Solaris 11 - can't join AD domain

Similar Messages

• WinXP computers can't join the domain

  Hi, I'm setting up my first Xserve and I'm having troubles making WinXP machines join the domain.
  With OS X and Win98 clients I have no problems with the tests accounts I have created, but with with WinXP machines I get the error that they can't Join the domain becouse Access is Denied. I don't think is a configuration error on the server's services or the WinXP boxes becouse I can join the domain and access the account for diradmin OK from the WinXP boxes, so it may be an account configuration problem.
  Also the accounts have network home folders, don't know if this might also cause a problem, I did try with no home assigned and still got the same error.
  Any help would be appreciated

  Fixed the problem myself....
  Creted a new account and dindn't move anything on it, nothing managed and nothing changed on the account windows tab.
  Joined the domain with the diradmin account, and after the reboot used the new test user, logged in fine and home folder was mounted as a Network drive perfectly.
  Hope this helps someone in the future

• XP computers can't join SMB domain (password issues)

  Just when I thought I was done setting up the new environment, a show-stopper appeared: I'm unable to join XP computers to the new SAMBA domain. No matter what I do, I get the error message "Login failure: unknown username or bad password" on the client computer.
  The SMB log files show: Authentication for user [xxx] -> [xxx] FAILED with error NTSTATUS_WRONGPASSWORD
  OpenDirectory says: " DIGEST-MD5 authentication failed, SASL error -13 (password incorrect)"
  I already looked at http://docs.info.apple.com/article.html?artnum=302942 - the Realms are set correctly and the methods to verify the passwords work on both the PDC and the BDC without an issue.
  I've tried this with diradmin, I created a new user and added it to the Domain Admins and Admins groups etc. I also tried several NTLM/LM response settings in secpol.msc, all to no avail.
  - I've been working on this for two days now without any progress whatsoever. Does anyone have any clues what could be causing this issue?
  thanks,
  Peter

  Have you tried setting SMB access to "allow" guest? That is what I had to do so that my XP computers could logon.

• Can't see SLES server joined to domain

  Hi all: I am a domain membership on SLES newbee and I need some help with getting an SLES server working properly with our domain. The server I need help with was recently rebuilt from OES 11 to SLES 11 due to zenworks incompatibility. I still need to be able to access this server's storage over the network. When I browse the network from my Windows 7 computer the server does not show up and I cannot reach the server via \\servername. The server is in our DNS database.
  So I joined the server to our domain successfully. I used the newer style domain notation rather than windows 2000/NT notation. I can see the server in now a member of the domain by looking at the domain members on one of our DCs. I have not enabled any other features such as "Also use SMB information for Linux Authentication" and "All users to share their directories". NTP is configured and operating. The server does verify that it is a domain member. Under Samba configuration I have set the domain using the older style domain notation. It is not a DC controller. I have also set the NETBIOS name.
  I would appreciate some help understanding what I did wrong and what I need to do to correct this. BTW, I tried this once before on a test server and it worked well. Not sure what I did different.
  Thanks for the help, Chris.

