Author Topic: [SOLVED] Zentyal 3 - Cannot join Domain with Windows 7 pro client  (Read 17877 times)

zentypenguin

  • Zen Apprentice
  • *
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Hallo all,

I'm still not able to join a Windows 7 pro client into a samba domain.
After returned to Zentyal 2.2 a gave Zentyal 3 another chance, after I found this information because it's exactly the scenario I have:
http://trac.zentyal.org/wiki/Documentation/Community/Development/singlez

I also found this: http://forum.zentyal.org/index.php/topic,13501.msg55949.html#msg55949 as an additional information that I have to configure static DNS informations to the network adapter, related to this informations http://wiki.samba.org/index.php/Samba4, but after exactly followed the instructions I still get this error, when I try to join the domain:

Code: [Select]
Hinweis: Diese Informationen sind für einen Netzwerkadministrator bestimmt. Wenden Sie sich an den Netzwerkadministrator, wenn Sie kein Netzwerkadministrator sind, und leiten Sie die Informationen in der Datei C:\Windows\debug\dcdiag.txt weiter.

Die DNS-Abfrage über den Ressourceneintrag der Dienstidentifizierung (SRV), der zur Suche eines Domänencontrollers für die Domäne "SOLARIS.HOME" verwendet wird, wurde erfolgreich abgeschlossen:

Es handelt sich um die Abfrage des SRV-Eintrags für _ldap._tcp.dc._msdcs.SOLARIS.HOME.

Die folgenden Domänencontroller wurden von der Abfrage identifiziert:
deep-thought.solaris.home


Es konnte jedoch keine Verbindung mit Domänencontrollern hergestellt werden.

Die häufigsten Ursachen dieses Fehlers sind:

- Hosteinträge (A oder AAAA), die die Namen der Domänencontroller deren IP-Adressen zuordnen, fehlen oder enthalten nicht die richtigen Adressen.

- Die in DNS registrierten Domänencontroller verfügen nicht über eine Netzwerkverbindung oder werden nicht ausgeführt.

Sorry, that this message is in German but I hope, you know, what it might means.

I did a fresh install from the latest Zentyal installation image (32bit) and installed all updates.

nslookups from the Windows client was successful with server name an DNS domain name, but not with the IP address. Strange?

By the way: To join the domain using Zentyal 2.2 and following the well known instructions succeeded at once.

Maybe somebody can help me find the faults?

Thank you very much,

Ralf
« Last Edit: March 20, 2013, 06:43:02 pm by zentypenguin »

jase

  • Zen Monk
  • **
  • Posts: 71
  • Karma: +2/-0
    • View Profile
Re: Zentyal 3 - Cannot join Domain with Windows 7 pro client
« Reply #1 on: January 14, 2013, 11:48:39 pm »
Hi Ralf
you are joining the domain from the win7 client using the realm name in Zentyal ?
what is the error message you are getting when you try to join the domain, the messages supplied do not look like the normal domain failure message?
regards
Jason

zentypenguin

  • Zen Apprentice
  • *
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: Zentyal 3 - Cannot join Domain with Windows 7 pro client
« Reply #2 on: January 15, 2013, 12:10:02 pm »
Hallo Jason,

thank you very much for your reply!

Yes, I'm using the realm of Zentyal ("SOLARIS.HOME") and I get the message I posted above, nothing else.
I also didn't get any login box, where I have to enter the credentials of a domain admin, as I expected.
Just only that message that maybe is related to some problems with DNS, I guess.

The login box for the credentials of the domain admin only comes up, when I just only would enter "SOLARIS" as the domain name, but for samba4, that would be wrong and without any success.

And, as you can see, the client recognizes the server: "deep-thought.solaris.home".

Before I tryed to join the domain, I did an ipconfig /flushdns to avoid, that the client keeps some information from a former server installation (Zentyal 2.2). I also played around with fix ip addresses and fix DNS gateway or DHCP but fix DNS gateway but nothing helped.

The server can be pinged with its name or ip, I also can reach the internet through the server.

I read about some guys who where successful with 64bit version of Zentyal. But my preferred hardware does not support 64bit. Possible, that a change to 64bit might be helpful?

