5

I am unable to join a 64-bit Windows 8.1 Pro Client to our Windows 2003 domain. A 64-bit Windows 7 client joins fine.

  • After installing Windows 8.1, before joining to domain, if I run nltest /dsgetdc:, it returns the domain controller and other info just fine.
  • Once I join to the domain, I get the username/password prompt, after that the "Welcome to the domain" prompt. After that it hangs for a long time and then finally I get an error saying that the domain controller could not be contacted.
  • After restart, when I try to add a domain user as Administrator to the local computer, the domain users do not show up.
  • The same nltest command now returns ERROR_DOMAIN_NOT_FOUND.
  • The computer account has been created in the Active Directory. I verified that onthe domain controller.
  • Before and after joining I can ping the domain controller by its computer name. IPCONFIG shows the DNS correctly as the IP of the domain controller.
  • Windows 8.1 client is set to the same time as the time on the domain controller, firewall is off, file sharing is enabled for all networking profiles.
  • Joining a 64-bit Windows 7 computer works fine.
  • We reinstalled Windows 8.1 three times. Each time the same result.
  • Domain controller is a Windows 2003 box.

Happy to upload logs or do anything else if someone can help us.

Roel

Roel Vlemmings
  • 151
  • 2
  • 4
  • 1
    This may be a simple thing that you have tried, but have you tried joining the domain using FQDN? – sec_goat Nov 19 '13 at 18:53
  • this shouldn't be an issue with 8.1...more likely an issue just with this particular client. You should end up in the same boat if you install Win7 on that client (same network port, same everything else.). Have you checked the security and system logs on the domain controllers for failure events for this computer? What about wireshark traces when trying to authenticate? – TheCleaner Nov 19 '13 at 19:05
  • Doh, I had dropped a link in here but wrong link so I deleted wrong comment, can't find right link now. It sounds to me like 8.1 encryption may be above what your Win2K3 is supporting. What is your Win2K3 highest encryption? – Rookie Nov 19 '13 at 21:03
  • @Rookie: how do I check encryption on client and server? Can you please give instructions? – Roel Vlemmings Nov 20 '13 at 02:55
  • @TheCleaner: we actually had Windows 7 on this box (that was the 32-bit version though.) Will try 64-bit Windows 7 if nobody is able to give me a solution... Will check system & security logs and give an update in an hour or so. – Roel Vlemmings Nov 20 '13 at 02:56
  • @sec_goat: How exactly do I do that? Please provide instructions. Note that I actually get the "Welcome to the domain" confirmation. The error dialog only comes after clicking OK on that one. The computer is also added to Active Directory, so some sort of communication is successful. – Roel Vlemmings Nov 20 '13 at 02:58
  • @RoelVlemmings I may be doing things differently than best practice, or every one else on earth. But When I try to join a computer to the domain, I ofter only enter DOMAIN as the domain sometimes however I have to enter it as DOMAIN.NAME.COM. – sec_goat Nov 20 '13 at 13:56
  • http://support.microsoft.com/kb/837361 will help troubleshoot Kerberos issues though when I reread your (well written) post, I wondered, "How does a client that just joined the domain forget the DC it just logged into?" The reason I went to encryption is that the initial handshake to join the domain is MD5. After that LDAP queries are encrypted ( http://technet.microsoft.com/en-us/library/cc738673 ). Have you tried asking the Win8 client about the DC directly nltest /server: ( http://technet.microsoft.com/en-us/library/cc731935.aspx ) – Rookie Nov 21 '13 at 23:58
  • what is in the netsetup.log? (I suppose there is one in windows 8.*) – natxo asenjo Jun 16 '14 at 21:05

1 Answers1

1

Try adding the computer by putting the full domain address instead of just the domain name. This worked for me. Don't ask me why because it shouldn't make any difference but it and it joined fine after trying to connect it all day using just the domain name.

corsang 8
  • 11
  • 1