I have a Windows 2008 SP 2 Enterprise box that when I try to join it to the domain, I get a "The semaphore timeout period has expired" message. I have read the other posts on the topic but they have not resolved my issue. The DC is also a 2008 SP 2 Enterprise box. The server attempting to join the Domain was imaged using Ghost, and the same image has been used on five other boxes which had no problems joining the domain. There are no firewalls between the two systems. The two boxes can ping each other just fine. I can tell the box attempting to join to ping the domain name and DNS correctly translates the name to the IP. A standalone Health monitor program is able to communicate its updates to the DC without issue every five minutes. I looked in the event viewer and did not find any entries in the System log that seemed pertinent. Almost all were information messages from Service Control Manager, eventID 7036. All servers are on an internal MAN. What are some other things to try? This is the IP config for the system unable to join the DC Windows IP Configuration Host Name . . . . . . . . . . . . : ColliervilleMIPCam Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek RTL8169/8110 Family PCI Gigabit E thernet NIC (NDIS 6.0) Physical Address. . . . . . . . . : 10-13-EE-03-0A-1D DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::c002:c7da:af1c:f35b%11(Preferred) IPv4 Address. . . . . . . . . . . : 192.0.0.1(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : DHCPv6 IAID . . . . . . . . . . . : 185603054 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-64-A9-1A-10-13-EE-03-0A-4C DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1 fec0:0:0:ffff::2%1 fec0:0:0:ffff::3%1 Primary WINS Server . . . . . . . : 10.110.68.100 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller Physical Address. . . . . . . . . : 6C-62-6D-E9-CD-78 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::99d7:563c:c3aa:5b58%10(Preferred) IPv4 Address. . . . . . . . . . . : 10.106.64.36(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.224.0 Default Gateway . . . . . . . . . : 10.106.64.1 DHCPv6 IAID . . . . . . . . . . . : 174875245 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-64-A9-1A-10-13-EE-03-0A-4C DNS Servers . . . . . . . . . . . : 10.110.68.100 xxx.xxx.xxx.xxx (redacted) Primary WINS Server . . . . . . . : 10.110.68.100 NetBIOS over Tcpip. . . . . . . . : Enabled This is the IP Config for the DC Windows IP Configuration Host Name . . . . . . . . . . . . : SafetynSecurityServer1 Primary Dns Suffix . . . . . . . : security.xxx.org (redacted) Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : security.xxx.org (redacted) xxx.org (redacted) Ethernet adapter Internal: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #2 Physical Address. . . . . . . . . : 00-1E-4F-3A-EB-3C DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::1960:82d5:f592:b0f2%11(Preferred) IPv4 Address. . . . . . . . . . . : 10.110.68.100(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.224.0 Default Gateway . . . . . . . . . : 10.110.64.1 DNS Servers . . . . . . . . . . . : ::1 127.0.0.1 Primary WINS Server . . . . . . . : 10.110.68.100 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter External: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) Physical Address. . . . . . . . . : 00-1E-4F-3A-EB-3A DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::5147:d04:3687:54b1%10(Preferred) IPv4 Address. . . . . . . . . . . : xxx.xxx.xxx.xxx(Preferred) (redacted) Subnet Mask . . . . . . . . . . . : xxx.xxx.xxx.xxx (redacted) Default Gateway . . . . . . . . . : xxx.xxx.xxx.xxx (redacted) DNS Servers . . . . . . . . . . . : ::1 xxx.xxx.xxx.xxx (redacted) 8.8.8.8 NetBIOS over Tcpip. . . . . . . . : Enabled

Hi, Whether the images are sysprepared? This mostly causes with by a faulty NIC adapter/driver or a firewall issue. Advanced network adapter troubleshooting for Windows workstations http://support.microsoft.com/kb/325487 Previous discussion: http://social.technet.microsoft.com/Forums/en/winserverDS/thread/f400b0de-c368-4a2c-8e09-a1692a13a55a Regards, Rafic If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer". This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

No, the images were not sysprepped. They were made by Symantec Ghost on an identical server. So it isn't a driver issue. I have tried two different versions of NIC drivers to make sure.