Regards

Ralf

ichat

  • Zen Hero
  • *****
  • Posts: 795
  • Karma: +28/-16
  • RTFM!
    • View Profile
Re: Zentyal 3 - Cannot join Domain with Windows 7 pro client
« Reply #3 on: January 15, 2013, 05:32:26 pm »
are you able to resolve  your server's  FQDN...   
and what / who is your dhcp server... and dns server...

is it done by a router or by your zentyal box...  is  your zentyal box configure to be also winS  and what about joing its   netbios name rather than its full qualified domainhost name
All tips hints and advices are based on my personal experience.
As I try my best to be as accurate as possible, following my advice is always at your own risk,
I claim absolutely NO responsibility in any way!

zentypenguin

  • Zen Apprentice
  • *
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: Zentyal 3 - Cannot join Domain with Windows 7 pro client
« Reply #4 on: January 15, 2013, 11:08:49 pm »
Hi, ichat,

Thank you for reply.
OK, here is my configuration:
My Zentyal box is dhcp server, dns server, ntp server and wins server:

- DHCP enabled on eth1 (internal network device with ip 192.168.0.200)
- DNS domain: solaris.home, ip address: 192.168.0.200, host: deep-thought with ip 192.168.0.200
- NTP enabled: local Zentyal NTP
- WINS enabled: local Zentyal

My client is connected directly to the internal network device of the server. The external network device points to the internet dsl router. DHCP on the external network device is disabled.
my client uses an ip address from the internal network static or alternatively dynamically.

A nslookup deep-thought on the client resolves to deep-thought.solaris.home .
A nslookup 192.168.0.200 (servers internal ip address) resolves to deep-thought.solaris.home, too.

When I try to join the domain with its netbios name, the login box comes up to enter domain admins credentials but it fails with the following error message (German):
Code: [Select]
Bei dem Versuch der Doäne "SOLARIS" beizutreten, trat folgender Fehler auf: Die angeebene Domäne ist nicht vorhanden, oder es konnte keine Verbindung hergestellt werden.
But I think, this is the wrong way, because of samba 4 likes to get the FQDN?

Hope that helps.

Thank you very much!

Rergards

Ralf

jase

  • Zen Monk
  • **
  • Posts: 71
  • Karma: +2/-0
    • View Profile
Re: Zentyal 3 - Cannot join Domain with Windows 7 pro client
« Reply #5 on: January 15, 2013, 11:32:40 pm »
hi Ralf

i'm not sure why the  login box is not appearing when you try to join the computer to  the domain, but you must use the Zentyal realm name for the domain name in the windows client.
other things I would try, set windows client to use zentyal box as NTP server, at least check the times are in sync else the login won't work. I've got over  domain attaching errors by setting the zentyal box's ip as a dns server entry on the win7 client.
regards
Jason

Kurtis

  • Zen Apprentice
  • *
  • Posts: 43
  • Karma: +4/-0
    • View Profile
Re: Zentyal 3 - Cannot join Domain with Windows 7 pro client
« Reply #6 on: January 15, 2013, 11:39:33 pm »
Hi, I have 2 windows clients (Vista & Windows 7) and I have also been having problems with joining them to the domain. Windows 7 will join the domain after an error message about the RPC Server but then group policy wont apply properly. The Vista machine would not connect to the domain at all stating that the parameters are incorrect.

I'm not sure if this is related this issue that your having with DNS?

I have tried multiple re-installs and submitted a ticked about 2 weeks ago but no response back.

Ticket: http://trac.zentyal.org/ticket/5939

zentypenguin

  • Zen Apprentice
  • *
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: Zentyal 3 - Cannot join Domain with Windows 7 pro client
« Reply #7 on: January 16, 2013, 06:40:52 pm »
@jase:
Thank you for your hint.
I did, what you suggests and changed the time synchronisation to use Zentyal NTP. Sorry, I not previously observed that I should configure the Win 7 client to sync with the server. Interesting, when I entered the IP of the server, sync failed but entering the full qualified server name, sync works and time of client and server is in sync.
Than I did another try to join the domain. And just one(!) time, the login box came up but the process failed again with the error message I posted in my first post. No changes. All further tries without the login box an the same message. Mh.

