7

I’ve just installed a Windows 2012 server for the first time, and would like it to join our Univention Corporate Server domain, so we have the same LDAP users as on all systems.

The error message (translated – unfortunately, the install CD did not permit switching the language to English) roughly said that the domain was unavailable / not found.

We’re running Univention 3.2 currently.

mirabilos
  • 737
  • 1
  • 7
  • 22

1 Answers1

7

I hadn't heard of Univention before. It looks like it's a distribution of Linux and Samba with some "baked-in" management tools.

It looks like you can install either Samba 3 or Samba 4 (per this screenshot. There appear to be known issues with Windows Server 2012 joining a Samba 3 domain, so that may be your problem.

I'd compare the DNS settings on the Windows Server 2012 machine to a known-working machine. DNS problems are typically the cause of issues joining Active Directory domains. If you haven't, work through the domain join troubleshooting document from Univention.

Edit:

In a Samba 3 environment, which emulates a Windows NT domain environment, a couple of defaults in Windows Server 2008 (and newer) need to be changed. The following registry merge changes the default behavior to allow for joining an NT-style domain:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\LanManWorkstation\Parameters]
"DomainCompatibilityMode"=dword:00000001
"DNSNameResolutionRequired"=dword:00000000
Evan Anderson
  • 141,881
  • 20
  • 196
  • 331
  • Thanks. In the meantime, I also got [the english version of that SDB entry](http://sdb.univention.de/content/6/102/en/how-can-a-windows-7-_-windows-2008-system-be-joined-in-a-ucs-domain.html?highlight=Windows) linked from a coworker (though we’re German, I’d thought I’d share it), and [this explanation why it’s only necessary with Samba 3](https://wiki.samba.org/index.php/Registry_changes_for_NT4-style_domains) from Natureshadow. I will accept your answer, as it contains the perfect link to the SDB solution, but to stay in line with the spirit of StackOverflow, please summarise the fix in it. – mirabilos Nov 13 '14 at 08:47
  • This turned out to still not be enough. A coworker played around a bit with network settings (disable IPv6 (probably not the cause), statically define the WINS server (possibly the cause), disable LMHOSTS), and was able to join it to the domain. He can log in, I can’t (with my domain account). Meh. Will post updates here. – mirabilos Nov 13 '14 at 15:34
  • What do you mean by "disable LMHOSTS"? If the DC is beyond a subnet boundary you will need to use WINS to get cross-subnet NetBIOS name resolution. The "old ways" of dealing with NT 4.0-style domains and NetBIOS name resolution are slowly being lost as the Microsoft world marches away from NetBIOS. – Evan Anderson Nov 13 '14 at 15:39
  • Untick the checkbox to use LMHOSTS, in the tab where one can enter the WINS server. – The login issue is cleared too. Turns out it used the Vista.V2 profile from a DC Slave which was bad, *and* **then** cached *that* locally. Removing it from the Win2012R2 box *and* `rm -rf $HOME/windows-profiles/Vista.V2` on all Univention boxen fixed that, too. – mirabilos Nov 13 '14 at 16:52