As you all know, I am the proud owner of a brand, spanking new HP Proliant running SBS2003. Things have been busy around here so I hadn't got around to setting up client computer accounts and then adding computers to my domain before tonight.
I nearly messed up big time. Setting up the user accounts was easy. Setting up the client computer accounts was easy. Going to connectcomputer and adding the first computer to the domain was easy... the reboot and installation of applications was not ... because I forgot to disable Trend PC-Cillin Internet Security beforehand. The PC hung at 'applying computer settings' and would only successfully boot into safe mode.
Talk about feeling like an absolute idiot ... I have *always* stressed how important it is to disable antivirus when installing software... it simply didn't occur to me that Trend (likely the firewall) would block adding the computer to the domain... damn it, I should be better than this. I should have been warned by the two firewall prompts before reboot.. but silly me though that accepting those two prompts before the reboot would be sufficient to allow the process to conclude successfully.
Anyway, I sat there scratching my head and fretting.. do I power off? Leave it stuck where it is until one of my two friendly SBS experts comes online? They, unlike me, have a life therefore I had no idea how long that would be. Stuff it, says me, I'll try to fix things... its only my jukebox PC therefore if I have to reformat, no big deal (although I do cringe at the thought of having to rebuild... hundreds of copy CDs... specialised surround sound software... lots of tweaks...).
Ok, force the power off and reboot in safe mode.
Disabling Trend's only startup entry in msconfig then restarting didn't work.
Disabling all other third party applications startups in msconfig then restarting didn't work.
The only thing that worked was to disable all Trend related services via services.msc. *That* allowed the process to complete.. a couple of reboots.. install the client applications and I was done (relieved). Damn, I was lucky. Its just as well SBS is very tolerant of such boo-boo's and multiple forced power offs - many other applications wouldn't be - you'd be looking at a fried machine.
There is still a bit of a mess to clean up - there was an error about being unable to delete the _sbs_netsetup__ user account, and in Server Management there was an aberrant entry under the old name for the PC I'd just added to the domain - I deleted that entry but Server Management threw an error about being unable to delete the entry and to please use "Active Directory Users and Computers" to delete it (despite it being gone from the client computer list). I'm not sure how to delete the _sbs_netsetup__ account on the PC - certainly it has a presence in "Documents and Settings", but there is nothing under Users in Control Panel. Edit re deleting _sbs_netsetup__: One of my knights-in-shining-armour came to my rescue - right click "My Computer", select "Properties", navigate to the "Advanced" tab, select "User Profiles", select "Unknown Account", delete.
I have no idea what other damage I may have done by leaving Trend enabled - only time will tell ... it reminds me of how I got into this MVP gig in the first place... left my AV running when installing a free copy of Outlook 95?98? way back then, totally wrecking some software in the process.. being the stubborn type I wouldn't reformat and was determined to fix things.. the rest is history.
Lesson learned - uninstall Trend PC-Cillin Internet Security COMPLETELY before trying to add a computer to a domain... don't just stop it from loading .. disable all Trend Services. In fact, I'd extend that to say disable *any* firewall that may be running on the PC being added it to a domain, assuming of course that you are otherwise protected by ISA or a hardware firewall (such as on your router).
I'll admit to being uncomfortable with no Trend firewall on my internal network - if a virus, trojan or malware of some type gets onto a PC in my network via, for example, somebody clicking on something in an email, my router firewall is *not* going to stop that nasty from bouncing from PC to PC on my internal network.. gotta look into that.