@Kurtis:
I don't know, if your problem is related to mine, but the severity just was changed to "critcal"  ;). Which version did you install? 32bit or 64bit?

Regards,

Ralf

jase

  • Zen Monk
  • **
  • Posts: 71
  • Karma: +2/-0
    • View Profile
Re: Zentyal 3 - Cannot join Domain with Windows 7 pro client
« Reply #8 on: January 16, 2013, 10:53:30 pm »
hi Ralf
if i understand you correctly, you are not seeing the domain error or login boxes as in this post http://forum.zentyal.org/index.php/topic,13394.msg55469.html#msg55469
but you do see these boxes when you attach to a domain based on a Zentyal 2.2 box?

regards
Jason

zentypenguin

  • Zen Apprentice
  • *
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: Zentyal 3 - Cannot join Domain with Windows 7 pro client
« Reply #9 on: January 17, 2013, 04:11:01 pm »
Hi, Jason,

yes, when I use SOLARIS.HOME, I immediately get the second error "An Active Directory ...", even if I use static or dynamic DNS addresses.

When I enter SOLARIS, I get the login box, but then the other error occurs "The following error occured ...".

With Zentyal 2.2 I get the login box and after a while I get the welcome message, that I successful joined the domain.

Following that post you linked, it seems, that you has disabled firewall? Mh, I don't think that this would be good for me, because I want to use the routers WLAN to provide an internet connection for visitors outside of my private network.

Should I try to disable firewall for testing purposes?

Regards,

Ralf

jase

  • Zen Monk
  • **
  • Posts: 71
  • Karma: +2/-0
    • View Profile
Re: Zentyal 3 - Cannot join Domain with Windows 7 pro client
« Reply #10 on: January 17, 2013, 07:31:26 pm »
Hi Ralf

you could try disabling the firewall to prove if it is this, I assume this is not a live server yet and it is also sitting behind the NAT firewall of your adsl router!
The other things I'd read was set the server location to a major city nearest you in the same time zone, I live on a small island and this was causing a problem with the Kerberos syncing as my timezone wasn't recognised, I assume.
The other thing I did was set the Zentyal server ip address as one of the DNS server addresses on the win7 network adapter, this helped as my win7 machine was not finding the zentyal server, if this works it proves your dns setup needs fixing.

your realm name that is listed on the Zentyal file sharing page, general settings tab is definately: SOLARIS.HOME ? not SOLARIS.HOME.LAN or SOLARIS.HOME.Local

just thought the other problems I had, you must set the zentyal server to fixed ip and and your gateway and dns servers on install, I set mine to dhcp, thought I'd set it to a static later but it stopped me joining the domain, this might be fixed now have not tested recently.

also as a side note re the WLAN, some routers allow separation of the wired and wireless networks, yours may offer this feature.

regards
Jason
« Last Edit: January 17, 2013, 07:35:27 pm by jase »

daniellench

  • Zen Monk
  • **
  • Posts: 82
  • Karma: +3/-1
  • sudo /etc/init.d/coffee brew
    • View Profile
    • daniellench.com
Re: Zentyal 3 - Cannot join Domain with Windows 7 pro client
« Reply #11 on: January 18, 2013, 09:51:04 pm »
I recently joined 10 windows 7 machines to my new zentyal 3 machine.

i had to follow these steps exactly:

  • login to client as local administrator
  • sync NTP with zentyal server
  • set first (primary) DNS as the zentyal server
  • open up CMD and ipconfig /release, /renew, /flushdns
  • then try to join the domain

my domain name is like this "domain.local"
i type "domain.local" in the box when trying to join the domain, not just "domain"

you need a user in zentyal, not the "administrator" user, that is a member of "DNS Admins" or whatever its' called in zentyal. I just use my account and add myself to the group.

