and when I select domain and enter contoso.com that comes up with domain controller not found but when I enter contoso which on the server01 pc is the Netbios for computers before XP thats accepted and proceeds me to the next screen where I have to enter a username and password and thats where I get all the error messages. I have tried entering the usernames as contoso\username then password and thats failed too. I have also tried contoso.com\username and thats also failed.

Is there not a setting I should enable on the server01 so it can allow computers to join to domain because this the first computer I am trying to join to the domain after re-installing the Windows server and also creating an AD?

pryde7 · March 2008

Does your computers communicate in a simple workgroup?

If you lack connectivity from phyical cabling to wrong network settings and trying to create a domain will be elusive.
I recommend you start with simple workgroup, ping the various nodes and ensure that there is network link and connectivity.

From there on you can move to a domain and will be able to pin point exactly where the problem is.
As I said before use only your switch first. Add the router when the network is up and running.
Note: the error message domain not found can be due to many things
- wrong spelling
- wrong network configuration
- physical cabling etc.

sprkymrk · March 2008

misheckmberi wrote:

My computer is already called misheck1 and has computer account on the contoso domain. I have logged on the computer as an administrator and tried to join it to domain and when asked for a username and password I have entered one that is in The domain controller, domain admin, admin and user and all these have failed with same result wrong username and password. The only thing I have noticed is that when I try to join to domain under system properties and change name and when I select domain and enter contoso.com that comes up with domain controller not found but when I enter contoso which on the server01 pc is the Netbios for computers before XP thats accepted and proceeds me to the next screen where I have to enter a username and password and thats where I get all the error messages. I have tried entering the usernames as contoso\username then password and thats failed too. I have also tried contoso.com\username and thats also failed.

Is there not a setting I should enable on the server01 so it can allow computers to join to domain because this the first computer I am trying to join to the domain after re-installing the Windows server and also creating an AD?

It should work....
Have you changed any settings in Domain Controller Security Policy or anything, such as LAN Manager Authentication Level or Digitally Sign Communications? Encrypt Secure Channel Data? Any of the Network Access settings? In other words, have you changed anything in the Security Policy from the default setting?
It doesn't seem to be a network problem since you already stated you can ping and also just the fact that it finds the domain and prompts you for a password. That leads me to believe it's one of the security settings. I'll post back later if I can think of anything else.

mishy · March 2008

I have almost lost hope of even studying for the exam because I cannot join a computer to domain.

I can ping the domain, I can nslookup the domain but I still cannot join the domain. I still get wrong username or password. I have checked and reset the password numerous times but I still get the wrong password.

I have manged to setup the dhcp server scope on the domain and Ican assure that the IP address on my XP computer is the one allocated by the domain so it show the connectivity is there but when it comes to joining the domain I simply cant join the domain.

I still get the wrong username and password.

dynamik · March 2008

Can you please post your TCP/IP configuration for all your machines?

Also, if you create a share on the server, can you access it with the username/password that's currently not being allowed to join the machine to the domain?

hetty · March 2008

misheckmberi wrote:

I have almost lost hope of even studying for the exam because I cannot join a computer to domain.

I can ping the domain, I can nslookup the domain but I still cannot join the domain. I still get wrong username or password. I have checked and reset the password numerous times but I still get the wrong password.

I have manged to setup the dhcp server scope on the domain and Ican assure that the IP address on my XP computer is the one allocated by the domain so it show the connectivity is there but when it comes to joining the domain I simply cant join the domain.

I still get the wrong username and password.

Did you change the NetBIOS name in the installation by any chance? Otherwise if its a lab server, Id wipe it, start again if your having so much trouble. Easiest way IMO.

mishy · April 2008

I finally managed to connect I had almost given up my studies because the first section of the MCSA 290 press book needs you to monitor remote computers and domain computers and I could not join a computer to domain so I did not want to start studying without any practical lab to use.

Anyway this is what I had to do to join the domain, I went to my computer system properties entered the computer name, and clicked join the domain and when prompted to enter username and password I had to enter the username and password of the adminstrator of the computer with Server2003 and not the administrator account I had created in the domain as what I had assumed. I have spoken to someone about what I have done and is surprised that I had to use an admin account on the computer not the one in the domain.

The fact that I could ping and also nslookup the domain and also do the same on the server to the target pc and that the ip address of the joining computer was within the scope I had made in the domain meant I had connectivity to the domain. After having tried everything that I could think of I tried using the server pc admin username and password.

Thanks for the help and persistance I was getting tired myself asking more questions and thanks for the great forum I shall login more often and also help others where possible.

Help required

Comments