|
|
Hi,
I am not sure if this is the right place to post this question, but I am
giving it a try.
I have a Windows 2003 domain. All XP machines are able to join to the
domain using either the netbios or the FQDN name for the AD, however,
Vista doesn't seem to be able join to the domain with the domain netbios
name (FQDN works). I confirmed that netbios name resolution works in the
Vista machine as I can map drive on the DCs and browsing the network.
Some specific
Netbios over TCPIP is enabled on Vista
IPV6/Firewall is disabled on Vista
Both the Vista and DCs are on the same subnet
All Vista and XP machine are DCHP clients
No WINS is used
All Client PC are assigned with domain.com as the DNS domain suffix and
the FQDN for the AD domain is addomain.domain.com.
Any help would be appreciated.
Thanks
|
|
Which version of Vista. I don't believe Vista Basic or Home series can join
a domain. To join a domain you need Vista Business, Ultimate, or
Enterprise.
Mike Ober.
"OM" <om[ at ]discussions.microsoft.com> wrote in message
news:eXJzi5HMJHA.2348[ at ]TK2MSFTNGP05.phx.gbl...
[Quoted Text] > Hi,
>
> I am not sure if this is the right place to post this question, but I am
> giving it a try.
>
> I have a Windows 2003 domain. All XP machines are able to join to the
> domain using either the netbios or the FQDN name for the AD, however,
> Vista doesn't seem to be able join to the domain with the domain netbios
> name (FQDN works). I confirmed that netbios name resolution works in the
> Vista machine as I can map drive on the DCs and browsing the network.
>
> Some specific
> Netbios over TCPIP is enabled on Vista
> IPV6/Firewall is disabled on Vista
> Both the Vista and DCs are on the same subnet
> All Vista and XP machine are DCHP clients
> No WINS is used
> All Client PC are assigned with domain.com as the DNS domain suffix and
> the FQDN for the AD domain is addomain.domain.com.
>
> Any help would be appreciated.
>
> Thanks
>
|
|
It is Vista Business. Again, I can join the Vista machine to the domain
if I used the FQDN name.
Michael D. Ober wrote:
[Quoted Text] > Which version of Vista. I don't believe Vista Basic or Home series can
> join a domain. To join a domain you need Vista Business, Ultimate, or
> Enterprise.
>
> Mike Ober.
>
>
> "OM" <om[ at ]discussions.microsoft.com> wrote in message
> news:eXJzi5HMJHA.2348[ at ]TK2MSFTNGP05.phx.gbl...
>> Hi,
>>
>> I am not sure if this is the right place to post this question, but I
>> am giving it a try.
>>
>> I have a Windows 2003 domain. All XP machines are able to join to the
>> domain using either the netbios or the FQDN name for the AD, however,
>> Vista doesn't seem to be able join to the domain with the domain
>> netbios name (FQDN works). I confirmed that netbios name resolution
>> works in the Vista machine as I can map drive on the DCs and browsing
>> the network.
>>
>> Some specific
>> Netbios over TCPIP is enabled on Vista
>> IPV6/Firewall is disabled on Vista
>> Both the Vista and DCs are on the same subnet
>> All Vista and XP machine are DCHP clients
>> No WINS is used
>> All Client PC are assigned with domain.com as the DNS domain suffix
>> and the FQDN for the AD domain is addomain.domain.com.
>>
>> Any help would be appreciated.
>>
>> Thanks
>>
>
>
>
|
|
In news:%23ldghZJMJHA.1012[ at ]TK2MSFTNGP03.phx.gbl,
OM <om[ at ]discussions.microsoft.com> requesting assistance, typed the
following:
[Quoted Text] > It is Vista Business. Again, I can join the Vista machine to the
> domain if I used the FQDN name.
>
Hi OM,
First, thisdoesn't make sense:
> All Client PC are assigned with domain.com as the DNS domain suffix and
> the FQDN for the AD domain is addomain.domain.com.
In an AD environment, the Primary DNS Suffix of all machines must match the
AD name. Therefore the Primary DNS Suffix should be:
addomain.domain.com
Anyway, that doesn't affect the ability to not join by NetBIOS.
Curious, on the DCs, under the Domain Controllers GPO, what is the setting
for:
Microsoft Network Server: Digitall Sign Communications (always)
Network Security" LAN Manager authentication level
Also, in Vista, how was the NIC it recognized at first boot handled? Was it
stated that it is private, public, etc?
