XP machine joining domain problem

[fuunstatic]

when a new XP machine is built and joined to the domain - it references a remote DC server to join the domain instead of its local DC (there are 2 DCs locally)

not an issue in itself as it does join the domain ok, however when a user logs to the pc, the local server is used and obviously does not know that the pc has a computer account in the domain because the remote server has not replicated that information yet. Consequently the user cannot use the machine until this info is replicated

anyone know why the pc references a remote server initially when joining the domain. It is only happening in this site so a few pointers would be appreciated

thanks in advance

"Work to live, don't live to work"

"The problem with troubleshooting is that sometimes it shoots back"

 

[aftertaf]

what's it's ip address.
is it on the same subnet as your local DCs ??

also, check your SRV records in DNS to see what is going on..
Post them if u want...



Aftertaf (david)
MCSA 2003

 

[fuunstatic]

the ip address is given by the DHCP so therefore local

(if a manual ip address is given without a DFGW then it talks to the local server without any problems and the computer account is created locally (ie local DC)

Anything obvious i should look for in the SRV records?

"Work to live, don't live to work"

"The problem with troubleshooting is that sometimes it shoots back"

 

[aftertaf]

for DHCP:
by any chance you dont have one per subnet, cos sometimes dchp brodcasts pass thru routers if specifically configured for it...
then , if you have dblchecked and the IP given is on the same net as local machines... then it's not that.

DNS:

After you install Active Directory on a server running the Microsoft DNS service, you can use the DNS Management Console to verify that the appropriate zones and resource records are created for each DNS zone.

Active Directory creates its SRV records in the following folders, where Domain_Name is the name of your domain:
Forward Lookup Zones/Domain_Name/_msdcs/dc/_sites/Default-First-Site-Name/_tcp Forward Lookup Zones/Domain_Name/_msdcs/dc/_tcp

In these locations, an SRV record should appear for the following services:
_kerberos
_ldap

Nslookup is a command-line tool that displays information you can use to diagnose Domain Name System (DNS) infrastructure.
To use Nslookup to verify the SRV records, follow these steps:
1. On your DNS, click Start, and then click Run.
2. In the Open box, type cmd.
3. Type nslookup, and then press ENTER.
4. Type set type=all, and then press ENTER.
5. Type _ldap._tcp.dc._msdcs.Domain_Name, where Domain_Name is the name of your domain, and then press ENTER.
Nslookup returns one or more SRV service location records that appear in the following format, where Server_Name is the host name of a domain controller, and where Domain_Name is the domain the domain controller belongs to, and Server_IP_Address is the domain controller's Internet Protocol (IP) address:

Server: localhost
Address: 127.0.0.1
_ldap._tcp.dc._msdcs.Domain_Name
SRV service location:
priority = 0
weight = 100
port = 389
srv hostname = Server_Name.Domain_NameServer_Name.Domain_Name internet address = Server_IP_Address

found on ms web site....

give us details regarding the ip addresses of the problem PC and also of your DCs....
maight help...
David

Aftertaf (david)
MCSA 2003

 

[fuunstatic]

DHCP broadcasts do not pass through the routers (awaiting info from the local it person in any case)

if they did then all our offices (obv on different subnets) would have pcs with wrong ip configs esp the def gateway and then I would have hundreds of pcs unable to communicate with each other

I mentioned DHCP etc to show that the local DCs were working correctly just that they seemed to be by-passed in favour of a remote server during the "joining a domain" period when a machine is built as an XP machine

I though the DC may have been busy serving other requests but surely not 2 of them at the same time

"Work to live, don't live to work"

"The problem with troubleshooting is that sometimes it shoots back"

 

[Jpoandl]

I would check your AD Sites and Services. AD Sites and Services is used to configure you WAN links compared to your well-connect LAN links.

You should have at least two Sites (Because it sounds like you have a WAN link). You should make sure that the appropriate subnets are associated with each SITE.

You should also make sure that the appropriate local DC is within each SITE.


The client will query Active Directory during logon to determine which DC it should talk to. It does this by looking at its IP address and comparing the IP to the subnets listed in AD Sites and Services. Once it determines what subnet it belongs to, it will figure out what SITE it belongs to. From there, it will look and determine what DC's are local to the site. The client will then use the local DC for authentication.

So, maybe you have your AD sites and services misconfigured...and this is why the client is using the wrong DC for authentication.

Also, every Site should have a Glocal catalog server. So, I would verify that the DC is a GC. You can check this is AD Sites and Services.

-later

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please contact

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)