XP prof. PCs cannot join windows 2000 domain

[=?iso-8859-1?Q?Harou_Rab=E9?=]

I upgraded my NT4.0 PDC to win2k AD domain. The whole
system with its former single label domain was running
smoothly under the new win2k AD domain with an NT4.0
backup DC. Some client PCs running windows XP
professional are now unable to join the domain again once
I remove them from it.
DNS configuration seems to be OK as regard IP adress and
domain name. But when I remove one of the XP pro based PC
and try to get it back joining the domain I get the
following error message:
A domain controler for the domain <<mydomainname>> could
not be contacted.

The details button displays theses explanations:

Note: This information is intended for a network
administrator. If you are not your network's
administrator, notify the administrator that you received
this information, which has been recorded in the file
C:\WINDOWS\debug\dcdiag.txt.

The following error occurred when DNS was queried for the
service location (SRV) resource record used to locate a
domain controller for domain <<mydomainname>>:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for
_ldap._tcp.dc._msdcs.<<mydomainname>>

Common causes of this error include the following:

- The DNS SRV record is not registered in DNS.

- One or more of the following zones do not include
delegation to its child zone:

<<mydomainname>>
.. (the root zone)

For information about correcting this problem, click Help.

<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

 

[Herb Martin]

This is almost always a DNS issue; things to check/confirm:

1) Dynamic DNS
2) DCs pointed at this dynamic DNS in their own client
properties (NIC\IP\DNS Server)
` 3) Client machines pointed at this dynamic DNS in their
client properties (NIC\IP\DNS Server)
4) No other dns servers listed on either servers or clients
(If you need Internet resolution let the DNS server do
that -or- forward to another DNS server which can.)

If you change "dynamic" status or server settings, then restart
NetLogon service on ALL DCs to register with DNS ("ipconfig
/registerDNS" only works for "client-type" settings and not for
DC stuff.)

 

[Ace Fekay [MVP]]

In

Thanks for your post,

I checked all 4 points.

1. Dynamic DNS is enabled.

2. DCs point at this dynamic DNS (actually I have two
DCs, the win2k as a primary and an NT4.0 as a backup.
This backup DC is currently down.) The Dinamic DNS host
points to itself as DNS server and I indicated my ISP's
DNS IP adress as forwarder.

3. Client PCs point to this dynamic DNS server.

4. Only this dynamic DNS server's IP adress is listed as
DNS server on all client PCs

But I still cannot join the domain from the client PCs.
I'm getting the message indicating that a domain
controler for the domain could not be contacted. The
details button display this:

---------------------------------------
Note: This information is intended for a network
administrator. If you are not your network's
administrator, notify the administrator that you received
this information, which has been recorded in the file
C:\WINDOWS\debug\dcdiag.txt.

DNS was successfully queried for the service location
(SRV) resource record used to locate a domain controller
for domain icrisatsc.org:

The query was for the SRV record for
_ldap._tcp.dc._msdcs.icrisatsc.org

The following domain controllers were identified by the
query:

icrisatsc0.icrisatsc.org

Common causes of this error include:

- Host (A) records that map the name of the domain
controller to its IP addresses are missing or contain
incorrect addresses.

- Domain controllers registered in DNS are not connected
to the network or are not running.

For information about correcting this problem, click Help.


---------------------------------------------

I'm now becoming impatient on how to solve the problem.
Any additionnal help will be appreciated.


Thanks

Rabé

Is your Active Directory DNS name a single label name? I'm not referring to
the NetBIOS name. Check your ADUC console for the name that shows up. Single
label names cause problems with W2k and newer machines.

What service pack?

Also if you can provide an unedited ipconfig /all, it will be helpful in
diagnosing this.

More info on a bandaid if you have a single label DNS name:

300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names [needs the domain.com name and cannot be
just --domain--]:
http://support.microsoft.com/?id=300684



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Herb Martin]

Sounds like you have it covered so let me ask what Ace
always remembers:

What is you domain name? You don't perchance have a
"single tag" domain name like "domain" instead of (at least)
two tags like "domain.com" do you?

What does DCDiag (from CDROM Support Tools) and
NetDiag on the other machines show you?