  DSfW does not apply as you pointed out, and I don't believe I was referencing that component. I need this SLES 11 SP3 server to be visible to some of my users. I want to share a directory named "storage" and I need it so that they can authenticate via AD rather than adding all these users as onto the SLES box. My users also need to be able to browse to the server using Windows Explorer or get to it via \\server.
  So in YAST2 I can set up samba but I can also join the domain. This is where I am getting confused and setting something incorrectly.
  >>> Simon Flood<[email protected]> 8/28/2014 8:32 AM >>>
  On 28/08/2014 13:02, cmosentine wrote:
  > Hi all: I am a domain membership on SLES newbee and I need some help
  > with getting an SLES server working properly with our domain. The
  > server I need help with was recently rebuilt from OES 11 to SLES 11 due
  > to zenworks incompatibility. I still need to be able to access this
  > server's storage over the network. When I browse the network from my
  > Windows 7 computer the server does not show up and I cannot reach the
  > server via \\servername <file://\\servername>. The server is in our DNS
  > database.
  >
  > So I joined the server to our domain successfully. I used the newer
  > style domain notation rather than windows 2000/NT notation. I can see
  > the server in now a member of the domain by looking at the domain
  > members on one of our DCs. I have not enabled any other features such
  > as "Also use SMB information for Linux Authentication" and "All users to
  > share their directories". NTP is configured and operating. The server
  > does verify that it is a domain member. Under Samba configuration I
  > have set the domain using the older style domain notation. It is not a
  > DC controller. I have also set the NETBIOS name.
  >
  > I would appreciate some help understanding what I did wrong and what I
  > need to do to correct this. BTW, I tried this once before on a test
  > server and it worked well. Not sure what I did different.
  Reading the above am I right in thinking that your server is not running
  OES11 but instead "regular" SLES11? If so, where does Domain Services
  for Windows (a component of OES11) fit in to the above?
  HTH.
  Simon
  Novell Knowledge Partner
  If you find this post helpful and are logged into the web interface,
  please show your appreciation and click on the star below. Thanks.

• Windows machines can't join domain after 10.5.4 upgrade

  Howdy folks,
  I have a ticket open with Apple on this but am posting here in hopes that someone might have an idea for me.
  I upgraded our Mac OS X Server 10.5.3 to 10.5.4 on Sunday, and this morning several users reported that their PCs running Windows XP SP2 were unable to login to the Windows domain hosted on this machine. It's the primary domain controller for the Windows users.
  One thing to note is that I had to reinstall the server completely because the 10.5.4 patcher crashed, creating all kinds of mayhem. I did a fresh install of OS X Server 10.5 and immediately applied the 10.5.4 combo updater to it. I had to restore the Open Directory from an archival copy, and the SMB was created fresh. Not sure why but the SMB services weren't preserved by the Server settings export command in Server Admin.
  I thought unbinding the PC from the Windows domain and then rebinding it with a new name would help, but I've been completely unable to add older computers to the domain, even after removing the old computer records first.
  I've got a reproducible failure mode for this problem on a Windows XP virtual machine running on VMware Fusion on my Mac. Here's the method I've been using to create the failure:
  1. Change Windows XP System name to something new that doesn't already have a computer record on the Mac OS X Server and reboot.
  2. After the reboot, run "NewSID" program on Windows to globally change my Windows machine's SID to a new, random value, and reboot again.
  3. Attempt to use the Network ID wizard in the Windows Control Panel to re-add the machine to the domain under a new name so there's no conflict with any old computer records floating around in Open Directory. After it prompts me to enter the username, password and domain name for a user who's authorized to add machines to the domain, I get a dialog box that displays this error:
  "Your computer could not be joined to the domain because the following error has occurred:
  An internal error occurred."
  Not too informative.
  Here are the error messages I see in /var/log/samba/log.smbd (searching for the new computer name in the search field):
  netbios connect: name1=BIGMAC name2=JEFFVM6
  netbios connect: local=bigmac remote=jeffvm6, name type = 0
  opendirectorysamsearchname gave -14136 [eDSRecordNotFound]: no dsRecTypeStandard:Computers record for account 'JEFFVM6$'
  odssam_getgrnam gave -14136 [eDSRecordNotFound]: no dsRecTypeStandard:Groups record for 'JEFFVM6$'!
  opendirectorysamsearchname gave -14136 [eDSRecordNotFound]: no dsRecTypeStandard:Computers record for account 'JEFFVM6$'
  kDSStdAuthNewUser was successful for account "jeffvm6$"
  At that point it's impossible to join the computer to the domain no matter what. The most puzzling thing is that SOME of our users were able to login without any problems whatever. The ones that were either physically off or somewhere else when the 10.5.4 upgrade was applied are the only PCs that seem to be having problems.
  Any help at all is appreciated. I suspect this is some kind of a SID conflict because the SMB server had to be recreated from scratch, but have no idea how to fix the client, the server, or both to make the computer account creation process work.

