computer can't join domain

[Japhy]

hello,
I have windows 2000 server with dns and active directory (just set up).
I have added computer and user account for a workstation in AD.
I have added a host record for the workstation in dns.
I have pointed the workstation's dns to the server ip address.
On the workstation I go to "computer name" in system properties and try
to join the domain.
I get the following error :
"Your computer could not be joined to the domain because the following
error has occurred:
the network name cannot be found."
Can someone help me troubleshoot?
thanks,
Japhy
BTW, at first I couldn't ping the workstation from the server. Then I
added icmp to the Windows Firewall on the workstation. Now I can ping.
Is this an acceptable setup? Or a security risk.

 

[Jorge Silva]

Hi

1 - Check the following:

- Make sure that every domain controller has its DNS properties under NIC
configuration pointing to itself. (If DC IP Address is 10.0.0.1 then Dns
should be 10.0.0.1).



- Make sure that every DNS server can resolve all domains in the forest.
(Use Forwarding, Stub Zones or Secondary Zones).



- Make sure that all clients Only uses the local(s) Dns Server.



How Domain Controllers Are Located in Windows

http://support.microsoft.com/kb/247811/

DNS Conditional Forwarding in Windows Server 2003

http://www.windowsnetworking.com/ar...tional_Forwarding_in_Windows_Server_2003.html

DNS Stub Zones in Windows Server 2003

http://www.windowsnetworking.com/articles_tutorials/DNS_Stub_Zones.html

How To Create a Child Domain in Active Directory and Delegate the DNS
Namespace to the Child Domain

http://support.microsoft.com/kb/255248/



----------------------------------------------------------------------------------------------------------------------------

2 - If 1 doesn't work, then you can try to rebuild Dns:



* Delete the forward zone and the reverse lookup zone

*go to the %systemroot%\system32\dns - delete any old zone that you may have
there.

*delete the files netlogon.dnb and netlogon.dns from
%systemroot%\system32\config

*create the forward lookup zone and the reverse lookup zone make them AD
integrated, for security purposes make sure that the zones only accept
secure only - updates.

*restart the netlogon service, confirm the creation of the files
netlogon.dnb and netlogon.dns on %systemroot%\system32\config

*run ipconfig /registerdns

*run netdiag /fix

* Follow all configuration steps described in step 1

----------------------------------------------------------------------------------------------------------------------------


--
I hope that the information above helps you

Good Luck
Jorge Silva
MCSA
Systems Administrator