Jump to content

  •  

  • Photo

    Cannot Connect Computer to the Server. Help!


    • Please log in to reply
    58 replies to this topic

    #21 jmwills

    jmwills

      HSS Genius

    • Donating Member
    • 6,922 posts
    • LocationHuntsville, AL

    Posted 29 November 2012 - 07:13 AM

    Let's go back to the basics on this client connector issue. Are the server and client set to the same time zone? If not, that will cause a failure. Secondly, DNS has to be coming from the same source, either the router or the server. You could set it statically on both and see if that helps.

    I would also flush the DNS cache on both. "ipconfig /flushdns"
    • 0

    Windows 7 Desktop - Antec 100 Case, Intel D8H67BL, OCZ 550W PSU, Intel i3-530 CPU w/16GB G-Skill DDR3 1333 RAM
    Server 2012 - Fractal Arc Midi, CoolerMaster M600 PSU, ASUS P8H67V, Intel i5-2500 CPU w/32GBG-Skill DDR3 1333 RAM, 90 GIG OCZ SSD OS Drive – Roles: Hyper-V (WHS-SharePoint-DC-SQL-Exchange-WSE 2012R2), Print Server - Rocket RAID 2720 4 x 3TB WD Red
    HTPC Build - Silverstone GD05 Case,x 2
    Travel Laptop: Lenovo U310 13.3" Windows 8.1


    #22 joem

    joem

      HSS Champion

    • Members
    • 393 posts
    • LocationPortland, Oregon

    Posted 29 November 2012 - 09:11 AM

    John one thing that confuses me is why the client could join the domain the first time without configuring any DHCP and DNS on the router?
    • 0

    #23 joem

    joem

      HSS Champion

    • Members
    • 393 posts
    • LocationPortland, Oregon

    Posted 29 November 2012 - 09:16 AM

    jmwills. Like I replied to John. This computer joined the domain OK the first time without any DNS or DHCP configurations on the server or client.
    • 0

    #24 jmwills

    jmwills

      HSS Genius

    • Donating Member
    • 6,922 posts
    • LocationHuntsville, AL

    Posted 29 November 2012 - 09:25 AM

    If I read this right, you joined the domain last time and are not doing it this time. Correct? That is what lead me on the SID issue. Did you delete the old object from AD?
    • 0

    Windows 7 Desktop - Antec 100 Case, Intel D8H67BL, OCZ 550W PSU, Intel i3-530 CPU w/16GB G-Skill DDR3 1333 RAM
    Server 2012 - Fractal Arc Midi, CoolerMaster M600 PSU, ASUS P8H67V, Intel i5-2500 CPU w/32GBG-Skill DDR3 1333 RAM, 90 GIG OCZ SSD OS Drive – Roles: Hyper-V (WHS-SharePoint-DC-SQL-Exchange-WSE 2012R2), Print Server - Rocket RAID 2720 4 x 3TB WD Red
    HTPC Build - Silverstone GD05 Case,x 2
    Travel Laptop: Lenovo U310 13.3" Windows 8.1


    #25 joem

    joem

      HSS Champion

    • Members
    • 393 posts
    • LocationPortland, Oregon

    Posted 29 November 2012 - 09:56 AM

    jmwills:
    I originally joined the computer to the domain and then disjoined per the specific instructions from here:
    http://technet.micro...y/jj713540.aspx
    I then tried to rejoin the computer to the domain and got the following error in the Connect a Computer to the Server dialogue box:
    "Cannot connect this computer to the network: An unexpected error has occurred. For more information, See troubleshoot connecting computers to the server."
    I have tried the same procedure on one other Window 7 Pro computer with the same results.
    I did not delete the old object from AD. By removing the computer from the domain that process should be accomplished. I have not set any Group Policy on the server, or done anything with DHCP or DNS. I am going one step at a time to make sure everything works. If my testing works for one procedure then I will go on to the next. If I were to configure everything on the server at once and then something goes wrong I wouldn't know what caused it. So the only thing I have really done is install the server and and completed just the basic tasks that have to be done and then joined computers to the domain. So before I go any further I want to make sure I can join, disjoin and rejoin computers. I have three businesses that have to be able to do this and have never had this issue with other Windows Server systems. Thanks for your input. Everything works well on the server including the client backups and restores as well as backing up the server and restoring it also. Anyway that's where I'm at and stuck.
    • 0

    #26 jmwills

    jmwills

      HSS Genius

    • Donating Member
    • 6,922 posts
    • LocationHuntsville, AL

    Posted 29 November 2012 - 10:00 AM

    Go into AD, find the computer object, right click and reset. That should solve the issue if you are using the same hostname for the client.,
    • 0

    Windows 7 Desktop - Antec 100 Case, Intel D8H67BL, OCZ 550W PSU, Intel i3-530 CPU w/16GB G-Skill DDR3 1333 RAM
    Server 2012 - Fractal Arc Midi, CoolerMaster M600 PSU, ASUS P8H67V, Intel i5-2500 CPU w/32GBG-Skill DDR3 1333 RAM, 90 GIG OCZ SSD OS Drive – Roles: Hyper-V (WHS-SharePoint-DC-SQL-Exchange-WSE 2012R2), Print Server - Rocket RAID 2720 4 x 3TB WD Red
    HTPC Build - Silverstone GD05 Case,x 2
    Travel Laptop: Lenovo U310 13.3" Windows 8.1