--
Ace
This posting is a personal opinion based on experience, and is provided
"AS-IS" with no warranties or guarantees and confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCT
Microsoft Certified Trainer
For urgent issues, you may want to contact Microsoft PSS directly.
Please check http://support.microsoft.com for regional support phone
numbers.
|
|
Hi,
By default, all our XP/Vista machines do not have a primary DNS suffix
configured. When XP machines joined to the domain, the
addomain.domain.com will be assigned as primary DNS suffix(by the DC).
The digitally sign communication (always) setting is not configured, it
is disabled by default. The LAN Manager authentication level is set to
Send NTLM respond only. For the Vista machine, I tried both Private and
Public network, but it didn't make a difference. The only way I can get
it to join to the domain by typing the netbois name is to add the FQDN
name of the AD (addomain.domain.com) in the Append these DNS suffixes
manaually in the TCPIP networking property of the NIC. That also means
that the Vista machine is not using Netbios name resolution, but DNS naming.
Thanks
Ace Fekay [Microsoft Certified Trainer] wrote:
[Quoted Text] > In news:%23ldghZJMJHA.1012[ at ]TK2MSFTNGP03.phx.gbl, > OM <om[ at ]discussions.microsoft.com> requesting assistance, typed the > following: >> It is Vista Business. Again, I can join the Vista machine to the >> domain if I used the FQDN name. >> > > Hi OM, > > First, thisdoesn't make sense: >> All Client PC are assigned with domain.com as the DNS domain suffix and >> the FQDN for the AD domain is addomain.domain.com. > > In an AD environment, the Primary DNS Suffix of all machines must match > the AD name. Therefore the Primary DNS Suffix should be: > addomain.domain.com > > Anyway, that doesn't affect the ability to not join by NetBIOS. > > Curious, on the DCs, under the Domain Controllers GPO, what is the > setting for: > Microsoft Network Server: Digitall Sign Communications (always) > Network Security" LAN Manager authentication level > > Also, in Vista, how was the NIC it recognized at first boot handled? Was > it stated that it is private, public, etc? > > > > -- > Ace > > This posting is a personal opinion based on experience, and is provided > "AS-IS" with no warranties or guarantees and confers no rights. > > Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCT > Microsoft Certified Trainer > > For urgent issues, you may want to contact Microsoft PSS directly. > Please check http://support.microsoft.com for regional support phone > numbers. |
|
In news:ObgVSLsMJHA.468[ at ]TK2MSFTNGP06.phx.gbl,
OM <om[ at ]discussions.microsoft.com> requesting assistance, typed the
following:
[Quoted Text] > Hi,
>
> By default, all our XP/Vista machines do not have a primary DNS suffix
> configured. When XP machines joined to the domain, the
> addomain.domain.com will be assigned as primary DNS suffix(by the DC).
>
> The digitally sign communication (always) setting is not configured,
> it is disabled by default. The LAN Manager authentication level is set to
> Send NTLM respond only. For the Vista machine, I tried both Private
> and Public network, but it didn't make a difference. The only way I
> can get it to join to the domain by typing the netbois name is to add the
> FQDN
> name of the AD (addomain.domain.com) in the Append these DNS suffixes
> manaually in the TCPIP networking property of the NIC. That also means
> that the Vista machine is not using Netbios name resolution, but DNS
> naming.
> Thanks
>
Ok, the settings look good.
Concerning the Primary DNS Suffix, you are saying all your machines do not
have one? I would assume then that they are not currently joined. They
automatically take on the domain's FQDN when joined.
I have joined a Vista by NetBIOS, so I am at this point trying to think of
what would cause this on your end. Are you using WINS? Prior to joining, can
you ping a DC by its NetBIOS name? Is NetBIOS enabled on the Vista NIC
properties? Is the firewall enabled and blocking File and Print Services?
Ace
|
|
Yes, all standalone PC (before joining to the domain) has no primary DNS
suffix, however, the DHCP server does assign domain.com as the DNS
suffix search list to these machine.
WINS is not used in our network. Netbios is enabled on all these Vista
machines and we have also disabled the firewall for testing purpose. I
have tested the netbios resolution (from the Vista machiens) by mapping
the dc name using the UNC path \\windc\c$ and it worked.
One thing I want to mention is that we use BIND as name server. The
company domain is domain.com and the AD domain is addomain.domain.com.