During the initial setup, i make the server use a static ip. i have found that this is crucial and i wish that the server would not even allow DHCP but understand that under certain conditions it's needed. If this is a new machine and you didn't go static during the initial setup maybe think about a format :/ (this is just what i would do)

hope this helps
« Last Edit: January 18, 2013, 09:54:51 pm by daniellench »

Kurtis

  • Zen Apprentice
  • *
  • Posts: 43
  • Karma: +4/-0
    • View Profile
Re: Zentyal 3 - Cannot join Domain with Windows 7 pro client
« Reply #12 on: January 23, 2013, 01:09:53 am »
I had problems with my windows client not syncing time with the server. Goto date/time settings then internet time and the enter your zentyal server and then attempt to update. My clients have joined now.

zentypenguin

  • Zen Apprentice
  • *
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: Zentyal 3 - Cannot join Domain with Windows 7 pro client
« Reply #13 on: January 26, 2013, 10:33:00 pm »
Hi,

thank you all for your replies.

I did a totally new and fresh install today with the latest Zentyal 3 installation image 32bit. I think, I followed all the instructions I got in the past:
- static IP address for local lan
- Enabled NTP server and succesfully syncing the client
- Fixed DNS server in lan adapter configuration
- Flushing DNS Cache on the client with ipconfig /flushdns
- of course I entered the the FQDN, in my case SOLARIS.HOME as domain name , there is no .lan extension in the domain name
- client can connect to the server and to the internet
- Configuration of network adapters, DNS and NTP before installing file sharing packages
- prepared the build-in Administrator user changing its password to something I know and verify to be member of group Domain Admins
- ...

But my problem still exists! Trying to join the domain, there is no login box, but only this message (details part, now in english):
Code: [Select]
Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain SOLARIS.HOME:

The query was for the SRV record for _ldap._tcp.dc._msdcs.SOLARIS.HOME

The following domain controllers were identified by the query:

deep-thought.solaris.home

Common causes of this error include:

- Host (A or AAAA) records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are not running.

For information about correcting this problem, click Help.

This is my dig output on the server, similar to that one on my linux client, when connected to the server:

Code: [Select]
root@deep-thought:/home/localadmin# dig deep-thought.solaris.home

; <<>> DiG 9.8.1-P1 <<>> deep-thought.solaris.home
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4003
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;deep-thought.solaris.home. IN A

;; ANSWER SECTION:
deep-thought.solaris.home. 259200 IN A 192.168.0.200
deep-thought.solaris.home. 259200 IN A 192.168.10.253

;; AUTHORITY SECTION:
solaris.home. 900 IN NS deep-thought.solaris.home.

;; ADDITIONAL SECTION:
deep-thought.solaris.home. 900 IN AAAA ::1

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Jan 26 22:27:32 2013
;; MSG SIZE  rcvd: 117

and

Code: [Select]
root@deep-thought:/home/localadmin# dig -x 192.168.0.200

; <<>> DiG 9.8.1-P1 <<>> -x 192.168.0.200
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19234
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3

;; QUESTION SECTION:
;200.0.168.192.in-addr.arpa. IN PTR

;; ANSWER SECTION:
200.0.168.192.in-addr.arpa. 259200 IN PTR deep-thought.solaris.home.

;; AUTHORITY SECTION:
0.168.192.in-addr.arpa. 259200 IN NS deep-thought.solaris.home.

;; ADDITIONAL SECTION:
deep-thought.solaris.home. 259200 IN A 192.168.0.200
deep-thought.solaris.home. 259200 IN A 192.168.10.253
deep-thought.solaris.home. 900 IN AAAA ::1

;; Query time: 4 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Sat Jan 26 22:29:47 2013
;; MSG SIZE  rcvd: 157


Maybe, there is a DNS issue I didn't recognized, yet?

Any idea?

Thank you all for help,

Ralf

PS: @daniellench: did you installed 64bit or 32bit version of Zentyal? I heard about some guys, that they were successful using 64bit version. But my prefered hardware is restricted to use 32bit version of Zentyal.

zentypenguin

  • Zen Apprentice
  • *
  • Posts: 30
  • Karma: +0/-0
    • View Profile
Re: Zentyal 3 - Cannot join Domain with Windows 7 pro client
« Reply #14 on: February 05, 2013, 09:09:21 pm »
Push ...

Does anybody have an idea, what might be wrong?

Please help,

Ralf