Use them and send output to a file, then search the file for
FAIL, WARN, and IGNORE; post the file here if you see
problems.

[I will be busy for a bit but someone will likely help -- you
might consider starting a new thread if no one answers.]

--
Herb Martin



Thanks for your post,

I checked all 4 points.

1. Dynamic DNS is enabled.

2. DCs point at this dynamic DNS (actually I have two
DCs, the win2k as a primary and an NT4.0 as a backup.
This backup DC is currently down.) The Dinamic DNS host
points to itself as DNS server and I indicated my ISP's
DNS IP adress as forwarder.

3. Client PCs point to this dynamic DNS server.

4. Only this dynamic DNS server's IP adress is listed as
DNS server on all client PCs

But I still cannot join the domain from the client PCs.
I'm getting the message indicating that a domain
controler for the domain could not be contacted. The
details button display this:

---------------------------------------
Note: This information is intended for a network
administrator. If you are not your network's
administrator, notify the administrator that you received
this information, which has been recorded in the file
C:\WINDOWS\debug\dcdiag.txt.

DNS was successfully queried for the service location
(SRV) resource record used to locate a domain controller
for domain icrisatsc.org:

The query was for the SRV record for
_ldap._tcp.dc._msdcs.icrisatsc.org

The following domain controllers were identified by the
query:

icrisatsc0.icrisatsc.org

Common causes of this error include:

- Host (A) records that map the name of the domain
controller to its IP addresses are missing or contain
incorrect addresses.

- Domain controllers registered in DNS are not connected
to the network or are not running.

For information about correcting this problem, click Help.


---------------------------------------------

I'm now becoming impatient on how to solve the problem.
Any additionnal help will be appreciated.


Thanks

Rabé

 

[Herb Martin]

See what I mean -- Ace always remembers the Single
Tag name.

Good job, brother.

<grin>

"Ace Fekay [MVP]"

In

Thanks for your post,

I checked all 4 points.

1. Dynamic DNS is enabled.

2. DCs point at this dynamic DNS (actually I have two
DCs, the win2k as a primary and an NT4.0 as a backup.
This backup DC is currently down.) The Dinamic DNS host
points to itself as DNS server and I indicated my ISP's
DNS IP adress as forwarder.

3. Client PCs point to this dynamic DNS server.

4. Only this dynamic DNS server's IP adress is listed as
DNS server on all client PCs

But I still cannot join the domain from the client PCs.
I'm getting the message indicating that a domain
controler for the domain could not be contacted. The
details button display this:

---------------------------------------
Note: This information is intended for a network
administrator. If you are not your network's
administrator, notify the administrator that you received
this information, which has been recorded in the file
C:\WINDOWS\debug\dcdiag.txt.

DNS was successfully queried for the service location
(SRV) resource record used to locate a domain controller
for domain icrisatsc.org:

The query was for the SRV record for
_ldap._tcp.dc._msdcs.icrisatsc.org

The following domain controllers were identified by the
query:

icrisatsc0.icrisatsc.org

Common causes of this error include:

- Host (A) records that map the name of the domain
controller to its IP addresses are missing or contain
incorrect addresses.

- Domain controllers registered in DNS are not connected
to the network or are not running.

For information about correcting this problem, click Help.


---------------------------------------------

I'm now becoming impatient on how to solve the problem.
Any additionnal help will be appreciated.


Thanks

Rabé

Is your Active Directory DNS name a single label name? I'm not referring to
the NetBIOS name. Check your ADUC console for the name that shows up. Single
label names cause problems with W2k and newer machines.

What service pack?

Also if you can provide an unedited ipconfig /all, it will be helpful in
diagnosing this.

More info on a bandaid if you have a single label DNS name:

300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names [needs the domain.com name and cannot be
just --domain--]:
http://support.microsoft.com/?id=300684



--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory

 

[Ace Fekay [MVP]]

In

See what I mean -- Ace always remembers the Single
Tag name.

Good job, brother.

<grin>

Thanks.
Seems to be the error du jour lately in conjunction with SP4.


--
Regards,
Ace

Please direct all replies to the newsgroup so all can benefit.

Ace Fekay, MCSE 2000, MCSE+I, MCSA, MCT, MVP
Microsoft Windows MVP - Active Directory