Article ID: 306849
Article Last Modified on 9/14/2007
APPLIES TO
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Professional Edition
This article was previously published under Q306849
SYMPTOMS
You use Remote Installation Services or the Pre-Boot eXecution Environment (PXE) to install clients and you use valid domain administrator credentials. However, when a client computer tries to complete a remote installation, the installation is not successful and you receive the following message in the Client Installation Wizard:
CAUSE
This problem may occur if you upgrade a Microsoft Windows NT 4.0 primary domain controller (PDC) to Windows 2000 and the NetBIOS name of the Windows NT 4.0 domain contains a period. For example, the Windows NT 4.0 domain name may be risdomain.com
instead of risdomain
. When you upgrade to Windows 2000, Windows 2000 automatically appends ".com" to the fully qualified domain name (FQDN).
RESOLUTION
To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
WORKAROUND
If your domain is a mixed-mode domain, you can work around this problem by changing the NetBIOS domain name and demoting the Windows 2000 domain controller to a member server.
To work around this problem, follow these steps:
- Install a Windows NT 4.0 backup domain controller (BDC).
- Remove the network cable to take the BDC offline.
- Click Start, point to Programs, point to Administrative Tools, and then click Server Manager.
- Click the BDC.
- On the Computer menu, click Promote to Primary Domain Controller.
- Quit Server Manager.
- On the desktop, right-click Network Neighborhood, and then click Properties.
- On the Identification tab, click Change.
- Rename the NetBIOS domain name to match the part of the FQDN before the period.
Important Do not include the part of the FQDN that begins with the period.
- Click Start, click Run, type dcpromo, and then click OK to start the Active Directory Installation Wizard.
- Follow the instructions in the wizard to demote the Windows 2000 domain controller to a member server. Do this on each Windows 2000 domain controller.
- Restart the remote client computers.
- When each remote client begins the installation process, enter the new NetBIOS domain name.
Note If your domain is in native mode, you cannot revert to mixed mode to perform the following steps. To use Remote Installation Services in a native-mode domain, perform one of the following procedures:
- Install Remote Installation Services to a domain controller and do not enter the domain name for PXE clients.
-or-
- Follow these steps:
- Install a Remote Installation Services server in a separate domain.
- Establish a two-way explicit connection between the Remote Installation Services domain and your production domain.
- When the client begins Remote Installation Services installation, enter the name of your production domain.
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.
MORE INFORMATION
The Boot Information Negotiation Layer service (BINLSVC) requires that the domain name of the Remote Installation Services security package corresponds to the domain name that the user enters. Authentication is not successful if any one of the following conditions is true:
- You enter a domain name that does not end with ".com," such as
risdomain
. This domain name is not valid because the NetBIOS domain name isrisdomain.com
. - You enter the correct FQDN or NetBIOS domain name,
risdomain.com
. Authentication is not successful because the security package truncates the NetBIOS domain name at the period before it is passed to BINLSVC. When BINLSVC checks the domain name, it compares the domain you enter with the NetBIOS domain name it retrieves from the security package,risdomain
. Because the security package truncates the NetBIOS domain name after the period, BINLSVC does not permit authentication because the domain names do not match. - You do not enter a domain name. BINLSVC automatically passes the FQDN form of the domain name
risdomain.com
to the domain controller.
To determine what is your problem, follow these steps:
- On the PDC emulator computer, click Start, click Run, type cmd, and then click OK to open a command prompt.
- Move to the Support Tools folder.
- Type netdiag.exe -v, and then press ENTER.
- View the section Domain membership test.
For example, if you use risdomain.com
, the output is similar to the following:
Domain membership test . . . . . . :Passed Machine is a . . . . . . . . . : Primary Domain Controller Emulator Netbios Domain name. . . . . . : risdomain.COM Dns domain name. . . . . . . . : risdomain.com Dns forest name. . . . . . . . : risdomain.com
If the NetBIOS domain name is different from the FQDN, the output is similar to the following:
Domain membership test . . . . . . : Passed Machine is a . . . . . . . . . : Primary Domain Controller Emulator Netbios Domain name. . . . . . : ris Dns domain name. . . . . . . . : risdomain.com Dns forest name. . . . . . . . : risdomain.com
The Network Diagnostics Tool (Netdiag) is included with the Windows 2000 Support Tools. To install the Support Tools, run Setup.exe from the Support\Tools folder on the Windows 2000 CD-ROM. To download Netdiag, visit the following Microsoft Web site:
Note Before you use Netdiag to test network connectivity, TCP/IP must be bound to one or more network adapters.
Additional query words: message dot
Keywords: kbhotfixserver kbqfe kbbug kbfix kbsetup kbwin2000sp3fix KB306849