Win 7 Ult and Pro attempting to join 2003 std in Interim mode.
Hi all, Got a win7 domain problem thats doing my head in guys, so would really appreciate a successful pointer for a resolution please. (win7 netsetup.log at foot of post.) All dns tests to DNS/DC server OK, FQDM etc to DC server from win7. (MYDOMAIN and MYDOMAIN.com) Pls note: My domain name of 6 chars has been changed to MYDOMAIN, here. I’m in a situation where I have two NT4 BDCs’ on my domain (MYDOMAIN) so currently have to stay in 2003 R2 interim mode, but am now in a situation where I have by-passed Windows Vista and need to start join Windows 7 professional machines to the domain. Only one problem….Windows 7 will not join to 2003 server in Interim mode. I have setup an XP machine to use Virtual PC and installed Windows server 2003 std in 2000 mixed mode and then a windows 7 box. In this scenario the Windows 7 box joined the domain with no problems. I then deleted all virtual machines and setup an NT4 PDC server and upgraded it to 2003 interim mode. I then added a virtual Windows 7 pro machine and tried to join the (virtual MYDOMAIN) domain, and got exactly the same results as when attempting to join a Win7 box on our live domain, thereby replicating in a virtual setup what is happening on our live network. I am presented with the Computer Name/Domain Changes window: User name prompt Password prompt Domain: MYDOMAIN (below the password prompt…..indicating it has found the domain MYDOMAIN. But on entering the administrator and the password a window pops up saying: The following error occurred attempting to join the domain ‘MYDOMAIN’: The specified domain either does not exist or could not be contacted. Netsetup log from the win7 box: ---------------------------------------------- 02/11/2010 08:44:27:517 NetpValidateName: checking to see if 'TONYE-5' is valid as type 1 name 02/11/2010 08:44:27:517 NetpCheckNetBiosNameNotInUse for 'TONYE-5' [MACHINE] returned 0x0 02/11/2010 08:44:27:517 NetpValidateName: name 'TONYE-5' is valid for type 1 02/11/2010 08:44:27:548 ----------------------------------------------------------------- 02/11/2010 08:44:27:548 NetpValidateName: checking to see if 'TONYE-5' is valid as type 5 name 02/11/2010 08:44:27:548 NetpValidateName: name 'TONYE-5' is valid for type 5 02/11/2010 08:44:27:564 ----------------------------------------------------------------- 02/11/2010 08:44:27:564 NetpValidateName: checking to see if 'MYDOMAIN' is valid as type 3 name 02/11/2010 08:44:27:673 NetpCheckDomainNameIsValid [ Exists ] for 'MYDOMAIN' returned 0x0 02/11/2010 08:44:27:673 NetpValidateName: name 'MYDOMAIN' is valid for type 3 02/11/2010 08:44:40:559 ----------------------------------------------------------------- 02/11/2010 08:44:40:559 NetpDoDomainJoin 02/11/2010 08:44:40:559 NetpMachineValidToJoin: 'TONYE-5' 02/11/2010 08:44:40:559 OS Version: 6.1 02/11/2010 08:44:40:559 Build number: 7600 (7600.win7_rtm.090713-1255) 02/11/2010 08:44:40:559 SKU: Windows 7 Ultimate 02/11/2010 08:44:40:559 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0 02/11/2010 08:44:40:559 NetpGetLsaPrimaryDomain: status: 0x0 02/11/2010 08:44:40:559 NetpMachineValidToJoin: status: 0x0 02/11/2010 08:44:40:559 NetpJoinDomain 02/11/2010 08:44:40:559 Machine: TONYE-5 02/11/2010 08:44:40:559 Domain: MYDOMAIN 02/11/2010 08:44:40:559 MachineAccountOU: (NULL) 02/11/2010 08:44:40:559 Account: MYDOMAIN\administrator 02/11/2010 08:44:40:559 Options: 0x25 02/11/2010 08:44:40:559 NetpLoadParameters: loading registry parameters... 