    #27 joem

    joem

      HSS Champion

    • Members
    • 393 posts
    • LocationPortland, Oregon

    Posted 29 November 2012 - 10:02 AM

    Cool! I'll try that and run another test to disjoin and rejoin. Give me a little time to do this and I'll report back. Thanks.
    • 0

    #28 jmwills

    jmwills

      HSS Genius

    • Donating Member
    • 6,922 posts
    • LocationHuntsville, AL

    Posted 29 November 2012 - 10:03 AM

    That action will clear the SID within AD.
    • 0

    Windows 7 Desktop - Antec 100 Case, Intel D8H67BL, OCZ 550W PSU, Intel i3-530 CPU w/16GB G-Skill DDR3 1333 RAM
    Server 2012 - Fractal Arc Midi, CoolerMaster M600 PSU, ASUS P8H67V, Intel i5-2500 CPU w/32GBG-Skill DDR3 1333 RAM, 90 GIG OCZ SSD OS Drive – Roles: Hyper-V (WHS-SharePoint-DC-SQL-Exchange-WSE 2012R2), Print Server - Rocket RAID 2720 4 x 3TB WD Red
    HTPC Build - Silverstone GD05 Case,x 2
    Travel Laptop: Lenovo U310 13.3" Windows 8.1


    #29 ikon

    ikon

      HSS Elite Master

    • Donating Member
    • 12,298 posts

    Posted 29 November 2012 - 10:06 AM

    That action will clear the SID within AD.


    When you say "clear the SID" do you mean it will set the SID to "0000......00"?
    • 0

    If at first you don't succeed, do it like your mother told you.


    #30 joem

    joem

      HSS Champion

    • Members
    • 393 posts
    • LocationPortland, Oregon

    Posted 29 November 2012 - 10:20 AM

    jmwills: I want to get this AD reset in the right order when I do this test. At what point should I do the reset on that computer? Before I disjoin? After disjoining? It seems the computer objiect would be gone from AD after disjoining though. Anyway please advise. Thanks.
    • 0

    #31 jmwills

    jmwills

      HSS Genius

    • Donating Member
    • 6,922 posts
    • LocationHuntsville, AL

    Posted 29 November 2012 - 10:23 AM

    Not to 0's.

    1. A domain computer account synchronizes with the Domain Controller (DC) on a regular basis. This means that the computer checks with the DC or the DC checks for the computer on the network at a set interval. If for some reason synchronization does not take place, then the computer account can become invalid due to failed authentication. Group policy may also fail to take effect.

    Each domain computer maintains a machine account password history containing the current and previous passwords used for the account. When the computer attempt to authenticate with DC and a change to the current password is not yet received, Windows then relies on the previous password. If this authentication fails (due to the failed sync of password), both computers may not communicate. Hence, you have to reset the computer password. You can't set the password directly but you can perform a computer account reset on the "Active Directory User and Computer" console or "netdom reset" on a DC.

    After you have reset the computer account, you won't be able to login to the affected computer using domain-based accounts. You have to re-join the computer to domain, so that the AD re-sync can take place. Login to the affected computer on local administrator account.


    2.

    When a secure channel fails, ie the trust with the domain has been lost, you must reset it. Most people simply remove the computer from the domain by joining a workgroup, and then re-joining the domain. This is a bad idea because the computer account SID is lost, along with any group memberships.



    Type the command netdomm reset MachineName /domain DomainName /UserO UserName /PasswordO {Password | *} where the credentials belong to the local Administrators group of the computer. This resets the secure channel by attempting to reset the password on both the computer and the domain, and does not require rejoining or rebooting.

    You could also try the following from the computer that has lost it's trust: nltest /server:ServerName /sc_reset:DOMAIN\DomainController. This also tries to reset the secure channel by resetting the password both on the computer and in the domain, and does not require rejoining or rebooting.

    • 0

    Windows 7 Desktop - Antec 100 Case, Intel D8H67BL, OCZ 550W PSU, Intel i3-530 CPU w/16GB G-Skill DDR3 1333 RAM
    Server 2012 - Fractal Arc Midi, CoolerMaster M600 PSU, ASUS P8H67V, Intel i5-2500 CPU w/32GBG-Skill DDR3 1333 RAM, 90 GIG OCZ SSD OS Drive – Roles: Hyper-V (WHS-SharePoint-DC-SQL-Exchange-WSE 2012R2), Print Server - Rocket RAID 2720 4 x 3TB WD Red
    HTPC Build - Silverstone GD05 Case,x 2
    Travel Laptop: Lenovo U310 13.3" Windows 8.1


    #32 joem

    joem

      HSS Champion

    • Members
    • 393 posts
    • LocationPortland, Oregon

    Posted 29 November 2012 - 10:25 AM

    Thinking a little bit more about this I am thinking that the reset would be done before I disjoin it from the domain?
    • 0