  The problem is fixed.
  The issue boils down to an argument between the Open Directory server on bigmac (the OS X Server machine) and the SMB server on bigmac. The crucial information I needed to solve this problem was located here: http://www.radiotope.com/node/61
  The Open Directory database had to be restored from a backup following this weekend's problematic upgrade, and it had a different value for the SID for the Windows domain than the one used by the SMB server software itself. Even stranger was that the Open Directory database actually had the wrong domain name! The It was listed as "BIGMAC" in Open Directory, even though it was set to the correct Windows domain name in the SMB server.
  The solution was to demote the SMB server from a Primary Domain Controller to a Standalone Machine, and then repromote it. Although I changed no values in the settings, and did not modify the plist containing the SID in the Open Directory via the Inspector in Workgroup Admin, after the SMB PDC was repromoted, the SIDs and the domain names in Open Directory and the SMB config agreed with each othe. Now new machines can join the domain and users can login just as they did before. No client-side modifications are necessary.
  Hope this is helpful to someone else. It was quite the hair-pulling experience for a while there.
  Jeff Kirk

• Windows 8.1 will not allow me to join a domain Setting up a new 2012 server, and am trying to join laptops running Windows 8.1 to this new domain. When I go to properties for This Computer, Join a domain wizard is greyed out. Can I join a Windows 8.1 com

  Windows 8.1 will not allow me to join a domain
  I am trying to join laptops running Windows 8.1 to  domain. When I go to properties for This Computer, Join a domain wizard is greyed out. Can I join a Windows 8.1 computer to a domain?

  Have you verified that your Windows 8.1 is a Pro or Enterprise edition? The Basic edition cannot join a domain.

• Can Hyper-V host join a domain of a virtual machine domain controller on that same host?

  Learning about Failover Clustering with Hyper-V. I have two hyper-v nodes(servers). I want to add them to a failover cluster, but it said that the nodes must be in a domain to join failover cluster.
  Can I create a domain controller role on a virtual machine hosted on that same node and join that node to the domain?
  Can I just create a role on one of the two nodes along with hyper-v role and join the second node to the domain?

  You can create
  an AD VM and join the Hyper-V host to it in Server 2012 (or Hyper-V Server 2012, the preferred OS for running a Hyper-V Cluster). This did
  not work in any previous version of Windows.
  This would be a really horrible idea for a production environment, but suitable for a lab/training.
  Also, you only need one host/node to form a cluster (though it probably throws errors/warnings if you do)

• Windows Server 2012 Foundation, in a Workgroup - "The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller"...

  Every few days we see two dialogs with the following messages:
  Dialog 1, title: Check for Licensing Compliance is Incomplete
  The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller.
  Dialog 2, title: Check for Licensing Compliance is Incomplete
  The server did not finish checking the license compliance. If the server is joined to a domain, make sure that the server can connect to a domain controller. If the license compliance check cannot be completed, the server will automatically shut
  down in 8 day(s) 23 hour(s) 0 minute(s).
  The server is not (and never has been) joined to a domain or had any DC roles installed. In fact its still connected to the default Workgroup.
  The server was configured in our office and never showed this message until it was installed on site. The main difference from what I can see is that when installed on site it was given a static IP address and does not have any DNS settings in the network
  adapter properties. 
  I have scoured a number of forums on this error but in almost every other instance of this error message the servers are connected to a Domain Controller and the solutions generally are linked to dis-joining and rejoining the domain. Unfortunately this is
  not an option for this scenario.
  I initially thought that adding some relevant DNS server IP address may resolve the issue, however, we have the exact same model server configured exactly the same running at a different site that does not experience this problem. This server also has no
  DNS server configured.
  I have seen a post that suggests turning off the servers "Foundation Checking", but I'm unsure how to do this.