All hosts in the network has a A record on the DNS. The zone addomain is
dynamically updatable by the DCs. So all the DCs also has a A record of
windc.addomain.domain.com. Since there is a DNS suffix search list of
domain.com, we would get windc.domain.com as reply when we ping the DCs'
netbios names from these standalone machine, same for XP or Vista.
Again, all XP machines have no problem joining to the domain with
netbios name regardless the DNS/networking configuration, but we just
can't get Vista working this way. It just appeared to me that Vista has
different name resolution mechanism. Also, if I am just using netbios
name, we should not be worry too much about DNS configuration, should we?
Thanks
Ace Fekay [Microsoft Certified Trainer] wrote:
[Quoted Text] > In news:ObgVSLsMJHA.468[ at ]TK2MSFTNGP06.phx.gbl,
> OM <om[ at ]discussions.microsoft.com> requesting assistance, typed the
> following:
>> Hi,
>>
>> By default, all our XP/Vista machines do not have a primary DNS suffix
>> configured. When XP machines joined to the domain, the
>> addomain.domain.com will be assigned as primary DNS suffix(by the DC).
>>
>> The digitally sign communication (always) setting is not configured,
>> it is disabled by default. The LAN Manager authentication level is set to
>> Send NTLM respond only. For the Vista machine, I tried both Private
>> and Public network, but it didn't make a difference. The only way I
>> can get it to join to the domain by typing the netbois name is to add
>> the FQDN
>> name of the AD (addomain.domain.com) in the Append these DNS suffixes
>> manaually in the TCPIP networking property of the NIC. That also means
>> that the Vista machine is not using Netbios name resolution, but DNS
>> naming.
>> Thanks
>>
>
> Ok, the settings look good.
>
> Concerning the Primary DNS Suffix, you are saying all your machines do
> not have one? I would assume then that they are not currently joined.
> They automatically take on the domain's FQDN when joined.
>
> I have joined a Vista by NetBIOS, so I am at this point trying to think
> of what would cause this on your end. Are you using WINS? Prior to
> joining, can you ping a DC by its NetBIOS name? Is NetBIOS enabled on
> the Vista NIC properties? Is the firewall enabled and blocking File and
> Print Services?
>
> Ace
|
|
In news:Okg8gtEOJHA.4404[ at ]TK2MSFTNGP04.phx.gbl,
OM <om[ at ]discussions.microsoft.com> requesting assistance, typed the
following:
[Quoted Text] > Yes, all standalone PC (before joining to the domain) has no primary
> DNS suffix, however, the DHCP server does assign domain.com as the DNS
> suffix search list to these machine.
>
> WINS is not used in our network. Netbios is enabled on all these Vista
> machines and we have also disabled the firewall for testing purpose. I
> have tested the netbios resolution (from the Vista machiens) by
> mapping the dc name using the UNC path \\windc\c$ and it worked.
>
> One thing I want to mention is that we use BIND as name server. The
> company domain is domain.com and the AD domain is addomain.domain.com.
> All hosts in the network has a A record on the DNS. The zone addomain
> is dynamically updatable by the DCs. So all the DCs also has a A
> record of windc.addomain.domain.com. Since there is a DNS suffix
> search list of domain.com, we would get windc.domain.com as reply
> when we ping the DCs' netbios names from these standalone machine,
> same for XP or Vista.
> Again, all XP machines have no problem joining to the domain with
> netbios name regardless the DNS/networking configuration, but we just
> can't get Vista working this way. It just appeared to me that Vista
> has different name resolution mechanism. Also, if I am just using
> netbios name, we should not be worry too much about DNS
> configuration, should we?
> Thanks
>
You are correct, if using NetBIOS, it should make the intial contact by
NetBIOS, but it will revert to DNS because that is what AD uses. My concern
is it is not allowing the intial contact. Everytihng else you mentioned
seems ok, whether using Microsoft or BIND DNS.
One more question, that I don't think I've asked yet. Is LDAP and SMB
signing enabled in the following?
Windows Server 2003 - default domain controllers Group Policy
Microsoft network server: Digitally sign communications (always) Policy
Setting: enabled (default setting)
If it is, disable it, let it replicate, and try again. This was a setting to
allow pre-Windows 2000 and Macs to communicate with AD. It may be failing
the initial connection.
Also try changing that Vista NTLM v2 only to LM and NTLM v2 if negotiated.
Give it a shot, please.
Also, here is more info on that setting:
Overview of Server Message Block signing:
http://support.microsoft.com/default.aspx?scid=kb;en-us;887429
Ace
|
|
|