Hi, It is not recommended to clone a domain controller without SYSPREP. Never Clone a Domain Controller without Sysprep .It is still necessary to run Sysprep before you deploy an OS image. Why Sysprep is an necessary Windows deployment tool http://4sysops.com/archives/why-sysprep-is-an-obligatory-windows-deployment-tool-part-2-unique-sids-are-necessary/ Do SIDs matter anymore? Do we really need Sysprep for VDI http://www.brianmadden.com/blogs/guestbloggers/archive/2011/04/13/do-sids-matter-anymore.aspx How to Sysprep in Windows Vista and Windows Server 2008 http://briandesmond.com/blog/how-to-sysprep-in-windows-2008/ http://briandesmond.com/blog/how-to-sysprep-in-windows-server-2008-r2-and-windows-7/Regards, Rafic If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer". This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

Hi, It is not recommended to clone a domain controller without SYSPREP. Never Clone a Domain Controller without Sysprep .It is still necessary to run Sysprep before you deploy an OS image. Why Sysprep is an necessary Windows deployment tool http://4sysops.com/archives/why-sysprep-is-an-obligatory-windows-deployment-tool-part-2-unique-sids-are-necessary/ Do SIDs matter anymore? Do we really need Sysprep for VDI http://www.brianmadden.com/blogs/guestbloggers/archive/2011/04/13/do-sids-matter-anymore.aspx How to Sysprep in Windows Vista and Windows Server 2008 http://briandesmond.com/blog/how-to-sysprep-in-windows-2008/ http://briandesmond.com/blog/how-to-sysprep-in-windows-server-2008-r2-and-windows-7/Regards, Rafic If you found this post helpful, please give it a "Helpful" vote. If it answered your question, remember to mark it as an "Answer". This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

Hello, first the servers and especially the DC is mutlihomed, more then one IP/NIC is used which result in problems with domain machines. Second, the DC use an external DNS server on the NIC which is INCORRECT setup for DNS, ONLY the domain DNS servers MUST be used on the NIC of DCs and the ISPs one or google in your case 8.8.8.8 have to be configured as FORWARDER in the DNS management console. Third, using any other tool except SYSPREP(http://technet.microsoft.com/en-us/library/cc766514(WS.10).aspx) is NOT supported from Microsoft, as Ghost includes ONLY a SID changer with is NOT enough that has to be done when cloning systems. Especially DCs are NOT SUPPORTED TO BE CLONED. http://support.microsoft.com/kb/314828 http://support.microsoft.com/kb/828287 So in your case, start again with the built from the machine, cahnge DNS settings on the DC and run ipconfi g/flushdns and ipconfig /reegisterdns and restart the netlogon service on the existing DCs.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

Hello, first the servers and especially the DC is mutlihomed, more then one IP/NIC is used which result in problems with domain machines. Second, the DC use an external DNS server on the NIC which is INCORRECT setup for DNS, ONLY the domain DNS servers MUST be used on the NIC of DCs and the ISPs one or google in your case 8.8.8.8 have to be configured as FORWARDER in the DNS management console. Third, using any other tool except SYSPREP(http://technet.microsoft.com/en-us/library/cc766514(WS.10).aspx) is NOT supported from Microsoft, as Ghost includes ONLY a SID changer with is NOT enough that has to be done when cloning systems. Especially DCs are NOT SUPPORTED TO BE CLONED. http://support.microsoft.com/kb/314828 http://support.microsoft.com/kb/828287 So in your case, start again with the built from the machine, cahnge DNS settings on the DC and run ipconfi g/flushdns and ipconfig /reegisterdns and restart the netlogon service on the existing DCs.Best regards Meinolf Weber MVP, MCP, MCTS Microsoft MVP - Directory Services My Blog: http://msmvps.com/blogs/mweber/ Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

The Domain Controller was not cloned. The image being deployed on the server attempting to join the Domain was generated on a totally different box before it attempted to join the Domain.

I created some confusion it appears. The DC is the only DC on the Domain. (I am going to fix the DNS issue) The additional servers being deployed are for CCTV systems. They are not being utilized as domain controllers, DNS, or anything like that. The servers that I have cloned and deployed are being utilized to provide IIS and file sharing services so that people can access the CCTV feeds. The multi-homed aspect is from converting from the CCTV IP range to the addressable range that internal users can access. So the only range where any DC or Internet communication is happening is on the 10 network, not the 192 network. These deployed servers also are not the same configuration, and the images were not built from the DC and the computers had also not been previously connected to the domain before imaging. Does it make sense that deploying this image out to 78 servers would result in only one of them coming back with the Semaphore error when trying to join the domain? All the others hopped right on board.

Why Ethernet adapter Local Area Connection 2: on server configured in another subnet? 1. Update the driver of network adapters in both of your servers. 2. Temporarily disable all the firewalls and anti-virus applications, then check the issue again. 1a. Try this workaround, increase the TcpMaxDataRetransmissions to 10 or more. How to modify the TCP/IP maximum retransmission timeout http://support.microsoft.com/kb/170359

Hi, I would like to confirm what is the current situation? Have you resolved the problem? If there is anything that we can do for you, please do not hesitate to let us know, and we will be happy to help.Lawrence TechNet Community Support

Hi, As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as 'Answered' as the previous steps should be helpful for many similar scenarios. If the issue still persists and you want to return to this question, please reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish. In addition, we'd love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks!Lawrence TechNet Community Support