  Thanks for your response Vivian.
  I can confirm that this server is not (and never has been) a member of any active directory, it is configured as a Workgroup server. It was initially configured on a network that does have an active directory, but was never joined to it. During that time it
  never displayed these messages.
  The server was moved into production on a different site and network and setup with a static IP address.The site network does have its own active directory but the server was not joined to it. It is whilst on this new network that these messages began.
  Since my original post DNS servers have been added and the Microsoft activation has been verified, however, the messages are still appearing.
  There are only 2 user accounts configured on this server. The local admin account and another local admin user.
  The remote desktop services roles have been installed but not yet configured. I don't think that has any bearing on this scenario though.
  The description of this error in the above "Introduction to Windows Server 2012 Foundation" link states:
  This error occurs when the server cannot finish checking the requirements for the root domain, forest trust configuration, or both. It usually happens when the server cannot connect to a domain controller. If the situation persists, the server will
  shut down 10 days after the first time the compliance check failed. Each time this error message occurs, it will state the actual time remaining before the server will shut down. If you restart the server after it has shut down because of non-compliance, the
  server will shut itself down again in 3 days.
  The above description leads me to the following question - In a Workgroup environment, does the server still try to contact a domain controller to establish a level of trust? If this is the case could it be that the server can no longer see the initial DC
  on its new network and this is what is triggering the messages?
  Am I clutching at straws here?

• Windows 7 can not joinng to domain but windows Xp does in Virtual Box Manager

  Dear all,
  I need your support and thanks in advance.
  I have installed Windows 7 and Windows 2008 server in a Virtual Box. Windows 2008 server is my Domain Controller and DNS is configured. Please find my configuration below.
  Domain Controller FQDN name - bbi.in
  IP addrees - 192.168.10.14
  subnet mask- 255.255.255.0
  gateway-   192.168.10.254
  Preferred Dns - 192.168.10.14
  Windows 7  having IP address 192.168.10.2
  Ping connectivity is working from both end
  My Problem is  my windows 7 machine is not joining to domain.
  while doing Nslookup command from windows 7 command prompt I am getting default server and Ip address of the domain controller.
  I have been trying a lot and did lots of trouble shooting but can not get any solution plz.... help

  On Fri, 14 Nov 2014 17:55:41 +0000, biswajeetpattnaik wrote:
  When I join the domain I use bbi and and I get authentication asking for user name and password.
  Please find the attached error screen shot<https://social.technet.microsoft.com/Forums/getfile/567235><https://social.technet.microsoft.com/Forums/getfile/567236>
  This forum is for issues relating to Windows Server 10 Technical Preview
  only, and not for Windows Server 2008, Windows 7 nor Windows XP. Please
  post your question a forum that is for the correct topic.
  Paul Adare - FIM CM MVP
  All that blue light from Orthanc at night? That was
  Saruman, trying to moderate
  -- news.admin.palantir-abuse.sightings.

• Tecra A9: Cannot join a domain or view websites wirelessly - Vista

  I'm having a problem with wireless networking on this new installation of Vista.
  I can view & connect to a wireless router no problem but when I try to join a domain or view most web pages it just will not play ball.
  I can ping both local and external addresses and some web pages work with no problem at all.
  I have tried updating the wireless drivers from the toshiba web site and when that did not make a difference from the intel website but to no avail.
  If i plug in a network cable everything works fine.
  I have another notebook running XP which connects to the same wireless router and has none of these problems.
  Help!
  Stu

  Seems that there is nothing wrong with your wireless lan device at all. I think there are some settings of Vista, that prevent some internet pages from working, maybe built in firewall or antivirus program. Internet Explorer 7 has built in some security features as well, so you might take a look at this.
  Perhaps the first thing you could try is to use another internet browser, like firefox and check firewall settings.

