locked
While joining domain pc gives error "RPC server unavilable" RRS feed

  • Question

  • Hi, I am here at univ setup and working on pcs in different classrooms ( different building in the campus) and tryingt o bring them under one domain and manage them using SCCM. I have already added machines sucessfully but some machines are giving error while joinding to AD. It says " RPC server unavilable"..I disabled frewall and tried but same issue. I tried to change the name but then I won't be able to logon to domain. I can ping AD from client.

    My server is running on windows 2003 std and all clients are XP. DNS and AD are on same machine and my domain is in one subnet (Private ).

    I checked my DNS and AD and no error, I run DCDIAG and netdiag and don't see any error reported.Everything is passed.

    So I am not sure what can be possible cause..any suggestions could be helpful.

    Also, my network guys are proving me DHCP and they have added my DNS to the DHCP server.

    Thanks.

    Thursday, May 6, 2010 7:45 PM

Answers

  • It sounds like the firewall might be the answer - especially if it's blocking Port 135.

    You can use the portqry.exe tool to check for connectivity.

    http://support.microsoft.com/kb/832919

    You might also need to check the high ports (1024 - 65535) are open through the firewall for the RPC port assignments.

    Tony

     

    • Marked as answer by schitte2009 Monday, May 10, 2010 10:25 PM
    Sunday, May 9, 2010 12:41 AM

All replies

  • Anything more in the %systemroot%\debug\netsetup.log file on the workstations on which you see the error?

    Also check that the account you are using to do the domain join has local admins permissions on the workstation.

    Tony

    Thursday, May 6, 2010 8:35 PM
  • I am using domain admin account to join the domain. I thought domain admin account is good enough. I will try.Thanks.
    Friday, May 7, 2010 12:13 AM
  • Here is the log file from client PC (netsetup.log)

