Koozali.org: home of the SME Server
Obsolete Releases => SME Server 9.x => Topic started by: globalsi on September 08, 2016, 03:33:15 PM
-
Hi,
I cant reach my sme9.1 domain with Win10Pro station.
No problem with windows7Pro.
With native windows 10 (version 1511), i can't join the domain :
"
Cannot connect a AD for domain mydomain.loc.
Check the domain name
"
I've followed https://wiki.contribs.org/Windows_10_Support and installed win10samba.reg but i still can't join the domain.
My DNS server is the SME.
Any ideas ?
Thank you.
PS : SME9.1 is up-to-date
PPS : Firewall is down and the network is private
-
I've got 2 installations with Win10Pro and SME 9.1 - both manage to connect (domain-wise) fine. In Both installations all the PCs where updated from Win7.
both are Server and Gateway, no experience with private server mode.
You do have the "Workgroup and Domain Controller" ticked in the "Workgroup" subsection of the Server Manager?
-
Windows10 are "native" ; not upgrade from windows7.
SME is server only and "Workgroup and Domain Controller" is on "Yes" (I can join Windows7 easily , just windows10 crash).
-
globalsi
AD is not supported, only Win NT style DOMAINS.
Perhaps you need to disable AD in Windows.
-
With native windows 10 (version 1511), i can't join the domain :
"
Cannot connect a AD for domain mydomain.loc.
Check the domain name
"
what are you using as domain name to join in w10?
-
mydomain
what are you using as domain name to join in w10?
mydomain.loc
I also try mydomain without success.
-
in server-manager workgroup page, which is the content of "windows workgroup" filed? this is the domain name you have to join to
-
in server-manager workgroup page, which is the content of "windows workgroup" filed? this is the domain name you have to join to
the content of "windows workgroup" is mydomain.loc
but...
I've just seen that in "LDAP directory" I have dc=mydomain,dc=local
... strange ... :-?
I'll reconfigure the server with only mydomain.loc and retry W10 junction next week.
-
that's wrong..
forget about ldap and the primary domain you setup (mydomain.local)
in workgroup field you must have something like "mydomain" and use it ad the domain name to join
-
in workgroup field you must have something like "mydomain" and use it ad the domain name to join
just mydomain ? this won't work with mydomain.loc ?
PS I remind that everything works well with Win7 and mydomain.loc, only Win10 crash.
-
SME is a NT style DC, not an AD one..
for safety, use just mydomain or something similar
-
ok, thanks for the tip.
I'll try next week
PS : is it safe to change the domain name ? (for the computers already inside the domain for example)
-
mmmhh... no, I won't change anything if you already have other machines joined
the only way to make things work is to debug and solve your issue.. is there anything interesting/relevant in event ROTFLviewer? :-)
-
the only way to make things work is to debug and solve your issue.. is there anything interesting/relevant in event ROTFLviewer? :-)
.... mmm .... what is ROTFLviewer ? :-?
-
is the event viewer you find in windows (don't ask me where on W10, google is your friend)
ROTFL is just because often what you find in event viewer is just useless
-
lol ok.
no, nothing interesting in the events viewer but i'll verify next week (I have no more the computer with me this evening).
-
ROTFLMAO.....
-
globalsi
.... mmm .... what is ROTFLviewer ? :-?
Hmmm, if you can post here then you can use google search
http://lmgtfy.com/?q=ROTFLMAO
-
lol ok.
no, nothing interesting in the events viewer but i'll verify next week (I have no more the computer with me this evening).
I confirm after another try today with another W10 computer : nothing in the windows events logs
-
on the W10 computeur, the C:\windows\debug\dcdiag.txt contains (translated from french):
The following error occurred while the request to the DNS SRV resource record (Service Location) to locate an Active Directory domain controller for the domain MYDOMAIN.LOC:
The error was: "DNS name does not exist."
(Error code 0x0000232B RCODE_NAME_ERROR)
The request was for the SRV record for _ldap._tcp.dc._msdcs.MYDOMAIN.LOC
The causes of this error may be:
- The DNS SRV records required to locate an Active Directory domain controller for the domain are not registered in DNS. These recordings are saved automatically by a server when an Active Directory domain controller is added to the field. They are updated by the Active Directory domain controller at set intervals. This computer is configured to use DNS servers with the following IP addresses:
192.168.69.2
- One or more of the following zones do not include delegation to its child zone:
MYDOMAIN.LOC
LOC
. (Root zone)
192.168.69.2 is the ip address of SME9.1
-
you're trying to join an AD domain, not a NT style.. I guess you already installed the .reg files..
anyway, please take a look here: https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains#Windows_10:_There_Are_Currently_No_Logon_Servers_Available_to_Service_the_Logon_Request
-
Stefano, thank you for yours responses.
you're trying to join an AD domain, not a NT style.. I guess you already installed the .reg files..
yes, reg files are already installed.
anyway, please take a look here: https://wiki.samba.org/index.php/Required_settings_for_NT4-style_domains#Windows_10:_There_Are_Currently_No_Logon_Servers_Available_to_Service_the_Logon_Request
Thank you for the link but I think this is not for my situation :
After you have successfully joined Windows 10 to your Samba NT4 domain, you fail to log on and receive the error:
but my W10 computers can't join the NT domain...
Did someone manage to join native Win10 to SME9.1 domain ? (in forums, i've only saw junctions with Win10 updated from Win7 or Win8)
I'll compare reg parameters between my W7 and W10....
