Topic: Domain Issues, Any help is greatly appreciated

[treydock]

Currently All 5 computers that hosts to the SME server are in a workgroup but not a domain.  For instance....

Under Computer Name in My Computer's Properties it shows name of my computer....Domain is blank, workgroup is Condo.  Also when I was on my old domain I would ctrl alt delete to type in user / pw and choose local or domain login , now it's only local.  I hope that's what you needed by saying "took the workstation out of the domain".

It just seems so odd to me that a 3 WinXP, 1 Win2kServer and 1 Win98 computers ALL have same error.

--------------------

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain ultimazerosector.com:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.ultimazerosector.com

Common causes of this error include the following:

- The DNS SRV record is not registered in DNS.

- One or more of the following zones do not include delegation to its child zone:

ultimazerosector.com
com
. (the root zone)

For information about correcting this problem, click Help.



--------------

Also could a router with hardcoded firewall settings affect anything?

Action        Name                Source    Destination  Protocol  

 Allow        Ping WAN port     WAN,*     WAN,*      ICMP,*
 Deny        Default               *,*          LAN,*        *,*
 Allow        Default               LAN,*        *,*           *,*  
   



I hope this helps,  If there is any more info needed to help troubleshoot this let me know, I don't mind bumps in getting things working...always deal with that when I program and work with computers...but it's unbreakable walls that are most troublesome.

Thanks for help

[treydock]

Re-installed SME7.  Renamed my old Win2k domain server from it's name when it was the domain server, to maybe stop any confusion between computers...and still.  No connection to domains, same error.

Does anyone out there know what I should do?  I REALLY want to use SME but if I can't set up a simple domain my only alternative is win2k server

thanks

[cactus]

Re-installed SME7.  Renamed my old Win2k domain server from it's name when it was the domain server, to maybe stop any confusion between computers...and still.  No connection to domains, same error.

Does anyone out there know what I should do?  I REALLY want to use SME but if I can't set up a simple domain my only alternative is win2k server

thanks

The internal domain name does not neccesarrilly need to be the same as your external domain (suffix). Look in the server manager and see what is displayed for the windows workgroup setting (see Workgroup under Configuration). Although this seems to be the workgroup it really is the name of the domain you will have to enter when adding computers to the domain. Be sure to have the option Workgroup and Domain controller set to Yes.

When you add the domain be sure to use the admin user with your SME Server system password.

How about switching of the W2k server for a quick test to see if your W2k server really is not the domain controller?

Or else how about just for a test using a different domain name?

[treydock]

Ya I actually thought that, trying to use the workgroup name as my domain.  I didn't try it exactly as you meant but thanks for the idea definately going to give that one a shot.

Are users supposed to be allowed domains on their computers w/ their username/pw or does it always have to be admin?

Know what's odd?  I'd like to hear what yall think of this (I think netlogon.bat)  When I enter ultimazerosector.net as domain instantly the error pops up, when I type anything else it asks for a password and if it's wrong name just says wrong password and username.

Do I have to setup netlogon.bat to have machines join the SME domain?  If what code do I use?

And of course thanks once again I feel progress being made

[cactus]

Ya I actually thought that, trying to use the workgroup name as my domain.  I didn't try it exactly as you meant but thanks for the idea definately going to give that one a shot.

Please do so, as this should solve your problem. You will have to be a Domain Administrator to add computers to the domain, by default this is only the admin user. You can edit that, as you already read in the other thread(s).

When I enter ultimazerosector.net as domain instantly the error pops up, when I type anything else it asks for a password and if it's wrong name just says wrong password and username.

When you enter ultimazerosector.net as domain it almost immediately replies with an error because it cannot find this domain as it does not exist, there is no domain controller for this domain. The second proves to me that we are moving in the right direction, the domain controller exists, therefor it prompts you with the username and password screen as the current user is not known to the domain. Enter the correct credentials of a domain administrator (usually admin) with it's password and after a while it should prompt you that your computer has been added to the domain and you will have to reboot. (If not you may have to apply the earlier mentioned registry patch).

Are users supposed to be allowed domains on their computers w/ their username/pw or does it always have to be admin?

