ConnectComputer and Domain-Joining Woes
ByRan across one today that hasn’t been documented to death in the ether, so it’s worth sharing. Bottom line, if you install Windows Sever 2003 SP2 and have ISA on the box, you dang well better follow KB927695 and disable Receive Side Scaling on your NICs. even better, don’t do the hack in the registry, just modify the properties of the NIC to disable the setting. Here’s another reason why:
I was working with someone who was having a number of problems on his new SBS box. We got a number of them fixed, then we were trying to join a workstation to the domain. He had tried many variations of this previously, but all had failed. Once we resolved his IIS issues, we decided to see what would happen with the ConnectComputer wizard.
Problem 1: You can’t get to the ConnectComputer wizard. We continually got a “page cannot be found” error when trying to connect to http://server/conectcomputer, just like the Add Client Workstation wizard says to do. We could access the page at http://internalIP/connectcomputer, but this doesn’t always work, either. We were finally able to get the page to load and at least get through the main portion of the wizard using https://server/connectcomputer/
Problem 2: The ConnectComputer wizard encountered errors and could not complete. This happened at the end of the wizard as it was trying to change network settings to initiate the reboot that would join the machine to the domain, etc., etc., etc. We looked in the client-side log for the ConnectComputer wizard (which is in C:\Program Files\Microsoft Windows Small Business Server\Clients\SBSNetSetup.log, by the way) and found the following error in the log:
NetJoinDomain() failed [1727]
Google found only a few posts about this specific error, mostly having to do with trying to join a workstation over a VPN when ISA is involved. Well, this server had ISA installed, but this is a local workstation and not over a VPN. Also worth noting is that it’s the first workstation to join the domain. But I digress. We followed the advise about turning off Strict RPC checking in ISA (which I regularly forget to do and hate that I have to in the first place) but that had no effect. Just when I was about to punt, I discovered that SP2 had been installed on the box.
Yes, the dreaded Windows 2003 Server SP2. The one that has actually been causing more issues than MS cares to admit right now. And the only reason he installed it when he built the server? Because it was listed in Microsoft Updates through the web, and since it’s up there, it must be safe to install, right? In this case, I certainly wouldn’t have installed it, but that’s just me. Oops, digressing again.
So I reviewed the Official SBS Blog for stuff about SP2 and found the note on the Receive Side Scaling. The server had broadcomm NICs (which have issues in themselves), so I went into the NIC settings through Network Connection Properties and disabled Receive Side Scaling on both the internal and external NIC. Viola! ConnectComputer not only ran successfully, but we were able to access it through http://server/connectcomputer without SSL.
I’ll be darned if I can understand exactly why changing this setting when SP2 and ISA are on the box had this type of impact on local networking, but as soon as I changed it, everything worked. I liken this to the other bizarre resolution where changing the internal name on a security group allows the Connect to the Internet wizard to run correctly (look down at the last entry in the thread for the real resolution) – can’t explain fully why it works, but it does.
Moral of the story – read everything about SP2 on the SBS blog and even if you think you may not be affected, look at each one of the items listed there. Or don’t put SP2 on any of your boxes just yet. The latter is the direction I’m taking when I have an option.
2 Comments
December 19th, 2007 at 9:21 pm
Hi Q,
You are the man, I would love to buy you a drink. I have been wrestling with this for 5 days. Have a Dell PowerEdge with Broadcom NIC’s TOE enabled. I read many references to this being the issue so I got Dell to kick in some Dual ported Intel NICS. First thing I did was to disable the Broadcoms, remove all the drivers and mgmt stuff then connect the Intel cards. Tried connectcomputer wizard with same results. I said &($%%@#%# and decided something must have happened during install with those Broadcoms and decided to rebuild clean with the new Intel NICS.
Tried connectcomptuer wizard and wala … Now I am ready to do 3 SBS installs to clients right? Wrong!!! Because afterwards I continued with all the MS updates (By the way I did the updates before I tried CCW the first time) and tried another computer. Got the page no load and https brought the web page up but errored during installation. Being convinced it was the SP3 for ISA2004 I began my search. Not finding any relevant info, I narrowed down to just connectcomputer wizard and found your beautiful article. I am wondering if 2 Dual Core Processors has any relevance? I think the RSS option apparently is only affected on machines with Dual Processors. I don’t understand it, but would like to know more.
Thanks again!!!!!!!!!!
December 21st, 2007 at 11:14 am
Frank -
Not just dual core, as I’ve seen this on single-core and quad-core boxes (haven’t touched an 8-core box yet, but I expect it would be the same there).
RSS and dual-NIC servers just don’t get along, period. All you can do in this case is disable all of the Scalable Networking pieces. See the post about “How to Install SP2 on SBS 2003″ for the full skinny.