I've successfully joined 16 of our 20 systems with our new domain. The other four systems give me the following error in a box titled "Computer Name Changes":

"The following error occurred attempting to join the domain "DomainNameHere":

The specified server cannot peform the requested operation."

I've configured DNS properly, and have tried changing the computers' names. It has not helped.

The computers are running Windows XP Pro, and are joining a Windows 2003 Server domain. As I mentioned, the server and domain are setup correctly, as 16 of 20 of our systems joined the domain and are working fine.

Searches for this error have turned up nothing. Can anyone help me? Please?

I assume that the computer is correctly listed with proper ACL's in AD already.
Reset it.
Remove the client computer from the domain by joining a workgroup.
Rejoin the client computer to the domain.
See if that corrects it.

I've tried that. Even completely removed the computers and given them administrative access, nothing seems to work.

I can't be positive, but it seems all these computers have one thing in common, they were all upgrades to XP. They had a Fat32 file system, which I converted today, but it did not resolve the problem.

Perhaps there's still some kind of security setting I need to change. Is there a way to export a security policy from one computer to another? I don't know, just a guess.

I'm at a loss with this currently. Nothing seems to jump out and help me. There doesn't seem to be much mention of this on other sites, including Microsoft. It must not be too commong.

Checked with Microsoft today, and support for the problem will be $245.00. That's not an option for us, budget is tight enough as it is after purchasing Win2003 and 20 CALs.

Any other suggestions?

-Tommy B

I'd think Jefro's advice would have worked...

1. disjoin the problem clients from the domain by joining a workgroup... and delete the domain's suffix (if it's there) from the computer name just for good measure.
2. delete the computers' accounts from AD.
3. point the clients' DNS settings to the DC's IP address.
4. attempt to rejoin the domain. Use the DC's local admin account credentials just in case the account you've been using has hit the "ten strikes & you're out" barrier.

Like I said, I've tried that though.

Actually, the computers are coming from a workgroup already. I'm not able to move them from the workgroup to the domain.

I've tried moving them to a different workgroup even, with no success.

I've deleted them from the domain's user setup, and retried joining, using administrator account credentials as well as my account credentials (with full admin rights to domain), and still.. no results.

Interesting, the computers WILL join the domain if I use the full domain name

(i.e. "Domain.Master.Network" instead of "Domain")..

but when I go to login, the computer can't access the domain for authentication.

The DNS is all configured correctly on these machines as well. It is running properly on the server, and the XP Pro systems are pointing to the server's IP address.

This is a toughy. I really think it may be a problem with them being upgrades from other versions of Windows... most likely 98. Like I said, before I converted them to NTFS today, they were FAT32. Converting them didn't fix the problem though.

Maybe the file system doesn't even matter.

I'm definately hitting a brick wall here. This is a toughy.. anyone else have some ideas.

I also wanna thank tropic and jefro for your suggestions. While they don't solve the problem, I really appreciate your time and effort.

Have a great night. Any other help would be appreciated.

Thanks,
Tommy B

I just found (in the XP Pro system's local security policy) that the right to add workstation to domain wasn't deligated to any users.

I reset the AD account, and restarted the XP Pro workstation, and attempted to add it to the domain. Still the same problem.

The fact that this right wasn't deligated though, makes me think there are other local (or maybe global) policies that are keeping these few workstations from joining the domain. As I mentioned, they're all upgrades from earlier versions of Windows (98 I believe, possibly 2000). We've had rights issues with them on the past being on the workgroup.

Anything in particular I should check? THANKS!

Is there anything on these machines of value, or that can be burned to CD first, as the way I'm starting to think here (after reading the history) is that maybe the systems can be rebuilt, then there are no hangups on those systems.

You probably checked, but, are they using DHCP or static, any conflicts in the IP, Can they ping the DC? Are any of the other computers named the same?

Like I said, I'd now be thinking of reinstalling from fresh, & get the XP setup join you the the domain. At least then there are no local policies getting in the way at that point.

Hope some of this helps

Dave

Put one of the computers in the Administrators OU. Try that all again and try to log on with admin.

Any OS above 95 should be able to logon. Only that the XP pro's can be managed from the 2003.

As I understand it (could be wrong) the Pro's have built in cals. If you only have pro then you didn't need to purchase any cals. There was some time that you could get the cals via MS from their site if the date of purchase was prior to ? April 2003. Could be wrong on that but you might look into that.

Well, I'm sad to say I've given up trying to find a simple solution to this problem. I've searched the net as much as I could the last couple of days, with absolutely no results.

Let it be known, that computers upgrading from Windows 98 to XP Pro, have major security policy flaws if they are simply "upgraded."

The only solution I was able to come up with was to do a clean installation of XP Pro. This solved the problem. Furthermore, while it is a pain in the butt, I'm formatting all my systems, since the few that were able to join the domain, had major problems logging in, sometimes taking 5 minutes to authenticate and apply settings. I even called Microsoft, and applied a hotfix for the problem which had little or no affect on most of the systems.

A clean installation has solved both issues I've experienced, making it no problem at all to join the domain, and making logging in a "snap of the fingers" kinda deal.

I'd like to thank everyone for their suggestions and help with this. I wish there was a simple solution, but often times with computers, that's just not gonna happen. Thanks again though, and I invite anyone with more suggestions to post them for future reference on Computing.net. For the next few days, I'll still have these problem PCs sitting around, so they're open for testing.. just lemme know if you want me to try anything.

Please note that none of the solutions above worked, and were attempted at LEAST twice.

Thanks again!

Happy Computing,
Tommy B

I found this

Here is the fix for those unfortunate enough to run into this quagmire in the future.
1. Change the computer name to "whatever" and then join the PC to the workgroup "WORKGROUP"
2. Restart the computer and log on locally as the administrator
3. Make sure the OS has all the latest patches.
4. Start>Run>mmc> then add "Security Configuration and Analysis" and "Security Templates" snap-ins.
5. Click on the Security Configuration and Analysis node and follow the instructions on the right to "Create a new database."
6. Import the Setup Security Template
7. Apply the template
8. Join the PC to the new Domain
9. If you continue to get the error, restart the PC and rerun steps 4-8