02/11/2010 08:44:40:559 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2 02/11/2010 08:44:40:559 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2 02/11/2010 08:44:40:559 NetpLoadParameters: status: 0x2 02/11/2010 08:44:40:559 NetpValidateName: checking to see if 'MYDOMAIN' is valid as type 3 name 02/11/2010 08:44:40:668 NetpCheckDomainNameIsValid [ Exists ] for 'MYDOMAIN' returned 0x0 02/11/2010 08:44:40:668 NetpValidateName: name 'MYDOMAIN' is valid for type 3 02/11/2010 08:44:40:668 NetpDsGetDcName: trying to find DC in domain 'MYDOMAIN', flags: 0x40001010 02/11/2010 08:44:41:401 NetpDsGetDcName: failed to find a DC having account 'TONYE-5$': 0x525, last error is 0x0 02/11/2010 08:44:42:134 NetpDsGetDcName: failed to find a DC in the specified domain: 0x54b, last error is 0x0 02/11/2010 08:44:42:134 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x54b 02/11/2010 08:44:42:134 NetpJoinDomainOnDs: Function exits with status of: 0x54b 02/11/2010 08:44:42:134 NetpDoDomainJoin: status: 0x54b 02/11/2010 08:44:42:150 ----------------------------------------------------------------- 02/11/2010 08:44:42:150 NetpDoDomainJoin 02/11/2010 08:44:42:150 NetpMachineValidToJoin: 'TONYE-5' 02/11/2010 08:44:42:150 OS Version: 6.1 02/11/2010 08:44:42:150 Build number: 7600 (7600.win7_rtm.090713-1255) 02/11/2010 08:44:42:150 SKU: Windows 7 Ultimate 02/11/2010 08:44:42:150 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0 02/11/2010 08:44:42:150 NetpGetLsaPrimaryDomain: status: 0x0 02/11/2010 08:44:42:150 NetpMachineValidToJoin: status: 0x0 02/11/2010 08:44:42:150 NetpJoinDomain 02/11/2010 08:44:42:150 Machine: TONYE-5 02/11/2010 08:44:42:150 Domain: MYDOMAIN 02/11/2010 08:44:42:150 MachineAccountOU: (NULL) 02/11/2010 08:44:42:150 Account: MYDOMAIN\administrator 02/11/2010 08:44:42:150 Options: 0x27 02/11/2010 08:44:42:150 NetpLoadParameters: loading registry parameters... 02/11/2010 08:44:42:150 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2 02/11/2010 08:44:42:150 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2 02/11/2010 08:44:42:150 NetpLoadParameters: status: 0x2 02/11/2010 08:44:42:150 NetpValidateName: checking to see if 'MYDOMAIN' is valid as type 3 name 02/11/2010 08:44:42:259 NetpCheckDomainNameIsValid [ Exists ] for 'MYDOMAIN' returned 0x0 02/11/2010 08:44:42:259 NetpValidateName: name 'MYDOMAIN' is valid for type 3 02/11/2010 08:44:42:259 NetpDsGetDcName: trying to find DC in domain 'MYDOMAIN', flags: 0x40001010 02/11/2010 08:44:42:259 NetpDsGetDcName: failed to find a DC in the specified domain: 0x54b, last error is 0x0 02/11/2010 08:44:42:259 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x54b 02/11/2010 08:44:42:259 NetpJoinDomainOnDs: Function exits with status of: 0x54b 02/11/2010 08:44:42:259 NetpDoDomainJoin: status: 0x54b Many thanks in advance. IT Tone
February 17th, 2010 10:32pm

