Win Server 2k3: Can't add computers to the domain HELP!

[Rapier21]

This is only my first time setting up a server from scratch, so I only have half an idea of what I'm talking about. I've got Windows Server 2003 and I'm running a domain controller, dns, dhcp and wins server on a single computer (for a small network). My problem is that when I go to add a computer to the domain (a winxp pro computer) I get the error message "The following error occured when trying to join the domain "[my domain]": The specified server cannot perform the requested operation". Then when I go back to the server, the account (computer object) of the computer I was trying to add has been disabled. Also, when I check the event viewer on both the server and client computer, nothing is there that indicates a failure of any kind during the times I'm trying to add the computer. I've tried deleting the comptuer account and re-creating it, resetting the account, or just re-enabling the account, and nothing is working.

Also, I suspect my DNS is not set up correctly because the client computers can't get to the internet. Of course, they aren't part of the domain, but they shouldn't need to be. I have 2 nic's in my server: one goes to my dsl modem and the other goes to the uplink port of a Linksys switch. The other ports in the switch are populated by the ethernet cables for the other client computers. I don't have an internet domain name for my server. I ran the "Configure a DNS Server Wizard" and selected "Create forward and reverse lookup zones", then filled in all the info. For the zone name, I just put my domain's name, since this server isn't authoritative for anything higher up. Was this a mistake? Do I use my ISP's domain, i.e. [domain name].gateway.2wire.net?

Any suggestions would be greatly appreciated.

 

[cleverhandle]

Originally posted by: Rapier21
Also, I suspect my DNS is not set up correctly because the client computers can't get to the internet. Of course, they aren't part of the domain, but they shouldn't need to be. I have 2 nic's in my server: one goes to my dsl modem and the other goes to the uplink port of a Linksys switch. The other ports in the switch are populated by the ethernet cables for the other client computers.

Ugh... this is a pretty hacky setup. You really need to make sure your basic networking issues are resolved before you think about setting up a domain. If your IP and DNS aren't working properly, you're going to hit all kinds of problems. First off, you can't just uplink the switch to the server and expect it to work. If you're going to share the connection through the server, it needs to be configured for Internet Connection Sharing (Routing) and NAT. But even doing that is not a great idea - you're going to end up dealing with multiple subnets, which isn't going to make things any easier. If you want to learn about domains, make your life simple and buy a DSL router. Or forget about domains, skip the router, and learn how to implement routing, subnetting, and DNS. But doing it all at once is not going to be productive.

I don't have an internet domain name for my server. I ran the "Configure a DNS Server Wizard" and selected "Create forward and reverse lookup zones", then filled in all the info. For the zone name, I just put my domain's name, since this server isn't authoritative for anything higher up. Was this a mistake? Do I use my ISP's domain, i.e. [domain name].gateway.2wire.net?

The safe bet is to pick some bogus domain name that's short and isn't taken. That way, if some packets escape from your little network into the outside world, you won't be pissing anybody off. Create a forward zone for that domain on the DNS server. You don't absolutely have to create a reverse zone, but it's generally a good thing.

Any suggestions would be greatly appreciated.

Make darn sure you understand IP addressing and DNS and have a basically functioning network before you create a domain. Windows networking looks easy enough that any idiot could do it by clicking buttons, but that beauty is only skin deep.

edit: typo, and more typos...

 

[bozo1]

If DNS isn't working properly, AD won't work properly. To add a computer to the domain, AD has to be working and DNS needs to be working and configured to allow dynamic updates.

Poke around on Microsoft's support page - there are a couple of articles on how to test your DNS and AD to see if they are working properly.

 

[Rapier21]

I played around with the DNS settings and enabled this one service that is not started automatically by default but that you need (per MS instructions), and now I can add my computer to the domain. All domain functions work fine: AD, group policy, DHCP, WINS, and I assume DNS as well. And I can get out to the Internet. I have configured NAT and routing but not Internet Connection Sharing. When I tried to enable that it said that you can't have both that and routing enabled at the same time, so I just left it alone.

HOWEVER, I still cannot add other computers...I am getting the same error. I tried going through the security settings, services, and other admin tools settings for my computer and these other computers and checked that everything was the same, but still no go. The only thing I can think of is that these other computers belong to my roommates and have been running XP pro as it was configured from their OEM manufacturer whereas I format and fresh install XP from the cd. Or is this still DNS related? I would think that it has something to do with the client computers since one computer works fine but others don't. But I don't know.