This is a W2K3 Standard server joining a 2003 functional level forest. We have a number of DMZ's here. All with different ACL's that our security group manages. We just built a few machines in one of them and can't join one of our domains from there. I know it's a firewall issue because we can join it to a different domain from there successfully. But I'd love to be able to go to the security group with the specific port/ports that need to be opened. The symptoms. When you put in the domain name on the client to join the domain, it prompts you for credentials, it eventually comes back with this error:
"There are no more endpoints available from the endpoint mapper" The NetSetup.log file shows this: 05/19 16:50:17 NetpGetComputerObjectDn: Unable to bind to DS on '\\MYDC1.SomeDomain.com': 0x6d9 I've verified the following ports using Telnet from the client to the DC it's validating against: 135 389 636 3268 53 445 I have Googled and found a number of hits that talk about RPC communication, but I see nothing to indicate that is the issue. I also can successfully map to the IPC$ of the DC from the client. For example this works: Net Use \\mydc1\ipc$ I setup Network Monitor on the client and was hoping to see some re-transmit's on a specific port. But no luck. I'm definitely not the best at evaluating a capture, but it seems OK. I see the Kerberos communication, and don't see any errors there. Also the computer account does get created in the domain, but there is a circle with a red "X" over the computer icon in Users and Computers (meaning it's disabled). If I enable the computer account and try it again, same thing happens. Any help is appreciated. Thanks Chris Bodnar, MCSE Sr. Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: [email protected] Phone: 610-807-6459 Fax: 610-807-6003 ----------------------------------------- This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