    05/07 12:40:04 -----------------------------------------------------------------
    05/07 12:40:04 NetpValidateName: checking to see if 'ad.ctl-ad' is valid as type 3 name
    05/07 12:40:04 NetpCheckDomainNameIsValid [ Exists ] for 'ad.ctl-ad' returned 0x0
    05/07 12:40:04 NetpValidateName: name 'ad.ctl-ad' is valid for type 3
    05/07 12:40:22 -----------------------------------------------------------------
    05/07 12:40:22 NetpDoDomainJoin
    05/07 12:40:22 NetpMachineValidToJoin: 'DH354'
    05/07 12:40:22 NetpGetLsaPrimaryDomain: status: 0x0
    05/07 12:40:22 NetpMachineValidToJoin: status: 0x0
    05/07 12:40:22 NetpJoinDomain
    05/07 12:40:22  Machine: DH354
    05/07 12:40:22  Domain: ad.ctl-ad
    05/07 12:40:22  MachineAccountOU: (NULL)
    05/07 12:40:22  Account: ad.ctl-ad\administrator
    05/07 12:40:22  Options: 0x25
    05/07 12:40:22  OS Version: 5.1
    05/07 12:40:22  Build number: 2600
    05/07 12:40:22  ServicePack: Service Pack 3
    05/07 12:40:22 NetpValidateName: checking to see if 'ad.ctl-ad' is valid as type 3 name
    05/07 12:40:23 NetpCheckDomainNameIsValid [ Exists ] for 'ad.ctl-ad' returned 0x0
    05/07 12:40:23 NetpValidateName: name 'ad.ctl-ad' is valid for type 3
    05/07 12:40:23 NetpDsGetDcName: trying to find DC in domain 'ad.ctl-ad', flags: 0x1020
    05/07 12:40:28 NetpDsGetDcName: failed to find a DC having account 'DH354$': 0x525
    05/07 12:40:28 NetpDsGetDcName: found DC '\\domaincontrolle.ad.ctl-ad' in the specified domain
    05/07 12:40:28 NetpJoinDomain: status of connecting to dc '\\domaincontrolle.ad.ctl-ad': 0x0
    05/07 12:40:28 NetpGetLsaPrimaryDomain: status: 0x0
    05/07 12:40:28 NetpGetDnsHostName: Read NV Hostname: DH354
    05/07 12:40:28 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: ad.ctl-ad
    05/07 12:40:28 NetpLsaOpenSecret: status: 0xc0000034
    05/07 12:40:28 NetpGetLsaPrimaryDomain: status: 0x0
    05/07 12:40:28 NetpLsaOpenSecret: status: 0xc0000034
    05/07 12:40:29 NetpJoinDomain: status of setting machine password: 0x0
    05/07 12:40:50 NetpGetComputerObjectDn: Unable to bind to DS on '\\domaincontrolle.ad.ctl-ad': 0x6ba
    05/07 12:40:50 NetpSetDnsHostNameAndSpn: NetpGetComputerObjectDn failed: 0x6ba
    05/07 12:40:50 ldap_unbind status: 0x0
    05/07 12:40:50 NetpJoinDomain: status of setting DnsHostName and SPN: 0x6ba
    05/07 12:40:50 NetpJoinDomain: initiaing a rollback due to earlier errors
    05/07 12:40:50 NetpLsaOpenSecret: status: 0x0
    05/07 12:40:50 NetpJoinDomain: rollback: status of deleting secret: 0x0
    05/07 12:40:50 NetpJoinDomain: status of disconnecting from '\\domaincontrolle.ad.ctl-ad': 0x0
    05/07 12:40:50 NetpDoDomainJoin: status: 0x6ba
    05/07 12:40:50 -----------------------------------------------------------------
    05/07 12:40:50 NetpDoDomainJoin
    05/07 12:40:50 NetpMachineValidToJoin: 'DH354'
    05/07 12:40:50 NetpGetLsaPrimaryDomain: status: 0x0
    05/07 12:40:50 NetpMachineValidToJoin: status: 0x0
    05/07 12:40:50 NetpJoinDomain
    05/07 12:40:50  Machine: DH354
    05/07 12:40:50  Domain: ad.ctl-ad
    05/07 12:40:50  MachineAccountOU: (NULL)
    05/07 12:40:50  Account: ad.ctl-ad\administrator
    05/07 12:40:50  Options: 0x27
    05/07 12:40:50  OS Version: 5.1
    05/07 12:40:50  Build number: 2600
    05/07 12:40:50  ServicePack: Service Pack 3
    05/07 12:40:50 NetpValidateName: checking to see if 'ad.ctl-ad' is valid as type 3 name
    05/07 12:40:50 NetpCheckDomainNameIsValid [ Exists ] for 'ad.ctl-ad' returned 0x0
    05/07 12:40:50 NetpValidateName: name 'ad.ctl-ad' is valid for type 3
    05/07 12:40:50 NetpDsGetDcName: trying to find DC in domain 'ad.ctl-ad', flags: 0x1020
    05/07 12:40:50 NetpDsGetDcName: found DC '\\domaincontrolle.ad.ctl-ad' in the specified domain
    05/07 12:40:50 NetpJoinDomain: status of connecting to dc '\\domaincontrolle.ad.ctl-ad': 0x0
    05/07 12:40:50 NetpGetLsaPrimaryDomain: status: 0x0
    05/07 12:40:50 NetpGetDnsHostName: Read NV Hostname: DH354
    05/07 12:40:50 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: ad.ctl-ad
    05/07 12:40:50 NetpLsaOpenSecret: status: 0xc0000034
    05/07 12:40:50 NetpGetLsaPrimaryDomain: status: 0x0
    05/07 12:40:50 NetpLsaOpenSecret: status: 0xc0000034
    05/07 12:40:51 NetpManageMachineAccountWithSid: NetUserAdd on '\\domaincontrolle.ad.ctl-ad' for 'DH354$' failed: 0x8b0
    05/07 12:40:51 NetpManageMachineAccountWithSid: status of attempting to set password on '\\domaincontrolle.ad.ctl-ad' for 'DH354$': 0x0
    05/07 12:40:51 NetpJoinDomain: status of creating account: 0x0
    05/07 12:41:12 NetpGetComputerObjectDn: Unable to bind to DS on '\\domaincontrolle.ad.ctl-ad': 0x6ba
    05/07 12:41:12 NetpSetDnsHostNameAndSpn: NetpGetComputerObjectDn failed: 0x6ba
    05/07 12:41:12 ldap_unbind status: 0x0
    05/07 12:41:12 NetpJoinDomain: status of setting DnsHostName and SPN: 0x6ba
    05/07 12:41:12 NetpJoinDomain: initiaing a rollback due to earlier errors
    05/07 12:41:12 NetpGetLsaPrimaryDomain: status: 0x0
    05/07 12:41:12 NetpManageMachineAccountWithSid: status of disabling account 'DH354$' on '\\domaincontrolle.ad.ctl-ad': 0x0
    05/07 12:41:12 NetpJoinDomain: rollback: status of deleting computer account: 0x0
    05/07 12:41:12 NetpLsaOpenSecret: status: 0x0
    05/07 12:41:12 NetpJoinDomain: rollback: status of deleting secret: 0x0
    05/07 12:41:12 NetpJoinDomain: status of disconnecting from '\\domaincontrolle.ad.ctl-ad': 0x0
    05/07 12:41:12 NetpDoDomainJoin: status: 0x6ba

