Topic: Win 7 joining SME Domain but cant add uers to domain. Trust Relationship issue

[borries]

Hi All

Two of our users upgraded their pc's to Win 7 and I struggled to join them to the domain. In Win 7 I did the following:

1. Next the Win 7 client needs to have 2 registry keys added.

HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Paramaters
DWORD DomainCompatabilityMode = 1
DWORD DNSNameResolutionRequired = 0

2. The following key needs to be changed or you will receive an error when trying to login using a domain account of " The trust relationship between this workstation and the primary domain controller failed."

HKLM\System\CurrentControlSet\Services\Netlogon\Paramaters
RequireStrongKey = 0

I did all of the above and I was able to join the domain but when I try to add users to the domain from the workstation I still get the trust relationship error message. I have tried to remove the client from the domain and add it again but I still get the same error message. Even when I log in as administrator I get this error message when I want to add the user from the client.

Please help?

Regards

Thian

[Stefano]

SME7 doesn't support Windows 7 domain clients

You have to move to/wait for SME8

[borries]

Hi Stefano

How do I move to SME 8.0? Do I need to reinstall or can we just upgrade? Please let me know how it works because I dont want to lose all of our configurations?

Regards

Thian

[Stefano]

Hi

are you using many contribs?

anyway, you should read here
I suggest you to test it a little and to thest the upgrading path and the joining procedure

if you find any issue, please report in bugzilla, thank you

[borries]

Thanx Stefano

Will I lose any of the configurations on our current SME 7.4 Server?

Please let me know?

Regards

Thian

[Stefano]

Will I lose any of the configurations on our current SME 7.4 Server?

No, you should't.. anyway, even if SME8 is quite stable at this moment, you should always test the upgrade..
I suggest you to create a virtual SME7, restore in it a full backup, try the upgrade (be sure you use a different network, better if a virtual natted one)

report in bugzilla any issue, thank you

[byte]

Will I lose any of the configurations on our current SME 7.4 Server?

I've tested various upgrades from SME Server 7.2, 7.3, 7.4 and 7.5.1 to the latest SME Server 8bx and assuming you have no custom-templates and/or contribs you will find your upgrade will go just fine.  If, however you have some custom-templates and/or contribs it will need testing as Stefano suggested.

Always make sure you take a good backup before attempting a major upgrade

Thanks.

[byte]

Hi All

Two of our users upgraded their pc's to Win 7 and I struggled to join them to the domain. In Win 7 I did the following:

1. Next the Win 7 client needs to have 2 registry keys added.

HKLM\System\CurrentControlSet\Services\LanmanWorkstation\Paramaters
DWORD DomainCompatabilityMode = 1
DWORD DNSNameResolutionRequired = 0

2. The following key needs to be changed or you will receive an error when trying to login using a domain account of " The trust relationship between this workstation and the primary domain controller failed."

HKLM\System\CurrentControlSet\Services\Netlogon\Paramaters
RequireStrongKey = 0

With SME Server 8bx we have provided the necessary registry keys in:

/home/e-smith/files/server-resources/regedit

So no manual editing of the Windows 7 is required

Thanks.

[Stefano]

sorry to reopen such an old topic but..

is the registry hack still necessary with SME 8.b6?

TIA

[bangkero]

Hi Stefano,

I just clean installed sme server 8 beta 6 however, windows 7 user still can't join to the domain?  What else do I need to do?

Regards

[janet]

bangkero

Did you run the registry key setting change on your windows 7 PC workstation as mentioned in this very thread ?
ie
With SME Server 8bx we have provided the necessary registry keys in:
/home/e-smith/files/server-resources/regedit
So no manual editing of the Windows 7 is required

You can access it from a web browser using
http://smeservername/server-resources/regedit/
ie win7samba.reg
(replace smeservername with the name of your sme server)

Copy win7samba.reg to your windows workstation and double click on the reg file to add it to the registry.
In Win 7 you may need to allow registry editing, as there is lot's of security enabled by default.

In another thread you say you are trying to join a windows server to a sme server domain, is the Windows 7 machine a server or a workstation ?

[bangkero]

bangkero

Did you run the registry key setting change on your windows 7 PC workstation as mentioned in this very thread ?
ie
With SME Server 8bx we have provided the necessary registry keys in:
/home/e-smith/files/server-resources/regedit
So no manual editing of the Windows 7 is required

You can access it from a web browser using
http://smeservername/server-resources/regedit/
ie win7samba.reg
(replace smeservername with the name of your sme server)

Copy win7samba.reg to your windows workstation and double click on the reg file to add it to the registry.
In Win 7 you may need to allow registry editing, as there is lot's of security enabled by default.

In another thread you say you are trying to join a windows server to a sme server domain, is the Windows 7 machine a server or a workstation ?

hi mary,

i follow exactly on your instructions and my windows 7 machine is now able to join the domain.  many thanks to you

another question though, why is it my server setting was "server-only" and everytime my server is off, everybody on the wired network can't access the internet.  however, wireless network can still access the internet.

[janet]

bangkero

Please start a new thread on the topic, and provide many more details about your network configuration, eg what other routers etc, how is the system connected to the internet, any other servers etc etc etc

Please think about how you asked your question ie you have given us very little information about your setup and you expect us to know the answer by using our crystal ball !

[steep]

I am running SME 8.0beta7 and have installed the registry key from server-resources on my Win7 machine as instructed in this thread, however I am still getting domain trust issue errors when trying to log in with a domain account. Could I have another registry setting that is preventing a trust relationship?

[axessit]

Try the following

With Win7 workstation not joined to the domain,

Gpedit.msc:

Computer|Windows Settings|Security Settings|Local Policies|Security Options
-Network Security: LAN Manager Auth. Level: Send LM&NTLM use NTLMv2 session sec. if negotiated
-Network Security: Minimum session...both clients and servr: NO Required 128b encryption

Computer|Admin.Templates|System|User Profiles|
-Do not check for user ownership of roaming profile: Enabled
-Delete cache copies of roaming profile: Enabled

Reboot and now Win7 can join the domain and it should fix trusted domain issues, along with the above re hacks (courtesy of the server-resources file).