-
mmmhh... no, I won't change anything if you already have other machines joined
the only way to make things work is to debug and solve your issue.. is there anything interesting/relevant in event ROTFLviewer? :-)
mmmm... :-? you were right.
I've found this on google about W10 and samba 2.6.23 (SME9.1 samba version) : https://lists.samba.org/archive/samba/2016-May/200082.html
The problem seem to be the period (.) in the workgroup name :(
Any tips for changing it (knowing that I already have other machines joined) ?
-
you can't..
the only solution is to unjoin all your clients from domain, change domain/netbios name (see above), rejoin all your machines and copy all your user's profiles onto the new ones.. a nightmare.. good luck
-
...
I was afraid of that :x
...
-
globalsi
Keep your trusted DOMAIN name short eg 8 characters, upper case letters only, no periods or other punctuation type characters, & no suffix or prefix or URL style names etc
eg
OFFICE
See
https://support.microsoft.com/en-au/kb/909264
Which in part says:
However, periods should not be used in Microsoft Windows 2000 or in later versions of Windows.
-
you can't..
the only solution is to unjoin all your clients from domain, change domain/netbios name (see above), rejoin all your machines and copy all your user's profiles onto the new ones.. a nightmare.. good luck
I made some laboratory tests.
The windows worgroup/domain/netbios name is MYDOMAIN.LOC and there is a machine as member.
If I rename both netbios and domain to MYDOMAIN, I just need to unjoin and rejoin the machine from the domain. The profile loaded is the same :)
I'll try on production next week and do a feed back.
-
Hi,
some news about my problem....
I have up-to-date my SME (9.2).
I rename domain/netbios name from MYDOMAIN.LOC to MYDOMAIN (and reboot)
But a fresh W10Pro (version 1703) still can't join the domain :-(
W7Pro can reach this domain.
In the W10 logs, i can see some errors 4097 : The machine DESKTOP attempted to join the domain MYDOMAIN but failed. The error code was 1355.
Any ideas about this problem ?
-
globalsi
Really you need to detune Windows 10 to suit NT (Windows NT/2000) style DOMAINS
& check that your Windows 10 machines can "see" the SME 9.x server.
See these for clues
https://msdn.microsoft.com/en-us/library/windows/desktop/ms681385(v=vs.85).aspx
http://microsoft.public.metadirectory.narkive.com/cEXBXnTq/failed-connection-error-code-1355
https://wiki.contribs.org/Windows_10_Support
https://www.google.com.au/search?q=Windows+10+error+code+1355&ie=utf-8&oe=utf-8&client=firefox-b&gfe_rd=cr&dcr=0&ei=hEnmWfrVA_LDXvHGoZgH
-
Stefano...
Priceless :-)
Have a :pint:
-
Hi Janet
Thank you for your answer.
Really you need to detune Windows 10 to suit NT (Windows NT/2000) style DOMAINS
& check that your Windows 10 machines can "see" the SME 9.x server.
The W10 machines can see the SME9 server. They can reach the files samba shares if i give a username&password when the explorer ask me.
I think the SME server is configured in a classic way: it does dhcp, I did not specify any particular dns.
I have import the win10samba.reg
My domain name is short (i moved it from MYDOMAIN.LOCAL to MYDOMAIN) without "." or "-" or "_"....
In fact, the error is not the same as in the beginning of the topic.
If I set a false domain, i have immediately a message like "Cannot connect a AD for domain mydomainfoo"
If I set the good domain, i have new windows asking me the credentials. But after this step (nearly 1 minute), i have the message :
The following error occured attempting to join the domain "MYDOMAIN"
The specified domain either does not exist or could not be contacted.
...still trying to understand...
PS : the firewall is off on W10 and the type of network is set as "private".
-
If you have a dot in your NT domain name, there's a trick: on win10, turn ipv6 off, switch to a fixed IP and don't set any DNS server. Now you can join the domain, and once it's done, switch back to DHCP (or fixed IP with a DNS)
-
I HAD a dot in the NT domain name but no more now.
Maybe I can set it back to try.
-
Well, best not to have one, so I'd advise to leave it as is. It was just in case
-
globalsi
Have you configured Windows to use SME server ss the gateway & DNS server.
You really need to tell us more sbout your network, how SME server is configured & how the Windows workstation is configured.
Did you read those various google results for your error code, any clues there.
Also have you disabled Active Dirctory in Windows.
Your issue is more than likely a Windows configuration one as Windows comes set for defaults that wotk with Windows AD servers, that's what I mean about detuning Windows, you have to disabke that functionality.
Did you check Windiws registry (regedit) to see the reg patch was correctly applied.
Have you searched the Forums here on Windows 10 & read everything there is, surely a clue there, others are joining SME NT style DOMAINS OK.
Another long known trick is to change the DOMAIN name in Windows to a WORKGROUP name, something you do not want to use (8 characters no periods), then shut down Windows.
Then restart Windows, change WORKSTATION name to a DOMAIN name that you do want to use, then restart Wiindows.
Then after reboot try joining the DOMAIN again.
Check the reg patch is really there first.
-
If you have a dot in your NT domain name, there's a trick: on win10, turn ipv6 off, switch to a fixed IP and don't set any DNS server. Now you can join the domain, and once it's done, switch back to DHCP (or fixed IP with a DNS)
Daniel, you're a god ! :D
I do it for one machine because I needed to resolve quickly the problem.
For others, I'll follow janet's indications :-x
-
globalsi
As Daniels suggestion works, go with that.
-
Anyway, I really wanted to thank you all for the help you bring me through the forum.
THANK YOU :)