    Thanks.

     

    Friday, May 7, 2010 4:46 PM
  • Can you check whether there is time difference of greater than 5 mins between the workstation and the DC.  Also check to see that the netlogon service on the workstation is not disabled.

    What method are you using to do the domain join?  In other words are you using the UI or netdom?  Maybe try whichever method you are not using currently.

    Does the computer object already exist in the target OU in AD?

    Tony

    Saturday, May 8, 2010 8:02 PM
  • I have checked the time...there may be 2 /3 minutes difference but not 5 minutes..Netlogon service is not disabled..I checked it

    I user GUI to join domain..not netdom command.So I can give a try with command line.

    The computer object is not there..when I try to add, it does create computer object with the name under computer container but there is red cross later....so it is not created properly.

    Just tolet you know our network admin uses a firewall router to set up this VLAN for us...I am not sure what all ports they have opened for me..port 135 is for RPC service and I am not sure if they block/open it...our network admins are not much experienced wid MS sever and AD technology.

    Thanks Tony...

    Saturday, May 8, 2010 11:36 PM
  • It sounds like the firewall might be the answer - especially if it's blocking Port 135.

    You can use the portqry.exe tool to check for connectivity.

    http://support.microsoft.com/kb/832919

    You might also need to check the high ports (1024 - 65535) are open through the firewall for the RPC port assignments.

    Tony

     

    • Marked as answer by schitte2009 Monday, May 10, 2010 10:25 PM
    Sunday, May 9, 2010 12:41 AM
  • Thanks  Tony...I am now seeing some lights ...I was kind of sure as my DC is not reporting any error...there is no error in DNS event log as well.

    I will use portqry.exe for making sure traffic is blocked and connectivity.

    I have to give my network admin speicif example to show why I need the port open..to deal with all these people are more critical than troubleshooting.

    Anyway, thanks and I will update what I findout.

     

    Sunday, May 9, 2010 1:22 AM
  • Hi Tony

    Here is what I get when I run portqry command. This is from one of the pc which is already part of domain.

    Microsoft Windows XP [Version 5.1.2600]
    (C) Copyright 1985-2001 Microsoft Corp.

    C:\Documents and Settings\administrator.AD>cd..

    C:\Documents and Settings>cd..

    C:\>portqry -n domaincontrolle.ad.ctl-ad -p udp -e 135
    'portqry' is not recognized as an internal or external command,
    operable program or batch file.

    C:\>cd portqry
    The system cannot find the path specified.

    C:\>cd portqryv2

    C:\PortQryV2>portqry -n domaincontrolle.ad.ctl-ad -p udp -e 135

    Querying target system called:

     domaincontrolle.ad.ctl-ad

    Attempting to resolve name to IP address...


    Name resolved to 192.168.254.9

    querying...

    UDP port 135 (epmap service): NOT LISTENING

    C:\PortQryV2>

    ---------------------------------------------------------

    Thanks...

    Monday, May 10, 2010 1:40 PM
  • What happens when you change udp to tcp in your command line?

    Tony

    Monday, May 10, 2010 8:29 PM
  • HI Tony

    resolved..I talked to my network guy and he opened port 135..it was blocked.

    Now everything is fine..

    Thanks for your comments and advice.

    Monday, May 10, 2010 10:25 PM