• ACS 5.3 - how to join to domain

  Hello,
  can anybody clarify me how it is possible join ACS 5.3 to windows domain?
  from cisco doc:
  Active Directory Domain Name: Name of the AD domain to join ACS to.
  Username: Predefined user in AD. AD account required for domain access in ACS should have either of
  the following:
  • Add workstations to domain user right in corresponding domain.
  • Create Computer Objects or Delete Computer Objects permission on corresponding computers container where ACS machine's account is precreated (created before joining ACS machine to the domain).
  Password: Enter the user password. The password should have minimum of 8 characters with the combination of atleast one lower case alphabet, one upper case alphabet, one numeral, and one special character. All special characters are supported.
  That means:
  - Active directory must be windows DOMAIN name, or AD-server dns name?
  - username must be domain user, or domain administrator?
  another settings:
  - time on ad-server and acs must be synced (I'm using the same NTP)
  - ip name-server for acs must be AD-server?
  I can't join ACS to ad-domain. error message is 'can not resolve network address', but from acs-cli it is possible. where can be a problem?
  martin

  Hi there,
  In the Active Directory Domain Name field you enter the domain name, for example: cisco.com
  The username field, it will be better if you try with a domain admin account, otherwise you can use a domain user but with privilege enough to add/delete computer objects.
  The time zone and clock must be synchronized using NTP or manual clock configuration should work as well.
  The ip name-server must be your DNS server, if your AD-server is the same DNS then use the AD-server.

• How to join a Domain Controller Server to an two-tier (SQL Server 2012) and Sharepoint 2013 (SP2013) farm

  Hi,
  I am trying to build a 3-tier SharePoint 2013 farm.
  1. SQL Server 2012, Windows 2012 VM
  2. DC Server, Windows 2012 VM
  3. SharePoint 2013, Windows 2012 VM
  I didn't built the DC server. Someone else did. However, I created about 14 service domain user accounts for SQL Server and SharePoint install and operation.
  I was able to join the SQL Server into the SharePoint server farm using SharePoint 2013 Product Configuration Wizard.  When I start the Central Admin, and click on Servers in the Farm, I only see the SharePoint server and SQL server,
  but the DC server is not listed.  Any suggestion on what did I miss?
  Thanks
  Jean

  You cannot join the Domain Controller to your SharePoint farm.  You must instead join each server from that farm to the domain that is served up by that DC.  You will want to uninstall SharePoint and probably SQL before you do this.  If it's
  an option, I would re-provision your VMs completely and start fresh.  Once you login to a new server, join that server to the target domain like this: 
  http://www.petri.co.il/join-windows-server-2012-to-domain.htm
  You'd have to ensure that your DNS resolves to the target domain on the server being joined to the domain.  If it doesn't, you can always use HOSTS entries to overcome that in the short term.
  Once you've joined both the future SQL and SharePoint servers to the domain, you can install SQL Server and then SharePoint on their prospective servers to create your farm.
  I trust that answers your question...
  Thanks
  C
  |
  RSS |
  http://crayveon.com/blog |
  SharePoint Scripts | Twitter |
  Google+ | LinkedIn |
  Facebook | Quix Utilities for SharePoint