    #33 jmwills

    jmwills

      HSS Genius

    • Donating Member
    • 6,922 posts
    • LocationHuntsville, AL

    Posted 29 November 2012 - 10:27 AM

    Yes. Remove from the Domain first, but since you are past that point, you could log on locally with the Admin account and place back into a workgroup.
    • 0

    Windows 7 Desktop - Antec 100 Case, Intel D8H67BL, OCZ 550W PSU, Intel i3-530 CPU w/16GB G-Skill DDR3 1333 RAM
    Server 2012 - Fractal Arc Midi, CoolerMaster M600 PSU, ASUS P8H67V, Intel i5-2500 CPU w/32GBG-Skill DDR3 1333 RAM, 90 GIG OCZ SSD OS Drive – Roles: Hyper-V (WHS-SharePoint-DC-SQL-Exchange-WSE 2012R2), Print Server - Rocket RAID 2720 4 x 3TB WD Red
    HTPC Build - Silverstone GD05 Case,x 2
    Travel Laptop: Lenovo U310 13.3" Windows 8.1


    #34 joem

    joem

      HSS Champion

    • Members
    • 393 posts
    • LocationPortland, Oregon

    Posted 29 November 2012 - 10:47 AM

    No. I still have the computer I am going to test on the domain. So I can reset and then disjoin?
    • 0

    #35 ikon

    ikon

      HSS Elite Master

    • Donating Member
    • 12,298 posts

    Posted 29 November 2012 - 11:59 AM

    Thanks for the article jmwills. Very interesting info. I haven't seen it before. I agree, most people do resolve these issues by joining the client computer to a workgroup and then back to the domain. As the article says, "bad idea". Now I see why, and have a way of not having to do that.
    • 0

    If at first you don't succeed, do it like your mother told you.


    #36 ikon

    ikon

      HSS Elite Master

    • Donating Member
    • 12,298 posts

    Posted 29 November 2012 - 12:05 PM

    No. I still have the computer I am going to test on the domain. So I can reset and then disjoin?


    That's the way I read it. In fact, with a Reset, you may not even have to Disjoin because the Reset requires you to login to the client computer using a local admin account and you have to Rejoin the computer to the network anyway.
    • 0

    If at first you don't succeed, do it like your mother told you.


    #37 jmwills

    jmwills

      HSS Genius

    • Donating Member
    • 6,922 posts
    • LocationHuntsville, AL

    Posted 29 November 2012 - 12:14 PM

    For sure, I would remove it just to be safe.
    • 0

    Windows 7 Desktop - Antec 100 Case, Intel D8H67BL, OCZ 550W PSU, Intel i3-530 CPU w/16GB G-Skill DDR3 1333 RAM
    Server 2012 - Fractal Arc Midi, CoolerMaster M600 PSU, ASUS P8H67V, Intel i5-2500 CPU w/32GBG-Skill DDR3 1333 RAM, 90 GIG OCZ SSD OS Drive – Roles: Hyper-V (WHS-SharePoint-DC-SQL-Exchange-WSE 2012R2), Print Server - Rocket RAID 2720 4 x 3TB WD Red
    HTPC Build - Silverstone GD05 Case,x 2
    Travel Laptop: Lenovo U310 13.3" Windows 8.1


    #38 ikon

    ikon

      HSS Elite Master

    • Donating Member
    • 12,298 posts

    Posted 29 November 2012 - 12:26 PM

    For sure, I would remove it just to be safe.


    With the caveat that Disjoining will remove any SID associations, I agree. Although, it might be interesting to try it without Disjoining, just as an experiment. :)
    • 0

    If at first you don't succeed, do it like your mother told you.


    #39 jmwills

    jmwills

      HSS Genius

    • Donating Member
    • 6,922 posts
    • LocationHuntsville, AL

    Posted 29 November 2012 - 12:45 PM

    I know what will happen. The secure channel comms will be lost and the client cannot connect to a DC
    • 0

    Windows 7 Desktop - Antec 100 Case, Intel D8H67BL, OCZ 550W PSU, Intel i3-530 CPU w/16GB G-Skill DDR3 1333 RAM
    Server 2012 - Fractal Arc Midi, CoolerMaster M600 PSU, ASUS P8H67V, Intel i5-2500 CPU w/32GBG-Skill DDR3 1333 RAM, 90 GIG OCZ SSD OS Drive – Roles: Hyper-V (WHS-SharePoint-DC-SQL-Exchange-WSE 2012R2), Print Server - Rocket RAID 2720 4 x 3TB WD Red
    HTPC Build - Silverstone GD05 Case,x 2
    Travel Laptop: Lenovo U310 13.3" Windows 8.1


    #40 joem

    joem

      HSS Champion

    • Members
    • 393 posts
    • LocationPortland, Oregon

    Posted 29 November 2012 - 01:18 PM

    I have a guy coming in soon that I will have to blow away his Windows 7 pro and reinstall. I will test that first by joining to domain and the reset trick. Then try to join it again. I'll get back to you on the results. If there is anything else you want met to test let me know.
    • 0




    Skins By Invisioneers