can't join windows 2003 server to NT 4 domain

Discussion in 'Server Networking' started by Eric Payne, Feb 17, 2004.

  1. Eric Payne

    Eric Payne Guest

    I am in the process of migration to windows 2003 domain, but I am still
    currentlly on a windows nt4.0 domain.
    I have 2 new dell servers with windows 2003 installed and joined to the nt
    domain.
    These 2 new dell server will eventually be 2003 AD controllers.
    One of the servers installed windows 2003 just fine and properly joined the
    domain without a problem.
    The other server, however, is have a problem joining the domain.
    I named the servers DC01 and DC02
    DC01 is having the problem, and DC02 is working just fine.
    I get the standard error message when trying to joing DC01 to the nt 4.0
    domain

    "The specified domain does not exist or could not be contacted."

    After a little messing around I eventually found out if I rename the DC01
    server to DC04 I can successfull log on to the domain.
    After talking with a few of the other network administrators I found out
    that about 2 years ago there was a test domain server that was called DC01.
    So I tried to find DC01 in wins and in DNS an removed it if I found it.
    I did a domain sync and waited about 30 minutes, and then I could rename the
    server back to DC01 and it could log on to the domain.

    Now is the real quesiton.
    I try to use My Network Places and view the entire network.
    There are two problem.
    1st, I see an extra domain that was the test domain that the DC01 was in 2
    years ago and I don't know how to get rid of it.

    2nd and more important, I see my windows nt 4 domain but I can not access
    it. I get the
    following error

    Domain Name is not accesssable. You might not have permissions to use the
    network resource. Contact the administrator of the server to find out if you
    have access permissions.
    The list of server for this workgroup is not currently avialable.

    Could there still be something on the domain that needs to be removed first?
    Where would I find this information?

    Thank you
     
    Eric Payne, Feb 17, 2004
    #1
    1. Advertisements

  2. since you have a domain, I am assuming you have a WINS server, so check the
    WINS settings or records.

    --
    For more and other information, go to http://www.ChicagoTech.net

    Don't send e-mail or reply to me except you need consulting services.
    Posting on MS newsgroup will benefit all readers and you may get more help.

    Robert Lin, MS-MVP, MCSE & CNE
    Networking, Internet, Routing, VPN, Anti-Virus, Tips & Troubleshooting on
    http://www.ChicagoTech.net
    This posting is provided "AS IS" with no warranties.
     
    Robert L [MS-MVP], Feb 17, 2004
    #2
    1. Advertisements

  3. Eric Payne

    Eric Payne Guest

    This server is pointing to our 1 and only WINS server, and I can not find
    any more records that point to DC01, yet I still can't join the domain.
    Any other suggestions?

    Thank you.
     
    Eric Payne, Feb 17, 2004
    #3
  4. Hi Eric,

    The error you are seeing basically means the domain name 1c
    group name cannot be resolved in WINS. Open a dos prompt
    after receiving the error and run nbtstat -c. Do you see the 1c
    name in the cache without conflict and pointing towards an NT
    DC? You have to reproduce the error by attempting to access
    it in My Network Places before running the command because
    the cache will not be populated by WINS until a connection
    attempt is made. By default the names stay in the cache for 600
    secs or 10 minutes. Look at the TTL value in the cache if there
    are any with -1 then you have entries in the lmhosts file being
    preloaded into the cache.

    Is it possible there is a machine on your network registering
    DC01 as workgroup e.g., a Win 9x machine? What happens
    if you double click on the old domain DC01 in network places?
     
    Michael Giorgio - MS MVP, Feb 17, 2004
    #4
  5. Michael Giorgio - MS MVP, Feb 17, 2004
    #5
  6. Eric Payne

    Eric Payne Guest

    Michael,

    After trying to rejoing the domain and getting that same error, I ran the
    nbtstat -c command and I do see the 1c name for my domain and it is pointing
    to our NT PDC, life is 532, I only see one other entry and it is a 1b type
    pointing to our NT PDC, life 537.

