I'm trying to join a Windows 2000 Server to a domain across a VPN. The DC hosting the DNS is listed as the primary DNS server on the client. NSLOOKUP works fine. I can ping any box on the VPN fine. I can even use NSLOOKUP to get the IP's of all of the DC's in the domain. The domain is running in native mode. When I click the "Domain" radio button and put in the domain name (xyz.com), I am prompted for a username and password. I enter the creds for a domain admin, the hourglass churns for a while, and then the following error message comes up: "The following error occurred attempting to join the domain "xyz.com": The network name cannot be found." Same thing happens if I just type in xyz for the domain name. I've tried everything I can think of. I've added a machine account from the DC. I've deleted that account. I've tried using hosts and lmhosts files, all to no avail. Any thoughts would be useful. Thanks, Zhora

There is something incorrectly set in the configuration Or an issue with the end points. First, is there ANY type of firewall at either end point ? If so do have DNS being allowd In/Out at both ends. ServerA--FirewallA---| DC-A Internet--FirewallB | ServerB (DNS points to DC-A) the DNS Service UDP (port 53) must be allowed in to DC-A from ServerB. I know you say you get the Logon Screen. Also check that the Gateway being used. You don't want to use the gateway on the remote Machine in the VPN configuration. Lastly look at the ARP table, check that traffic is being sent to the correct gateway. Once you can join successfully unless the VPN is always ON you'll have to change the local DNS on ServerB - ecuase the DNS to ServerA won't be reachable unelss the VPN is connected. Good Luck

Point by Point There is a firewall at each end and DNS is being allowed to flow both ways. Angry IPScan from both ends checking the remote IP address shows port 53 open. I have the default DNS server for the client is pointing to the remote DC and works fine. I even have the two servers successfully replicating DNS records. The gateway is the local firewall and other network connectivity is working fine (see above). The VPN is always on, but I fully intend to for the server to use itself for DNS once it's joined to the domain. The ARP table wasn't showing anything except the local firewall so I added a static entry to the remote DC and tried again. No luck. I've made a discovery that may shed some light on the subject, but I'm not sure. The NetBIOS name of the domain is different from the DNS name (for the sake of discussion I will call it "abc"). When I put in the NetBIOS name as the domain to join, a different error message comes up. I should note that I have the remote DNS server authorized to do WINS lookups if it can't resolve something through DNS and I have the proper WINS server in the network configuration as well as in the DNS setup, if that makes a difference. My thinking on this is that it shouldn't matter since the domain is in native mode and I should be able to join it using the DNS name. "The following error occurred validating the name "abc". This condition may be caused by a DNS lookup problem. For information about troubleshooting common DNS lookup problems, please seethe following Microsoft Web site: http://go.microsoft.com/fwlink/?LinkId=5171 The specified domain either does not exist or could not be contacted." I've gone to this link and done everything they said, letter for letter, and the result is the same. Thanks for your response already, I'm hoping someone can help me work this out. Zhora

If you suspect that the Netbios Domain name is a problem, then try the FQDN of the active directory forest. If you had say widgets.local and the Netbios name is parkplace (rather than just widgets) use the FULL widgets.local during the joining process. (note that the Internal FQDN should NOT be .com, net, or any valid FQDN that exists on the Internet) Even if your DNS server is authorative, that would be an External DNS server ourside your firewall. The Internal DNS COULD or COULD NOT be the actual FQDN, becuase of forwarding. Just depends on how it's set up. so, try the Fully Qualified Active Directory Domain name rather than the Netbios name. Good Luck

SJafiu, Thanks for your input. Now, as you may have guessed, I wasn't involved in setting up this domain. I'd just like to verify a couple of things. I looked at the System Properties -> Network Identification tab for clues to an internal FQDN. The machine name is (for the sake of discussion) dns1.xyz.com and domain name is xyz.com. In the DNS mmc, the only listed forward lookup zone is xyz.com (AD integrated, dynamic updates authorized). In the AD Users and Computers mmc, I opened the properties window for the domain (xyz.com) and the Domain Name (pre-Windows 2000): is ABC. If I try to join xyz.com, I get the error message listed in my first post. If I try to join either xyz or abc, I get the error message that I posted in Response Number 2. If I add the following entries to an LMHOSTS file--- 172.14.1.7 DNS1 #PRE #DOM:XYZ 172.14.1.7 "ABC \0x1b" #PRE 172.14.1.7 DNS1 #PRE #DOM:ABC 172.14.1.7 "XYZ.COM \0x1b" #PRE ---(with the proper padding for lines 2 and 4)and then nbtstat -R from a command line followed by nbtstat -c to verify that the 1B lines are present and correct, then I can get the prompt for the username and password followed by "The network name cannot be found" error message. This at least seems like a step in the right direction since it prompts me for username and password when trying to join the domain using the NetBIOS domain name. Does this help narrow down the problem? One thing that I will try to do today is to join another W2K workstation from the same site to the domain and see if I get the same errors. This should help me determine if the error is with the server or with something external to the server. I'll let you know how that goes. Thanks again for all of your input so far. This really has me baffled. Zhora