Re: XEN preventing W2K3 Server from joining AD domain?

[Jean-Yves Migeon <jeanyves.migeon%free.fr@localhost>]

On 17.12.2010 18:39, Doug Sampson wrote:
> The Xen server is in a private network using 192.168.101.x/24 subnet and
> has a static address. The Windows is also in the same subnet and also
> has a different static address. The IP address of the Xen server has
> been entered into our DNS servers but the Windows server hasn't because
> when the Windows server is joined to the domain, an A record is
> automatically created in the DNS infrastructure.
> 
> I've turned off the Windows firewall on the Windows server to eliminate
> a potential issue for the time being but still I cannot join the domain.
> I can ping both IP addresses successfully. I can access the IIS (web)
> server on the Windows server. I'm wondering if there's anything that
> Windows may be doing to prevent the Windows server from joining? Like
> the MAC address of 00:16:3e:xx:xx:xx? Would it make a difference if the
> xmldomain.cfg contained an IP address instead of a MAC address?

Not in this case.

> Content
> of "xmldomain.cfg as follows:
Looks fine at first glance.

> I've considered changing from a bridge to a router but I wanted to be
> sure I've covered all possibilities using the bridge before looking into
> the router mode. I also have a few Windows 2003 servers that have
> successfully joined the AD domain as member servers.

There are a few things that could come into effect. The best way to know
what is happening (at a connection level) is to quickly tcpdump trafic
from your AD to your virtualized Windows server, and see if it goes
through when authenticating to domain.

# tcpdump -ni <egress-interface> ether host 00:16:3e:00:00:13

If yes, check the date in the windows server. In virtualized
environments, clock skew can be important, and as AD has some Kerberos
thrown in (although I am not familiar with the implementation), too much
drift is likely to make the join fail.

-- 
Jean-Yves Migeon
jeanyves.migeon%free.fr@localhost