For a user to log in on the domain they will have to be domain member (Be known to the server, so an entry in the user list has to be made using the server panel). The only user that is by default avaiblable after you have joined the domain after a default setup is the admin user for your domain.

Know what's odd?  I'd like to hear what yall think of this (I think netlogon.bat)  [cut]

Do I have to setup netlogon.bat to have machines join the SME domain?  If what code do I use?

The netlogon file is a file that is ran for every user after they logon to your domain. In this file you can configure default drive mappings, synchronize the time with the server etcetera.

You know what I think? I think you need to read up on how domains work and what their normal stucture is... as I get the idea that the probloem all seems to point to a lack of knowledge. Sorry it sounds a bit harsh... but it will surely be of help in the future.

And of course thanks once again I feel progress being made

Slowly it seems to me we are getting there...

[treydock]

HUZZAH ! got my main computer on the domain.  Just named workgroup condo.local and joined that domain.  As for adding members to groups I am not sure how effective that is.  Since SME is a domain controller but what about something like active directory?  What is the purpose in having user's with different Window's groups?

And ya I am going to read up on domains, but one last question...well probably not last but I hope

1 XP , on domain , 1 Win98 on domain ... 2nd WinXP gives me an error...

"Multiple connections to a server or shared resources by the same user, using more than one user name, are not allowed.  Disconnect all previous connections to the server or shared resources and try again. "

What I don't get is my main computer has like 7 shared folders and it worked...

Did the registry fix, can't think of much else to do it...I log into the laptop with a unique username.

[mmccarn]

A few notes / comments:

1. domain:  Microsoft intentionally mis-used the term "domain" to refer to their local network workgroup when NT came out (in the mid 90's), specifically in order to generate the sort of confusion that we've seen in this conversation.  At the time, Microsoft  was claiming that "MSN" would replace the Internet within a few months or years...  That project failed, but the confusion remains!  Active Directory either helps or hurts (based on your local DNS configuration) by trying to auto-magically map a netbios "domain" name to a DNS domain name - a great idea unless you use a "real" domain name locally, requiring lots of hoop-jumping to keep both your local network and your public network running smoothly, or if any of your workstations or servers don't point to your domain controller for DNS...

2. Multiple connections: When joining a windows domain, you cannot have any open shares connected to the domain controller with a user name that is different from the one you use to "join the domain", or you get the error about "Multiple connections to a server or shared resources by the same user, using more than one user name".  

Specifically, if you map a network share as user A, then try to join the domain specifying user B during the join process, you get the above message.

To get around this issue

- open a command prompt on the Windows system and issue the command "

net use * /d" to disconnect all open shares or
- disconnect all open shares one-by-one from "My Computer" (note: this may leave an open share to \\server\rpc$ that you would still have to close using "net use * /d") or
- change the credentials used for these shares to "admin" or
- add "user A" to the "Domain Admins" group, then use "user A" when prompted during the "join" process or
- Create a new local user account on the workstation (with Administrator rights!), login using that new local account (so that your mapped drives are *not* reconnected), and join the domain from there.[/list]
(Note: the first (hilighted) use of the word "user" in the microsoft error message above really means "computer", while the second use really means "user".  There's nothing like re-defining words at random for generating confusion!)

3. Registry Patch: The Windows XP Registry patch only changes one registry value.  You can un-do the patch by changing [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netlogon\parameters\RequireSignOrSeal from 0 (zero) back to 1 (one), or by saving the reg patch as a local file named <something>.reg, changing "dword:00000000" at the end to "dword:00000001", then double-clicking on it.

[treydock]

Ah thanks for the info mmccarn, leave it to windows to confuse the already confused :-/.  I ran a domain controller from windows and didn't have much problem but then again I was only using it for local network not public or anything.

NOTE: Tried the net use */d and it says "The network name cannot be found."
I tried many variants of the net command , none seemed to work or do what I was looking to do.  The only shares I could find were Windows , C , IPC

Is there any explanation as to why my main XP machine could join the domain with all sorts of shares and the other machine won't?  I am pretty sure I used admin to join this machine and I've tried using 3 dif log ins to get onto the domain on other machine , all domain admins.