• Windows 8.1 VPN Functionality dissappears after joining a domain

  Hello!
  I can not seem to Identify the cause behind the following problem, I assume it is GP or permission related but I can not discover where.
  Summary:
  -New Tablet purchased from dell (Venue 11 pro series) started as windows 8.1 and the 8,1 pro pack update key was applied to enable domain functionality
  -Setup and create network connections and establish a VPN connection as the local Admin ( Everything works)
  -Join a domain
  -Log on as a domain Admin
  -Attempt to setup a VPN connection and an error is displayed in Charms saying "There is a problem with your modem or network adapter"
  -Sign off and log on as the local administrator
  -Attempt the same VPN setup, and the connection works and I receive the login credentials window in charms and the VPN can be established.
  If anyone has any knowledge about this please let me know, I have yet to find 1 case similar to this.
  ****Update-
  The VPN Connection appears in the Internet Options window Under the connections Tab, but when opening settings and properties I receive the following error:
  "Cannot Load the remote access connection manger service.
    error 5: Access Is denied"
  In services the accounts appear to be correct for the log-on as local system
  Attempting to change this to a domain admin account or local admin account proved to cause addition problems with other services because they did not have the same log-on accounts being used in the same process... 
  Again a search on this has yielded results for other OS but not Windows 8.1, Any fixes for these other OS that were attempted resulted in more log-on confilcts.
  Any help would be appreciated.

  Hi,
  According to your description, it seems like there was a problem with remote access connection manager service, please access to the path below to check RasMan rights, make sure all the user have write rights.
  1. WIN+R, open Run, type regedit, press Enter.
  2. Narrow to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\RasMan
  If problem persists, please contact Domain Adminstrator to check if there any limits with VPN.
  Roger Lu
  TechNet Community Support

• Windows 7 Computer refuses to join 2003 Domain.

  Hey guys, I'm having a slight problem over here on my end connecting two new windows 7 pro PC's to the 2003 R2 server downstairs.
  What's happening is that the domain name 'Name.root' is not found by either computer, but if I type in 'Name' I get a prompt to join the domain with a valid username and password associated.  I've tried every username I have and even created
  one on the server for myself to test with, but it still gives me an error that the password/username is incorrect.
  As far as I know, the server and clients are all using DHCP and the DNS suffix is pointing to the same name. I can even ping the server from the computers upstairs, but if I use NSLookup, it only shows the router that's being used.
  There are other windows XP pro units that will all connect using the same exact settings, so at this time I'm completely stumped as to what my next steps are.  Any help with this would be greatly appreciated.

  Hi,
  To find out what's your network environment, please upload the ipconfig /all results from Windows 7 client and Windows server 2003 R2.
  I recommend you to manually assign IP address and DNS for Windows clients and Windows server 2003 R2 instead of using DHCP.
  Also, please check if SRV record is created in DNS manager.
  You can refer to the article below:
  http://support.microsoft.com/kb/816587
  And recommend add such an entry: <FQND of domain> <server ip> to host file in windows client.
  The path for host file is in %windir%\system32\drivers\etc\hosts.
  Andy Altmann
  TechNet Community Support

• Oracle 9,2.0 32 bit for Solaris can not access more than 4GB?

  I am sorry to ask rather stupid question.
  I joined company which has big SUN Fire running Solaris 9 64bit version.
  It has system memory 16GB and 8 CPUs.
  I found 8GB memory reported as free. It is production box. It is heavy loaded.
  I guess Kernel parameter settings for Oracle set too low.
  I reported DBA and asked DBA to improve.
  My DBA said Oracle 32 bit version was installed and Oracle 32bit can't access more than 4GB system memory.
  Is it true that Oracle 9.2.0 32bit for Solaris can not access more than 4GB memory?
  32bit CPU and 32bit OS might have problem in access big memory.
  But I never heard Oracle 9 running on 64bit Solaris box can not access more than 4GB.
  Specially on Sparc 64bit chip and Solaris 9 64bit version.
  I searched forums and could not find good answer. I believe it is rather obvious.
  Please help me on this. I will be greatly appreciated.
  Thanks in advance.
  Message was edited by:
  user524303

  I was really surprised by the fact that almighty
  ORACLE can not access 4GB memory.
  So, it is true that 32bit Oracle is limited by 4GB RAM.Nope. 32bit almighty anything is limited to (max) 2^32 virtual adresses on a vmm system.
  Often there is also some split where memory is divided into system and user areas, where user (program) has e.g. 2 or 3GB. All this works regardless of amount of RAM available 0.5 or 512GB.
  Perhaps this link provides some useful info/background.