Following further Virtual network testing a WIN 7 box connecting to a 2003 std server in 2000 mixed mode can detect the server's Netbios domain name and join a domain with no registry nor security policy changes. (Out of the box.) However, when a 2003 std server is in Interim mode the Netbios domain name appears to be uncontactable. Any help would be much appreciated. Thanks
Free Windows Admin Tool Kit Click here and download it now
February 18th, 2010 6:01pm

Hi, Please try the following on the Windows 7 client: 1. Click the Start Button, type "gpedit.msc" (without quotation marks) and click OK. 2. In the "Group Policy" window, double click on "Windows Settings" under "Computer Configuration". 3. Double click on "Security Settings"-> "Local Policies"-> "Security Options" 4. In the right panel, double click on the "Network Security: LAN Manager authentication level", please select "Send LM & NTLM Responses". 5. Click Apply and OK. If the issue persists, please also refer to: Error message when you try to join a Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2-based computer to a Windows NT 4.0 domain: "Logon failure: unknown user name or bad password" Hope this helps. Thanks. Nicholas Li - MSFT
February 19th, 2010 2:04pm

Hi Nicolas, Thanks for the input, but have been down that avenue. LM &NTLM, NTLM and LM & NTLM V2 with no success. I believe the root of the problem is an active directory setting on the 2003 server whilst in 2003 interim mode. As I said, in 2000 mixed mode the Win 7 has no problem joining a domain. Both types of 2003 servers are identically configured for network and login settings and security policies. The 2000 mixed is set to NTLM only and Win7 is OK with that. Has anyone managed to join a Windows7 Pro/Ultimate machine to a 2003 std server whilst in INTERIM mode? Tony
Free Windows Admin Tool Kit Click here and download it now
February 19th, 2010 5:49pm

Hi Tony, Thank you for your reply. I think this could not be done. At this time, I still would like to suggest you check the following articles: Error message when you try to join a Windows Vista, Windows Server 2008, Windows 7, or Windows Server 2008 R2-based computer to a Windows NT 4.0 domain: "Logon failure: unknown user name or bad password" Windows NT 4.0 domain join is not supported with Windows 7 and Windows Server 2008 R2 Thanks. Nicholas Li - MSFT
February 22nd, 2010 11:39am

Hi Nicolas Thanks again for input. Is the domain classified as a Windows NT4 domain?...even though the DC server is 2003 standard set in Interim mode (Supporting 2k3 and NT4). Not able to join domain. When Server 2003 standard is setup in a mixed mode, this supports 2k3, NT4 plus 2k and I am able to join my Windows 7 boxes to the domain easily in this mode. I added the win7 machine to the DC, but still unable to join domain. Has anyone else managed to join a windows 7 (pro/ult) box to a 2003 domain in interim mode? Many thanks Tony
Free Windows Admin Tool Kit Click here and download it now
February 22nd, 2010 2:53pm

Has anyone else managed to join a windows 7 (pro/ult) box to a 2003 domain in interim mode? Anyone????
March 7th, 2010 8:18pm

OK Guys, At last, through an elimination process I have found the solution to my problem. I am providing the info for anyone who has/may have this scenario. Yes, it is possible to join a vista/windows7 box to Windows NT domain, 2003 server in interim mode. Microsoft support article. http://support.microsoft.com/default.aspx/kb/2008652?p=1 Tony
Free Windows Admin Tool Kit Click here and download it now
March 11th, 2010 10:22pm

Hi Tony, thank you for your sharing info. Please confirm that Windows 7 pro or Ultimate does join your Windows 2003 interim mode with the existence of windows NT 4 server using the info from the attached microsoft support article on your post. To verify: I need to add the following to the windows 7 registry: Start Registry Editor (Regedit.exe). Locate the following key in the registry: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters If it does not exist, create a new REG_DWORD value named NeutralizeNT4Emulator , and set the value to 0x1 . Quit Registry Editor. Thanks again Tony and hope to receive your confirmation soon.
March 11th, 2010 11:31pm

Hi Nbui, You are correct. Must reboot the windows 7 system following the registry change. The Server 2003 in Interim mode should have two registry entries. NeutalizeNT4Emulator and NT4Emulator, both set to "1". The one causing the failure of Vista and Win7 machines from joining 2003 in interim mode is the NT4Emulator entry on the server. Once all network NT4 machines and NT4 servers have been updated to Win2003, the active directory can be dcpromo'ed to native mode and the two registry values either set to "0" or deleted. The Vista and/or Win7 workstations will then not require the registry hack. However, once the 2003 server has been promoted to native mode and the two registry entries remain as they were, the joining problems will still persist without the registry changes. Best of luck Tony. In IT for 30 years and still learning, instead of retiring!!!!!
Free Windows Admin Tool Kit Click here and download it now
March 12th, 2010 12:31am

Hi Tony. Thanks again for your valuable note. Please help me understand the need to have the NeutralizeNT4Emulator registry entry in the server 2003 in Interim mode. I know that the NeutralizeNT4Emulator registry entry has be entered in the Windows 7 in order to successfully join the Windows 2003 interim mode. Thanks Tony!
March 12th, 2010 1:02am

Hi Guys, I think there is a simple workaround to this. Incidentally I had also tried the NeutralizeNT4Emulator registery key, but that too did not work. Try this option.. its should work.. The first page where you enter the username / password and Domain name to join the domain would remain the way it is. In the next page where it shows you your computer name and Domain, enter the domain name appended with ".LOCAL". That should do the trick. Cheers.
Free Windows Admin Tool Kit Click here and download it now
June 29th, 2010 12:52pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics