A
Alan Franklin
Below is a snip from the netsetup.log when I was trying to join an alternate
boot XP-Pro workstation to a running Win2K domain.
07/22 22:39:29 NetpGetLsaPrimaryDomain: status: 0x0
07/22 22:39:29 NetpLsaOpenSecret: status: 0xc0000034
07/22 22:39:30 NetpManageMachineAccountWithSid: NetUserAdd on '\\FOASBS2K'
for 'FOA-XP1$' failed: 0x8b0
07/22 22:39:30 NetpManageMachineAccountWithSid: status of attempting to set
password on '\\FOASBS2K' for 'FOA-XP1$': 0x0
07/22 22:39:30 NetpJoinDomain: status of creating account: 0x0
07/22 22:39:30 NetpLdapBind: ldap_bind failed on \\FOASBS2K: 81: Server Down
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^
07/22 22:39:30 ldap_unbind status: 0x0
07/22 22:39:30 NetpSetDnsHostNameAndSpn: NetpLdapBind failed: 0x3a
07/22 22:39:30 NetpJoinDomain: status of setting DnsHostName and SPN: 0x3a
07/22 22:39:30 NetpJoinDomain: initiaing a rollback due to earlier errors
It is only a domestic network and I determined a workaround, but I do not
understand the underlying issue and hope that someone can enlighten me.
Aspects of the setup to be aware of.
1. Win2k server is sbs2000. Running ISA and RRAS.
2. Server has 3 nework cards, ISP-ADSL, 192.168.0.X and 192.168.1.X.
3. The 192.168.1.x is a direct network between the server and the client XP
machine. It's a couple of Intel XT/1000 gigabit cards with single cable
connecting them. The 192.168.0.x is a conventional small switched network.
4. The client machine already has Win2K-Pro running on it, connected to the
domain and all working, so I "knew" the fundamental setup was OK. XP is an
test alternate boot.
What I tried, and what "fixed" it.
The XP install went perfectly happily, IP addressses DHCP allocated and
updates acquired directly from the net. With a local machine login I could
see the rest of the network machines and shares. The trouble started when I
tried to join the machine to the domain. The authentication stages go
smoothly and it both created and found the machine account on the DC without
issue and then barfed at the last stage with a dialog stating that the
"Server could not perform the required operation" (or something close to
that). Some research on the NET led me to the netsetup.log (on the XP
machine) and its error report above. I could find nothing acknowledging a
problem on the server.
Some googling traced one other instance of this problem (in this newsgroup a
few months ago) but no solution.
Given the slightly unusual network setup I guessed at a routing issue.
So I unplugged the ISP connection and opened the firewall to ALL IP traffic
(in restrospect did not open all the packet filters...). No joy.
Disabled the ISA services. No joy.
Next I disabled the gigabit card, enabled the motherboard network adapter
and plugged that into the switch (putting the client on the 192.168.0.x
network. Now it joins the Domain without complaint. Now that it has joined
the domain, I disable the motherboard adapter and re-enable the gigabit card
and it all still works fine.
OK. So *something* seems to go on with LDAP when a machine joins a domain
that does not happen during normal operations. If I tried to change the
machine name I may encounter the problem again and I'd really rather
understand what is broken from the perspective of joining a domain and fix
the problem permanently than simply know a clunky workaround.
Can anyone explain what is going on from my problem and solution ?
TIA,
Alan.
boot XP-Pro workstation to a running Win2K domain.
07/22 22:39:29 NetpGetLsaPrimaryDomain: status: 0x0
07/22 22:39:29 NetpLsaOpenSecret: status: 0xc0000034
07/22 22:39:30 NetpManageMachineAccountWithSid: NetUserAdd on '\\FOASBS2K'
for 'FOA-XP1$' failed: 0x8b0
07/22 22:39:30 NetpManageMachineAccountWithSid: status of attempting to set
password on '\\FOASBS2K' for 'FOA-XP1$': 0x0
07/22 22:39:30 NetpJoinDomain: status of creating account: 0x0
07/22 22:39:30 NetpLdapBind: ldap_bind failed on \\FOASBS2K: 81: Server Down
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
^^
07/22 22:39:30 ldap_unbind status: 0x0
07/22 22:39:30 NetpSetDnsHostNameAndSpn: NetpLdapBind failed: 0x3a
07/22 22:39:30 NetpJoinDomain: status of setting DnsHostName and SPN: 0x3a
07/22 22:39:30 NetpJoinDomain: initiaing a rollback due to earlier errors
It is only a domestic network and I determined a workaround, but I do not
understand the underlying issue and hope that someone can enlighten me.
Aspects of the setup to be aware of.
1. Win2k server is sbs2000. Running ISA and RRAS.
2. Server has 3 nework cards, ISP-ADSL, 192.168.0.X and 192.168.1.X.
3. The 192.168.1.x is a direct network between the server and the client XP
machine. It's a couple of Intel XT/1000 gigabit cards with single cable
connecting them. The 192.168.0.x is a conventional small switched network.
4. The client machine already has Win2K-Pro running on it, connected to the
domain and all working, so I "knew" the fundamental setup was OK. XP is an
test alternate boot.
What I tried, and what "fixed" it.
The XP install went perfectly happily, IP addressses DHCP allocated and
updates acquired directly from the net. With a local machine login I could
see the rest of the network machines and shares. The trouble started when I
tried to join the machine to the domain. The authentication stages go
smoothly and it both created and found the machine account on the DC without
issue and then barfed at the last stage with a dialog stating that the
"Server could not perform the required operation" (or something close to
that). Some research on the NET led me to the netsetup.log (on the XP
machine) and its error report above. I could find nothing acknowledging a
problem on the server.
Some googling traced one other instance of this problem (in this newsgroup a
few months ago) but no solution.
Given the slightly unusual network setup I guessed at a routing issue.
So I unplugged the ISP connection and opened the firewall to ALL IP traffic
(in restrospect did not open all the packet filters...). No joy.
Disabled the ISA services. No joy.
Next I disabled the gigabit card, enabled the motherboard network adapter
and plugged that into the switch (putting the client on the 192.168.0.x
network. Now it joins the Domain without complaint. Now that it has joined
the domain, I disable the motherboard adapter and re-enable the gigabit card
and it all still works fine.
OK. So *something* seems to go on with LDAP when a machine joins a domain
that does not happen during normal operations. If I tried to change the
machine name I may encounter the problem again and I'd really rather
understand what is broken from the perspective of joining a domain and fix
the problem permanently than simply know a clunky workaround.
Can anyone explain what is going on from my problem and solution ?
TIA,
Alan.