    We have no Wind 9x on our network, only windows 2000 and windows xp.

    As far as you last note, "What happens if you double click on the old
    domain".
    I can't even see this domain right now, the only way I can is if I change
    the name of the server, then I can join the domain, then in network places I
    will see this second domain.
    I talking so more with other network people here, this second domain was NOT
    were DC01 was, this second domain was a web server in a DMZ.

    So to explain my problem correctlly:
    I have a server name DC01 when trying to join a windows NT domain I get the
    error "The specified domain does not exist or could not be contacted."
    I have a second server (exact same type of machine as DC01) called DC02 that
    had no problem joining the domain.
    If I rename DC01 to DC0x (anything other that DC01) I can join the domain,
    and everything works fine. (I almost want to leave it in this state, because
    there is no problems, but I need the name to be DC01).
    But I don't want to keep that name, I would like to use DC01, so after I
    have joined the domain with this temp name, I can change it to DC01 and
    reboot.
    When the server first comes up to log on, I enter in the Domain Admin user
    ID and password but it doesn't take it right away, i get the error message
    of a domain controller is not avialable, try agian later. If I wait about 5
    minutes I can sign on with the exact same ID and password.
    When I try to open my network places, it hangs for a while, but it will
    eventually come up.
    I see 2 domains in network places (one doesn't even exist anymore) and my
    windows NT domain.
    When I try to click on my windows NT domain, I get this error
    "Domain Name is not accesssable. You might not have permissions to use the
    network resource. Contact the administrator of the server to find out if you
    have access permissions. The list of server for this workgroup is not
    currently avialable."

    I have 2 WINS servers (I didn't originally know about the second one), One
    on our PDC and one on our BDC.
    I have looked in these servers for old records pointing to either DC01 or to
    the old domain, and I can not find any records (unless they were the ones
    that were just created for renaming the computer back to DC01).


    After writting this long post, I notice that there was a trust setup to this
    old domain, I verified and removed this trust, Now I no longer see this in
    network places, but I still have the problem of
    1.) Can't join the domain as DC01
    2.) Can join under a different name, and the rename back to DC01, but can't
    browse my NT domain.


    Thank you.
     
    Eric Payne, Feb 18, 2004
    #6
  7. Eric Payne

    Eric Payne Guest

    This is still a problem.
    I have to have this server ready by friday.
    I am to the point of just name the server something other than DC01, but
    this would mess some things up, and I would like to avoid that.

    Please help, thank you.
     
    Eric Payne, Feb 18, 2004
    #7
  8. The main problem here Eric is that the error message
    you are receiving "Domain cannot be contacted" has
    little to do with the name of the machine. That particular
    error is related to name resolution e.g., name to tcp/ip
    address translation. I know this probably doesn't help
    you much but I want you to get an idea of what we are
    dealing with here. Do you have any static mappings in
    the WINS? As for the remote netbios name table (output
    of nbtstat -c) you should also have computer names 00, 03,
    and 20.
    ..
     
    Michael Giorgio - MS MVP, Feb 19, 2004
    #8
  9. Eric Payne

    Eric Payne Guest

    Michael,

    Thank you for you post.
    The only time I have this problem is when the Server is name DC01, If it is
    named anything else it works fine.
    There is no static mappings to DC01 in WINS.
    As far as the netbios name table, I do not have computers 00, 03, and 20,
    only what I posted before.

    Since I need to get this resolved soon, I think I might just name it DC03
    for now, join the domain, then after we migration to AD (which this server
    will be a Active Directory Controller), I think I will use the netdom tool,
    supplied in the support tools on the windows 2003 CD Rom, to add another
    name to this server (DC01) and then set it to primary and then finally
    delete the temp name (DC03).
    For some reason I belive this is an issue in our current Windows NT 4 Domain
    running WINS, I don't think it will be an issue in the 2003 AD domain, but I
    am not sure.