Also I was noticing...well I've known this for some time and it's how my work network is setup.  When you login as local machine say as userA your folder with settings and what not is userA but if you log into domain as userA it's userA.domain for the folder....i've been using my computer about 1 year before the domain, how do i get all my local machine settings / data / everything to work as the domain user with same login name?

[cactus]

HUZZAH ! got my main computer on the domain. Just named workgroup condo.local and joined that domain.

Congratulations

As for adding members to groups I am not sure how effective that is. Since SME is a domain controller but what about something like active directory?

Adding memebers to groups is very effective as the domain controller (SME Server) uses this groups to provide access to its shares, but can als protect local shares using domain groups as you can easily add security items to the shared folder using those groups, provided that the PC hosting the share is joined to the domain. However if you have a server I would advice you to host all data there. It makes backi up easier and also saves you from having an other computer up 24/7 etc.

These groups (and the users as well) can be used in the same fashion as for setting directory/share permissions as for users and groups on a Windows based domain controller. AD however is a whole different story, this is a M$ feature and the best thing close to it is an LDAP directory, which SME Server has... BUT... SME Server does not use this like the AD to assign premissions and store (all) user data. It uses pnly a small part of it features to host your address boook which automatically stores local e-mailaddresses of users known on the domain.

Is there any explanation as to why my main XP machine could join the domain with all sorts of shares and the other machine won't? I am pretty sure I used admin to join this machine and I've tried using 3 dif log ins to get onto the domain on other machine , all domain admins.

Has this PC been removed from you old domain and is it placed in a workgroup at this moment? If not see to it that it is placed in a workgroup instead of a domain and then try again... maybe that migh help.

Also I was noticing...well I've known this for some time and it's how my work network is setup.  When you login as local machine say as userA your folder with settings and what not is userA but if you log into domain as userA it's userA.domain for the folder....i've been using my computer about 1 year before the domain, how do i get all my local machine settings / data / everything to work as the domain user with same login name?

This is notmal windows beahviour.

Log in as local administrator and first make a backup of both directories. After that you can try one of the following:
- delete user.domain directory and rename user to user.domain directory
- copy all user files over the user.domain files.
After that log out and log back in as user at the domain.

As this is not tested I urge you to make a backup of both before starting to copy or delete.

[treydock]

cactus :

Thanks for the reply as usual

The computer not joining a domain is on a workgroup , no domain.

I'm trying to read up on what a domain (like network domain and what not) is but my searches mostly get domain registration....what's a good keyword to search for?  I'm trying to find good explanation of a domain network and features at my dispossal...going to start a new thread about my hardware situation, came into extra computers, want to know how to best utilize them.

Thanks again

[smeghead]

NOTE: Tried the net use */d and it says "The network name cannot be found."

try net use * /d or net use * /delete

note the space between the * & the /

Might pay to just try net use on its own and see whats reported first.

[mmccarn]

what's a good keyword to search for?

You could start with "Active Directory", or "Active Directory wiki".

[treydock]

try net use * /d or net use * /delete

note the space between the * & the /

Might pay to just try net use on its own and see whats reported first.

first used net use * /delete , got "There are no entries in the list"

then did net use " New Connections will be remembered.  There are no entries in the list."

Do I have to run this command from a specific folder or C:> ?

[mmccarn]

net use * /delete , got "There are no entries in the list"

net use "New Connections will be remembered. There are no entries in the list."

Both of these indicate no active connections, so you should be able to join the domain.  ("net use" will list active connections if there are any; "net use * /delete" will delete all active connections if there are any).

You *should* be able to join this PC to the domain; if you're still getting the error about "Multiple connections..." then there's something else going on.

[treydock]

Ya still getting that error...could it be that my laptop and desktop share the same Win XP liscence?  It's frustrating....got domain access working then 1 computer won't join

Oh and for some reason I can't rename my webserver that's Win2kServer...it asks for user/pw and I have tried SME's admin and root , tried local computers administrator and no luck , tried normal user accounts and what not.