    Do you think that this is to drastic to do?
    What else can I do to resolve the current problem.

    Thank you again.
     
    Eric Payne, Feb 19, 2004
    #9
  10. It's a long hot but...
    Check the lmhosts file on the NT 4.0 DCs and verify there
    are not static entries pertaining to DC01.
     
    Michael Giorgio - MS MVP, Feb 19, 2004
    #10
  11. Eric Payne

    Eric Payne Guest

    Michael,

    Well looky looky there, a record for DC01 in the LMHost file on the the NT
    PDC.
    It was pointing to an old ip addres of 10.0.0.3 (the current new dell server
    is setup 10.0.0.2).

    After removing these entries from the lmhost file on that server, I did a
    domain sync.
    I rejoined a workgroup (test) with the new dell server, then I rename the
    server back to DC01.
    I then tried to join the domain, and this time I at least get prompted for a
    user name, but after suppling the domain administrator name (several times)
    it still came back with the same error.

    Do I have to do something else?
    Do I have to wait longer for that record to be gone?

    Thanks Michael, I think we are on the right path.
     
    Eric Payne, Feb 19, 2004
    #11
  12. After removing the entries from lmhosts file you have to purge
    and reload the cache. Do this by opening a dos prompt and
    running nbtstat -R. After this you should be able to add the
    machine to the domain. I am pretty sure this should do the
    trick. Good luck Eric.
     
    Michael Giorgio - MS MVP, Feb 19, 2004
    #12
  13. Eric Payne

    Eric Payne Guest

    Micheal,

    I try to ping DC01 from my computer and i get replies for 10.0.0.2.
    I go to the NT PDC and ping i get 10.0.0.3
    I do a nbtstat -c and I see
    DC01 <03> UNIQUE 10.0.0.3 -1
    DC01 <00> UNIQUE 10.0.0.3 -1
    DC01 <20> UNIQUE 10.0.0.3 -1
    KLEMM <1C> GROUP 10.0.0.3 -1
    KLEMM <1C> GROUP 10.0.0.3 -1

    KLEMM was the old domain that DC01 was in 2 years ago!
    So after removing the LMHOST file on the NT PDC, how do I get rid of these
    entries.
    I Guessing I have to reboot the server, but I will have to wait till
    tomorrow moring to do that.
     
    Eric Payne, Feb 19, 2004
    #13
  14. Eric Payne

    Eric Payne Guest

    Michael,

    THANK YOU, This worked! YES!
    I tried to do a nbtstat -r before, but I forgot it needed to be a capital R
    Thank you so much for all your help.
    I can now join the domain.

    The only thing I have left is when the server reboots and I try to log on
    right away i get the following message.

    "Windows cannot connect to the domain, either because the domain controller
    is down or otherwise unavilable, or because your computer account was not
    found. Please try agian later. If this message continues to appear, contact
    your system administrator for assistance."

    Now if I wait about 3 to 5 minutes, I can log on with out a problem, but
    everytime I reboot and try to log on right away I get this message, the
    other new server that didn't have a problem joining the domain, logs on
    right away (I am using the same userid on each server). DC02 will signon
    right away, DC01 I have to wait 5 minutes.

    Thanks agian for all your help
     
    Eric Payne, Feb 20, 2004
    #14
  15. Eric Payne

    Eric Payne Guest

    Eric Payne, Feb 20, 2004
    #15
  16. Your welcome.
     
    Michael Giorgio - MS MVP, Feb 20, 2004
    #16
  17. Eric working the KB. Nicely done.
     
    Michael Giorgio - MS MVP, Feb 20, 2004
    #17
  18. You know I was going to suggest you edit the
    lmosts file to point towards the 10.0.0.2 address
    if the problem persists and be done with it.
     
    Michael Giorgio - MS MVP, Feb 20, 2004
    #18
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.