"The Computer Cannot Join an Array" Error Message and Error Code 0x8007203a Logged When You Try to Install ISA Server 2000 Enterprise Edition

When you try to perform an array-mode installation of Microsoft Internet Security and Acceleration (ISA) Server 2000 Enterprise Edition, you may receive the following error message during the Enterprise Initialization process:When you click OK, Setup quits.

If you perform the ISA Server 2000 Schema update on a domain controller, and then try to install ISA Server 2000 on a member server, you may receive the following error message: Additionally, you may notice information similar to the following in the ISA Server Setup log file (Isas.log):

This behavior may occur if you try to install ISA Server in a domain that has a disjoined Domain Name System (DNS) namespace. Instead of using Active Directory namespace (for example, example.com), ISA Server Setup uses the registered namespace of the computer on which you try to install it (for example, domain.com) to access Active Directory, and is unsuccessful.

ISA Server 2000 (both the Setup portion and the general program operation) does not work when you use a different DNS namespace than that of the domain to which it belongs.

To work around this problem, register the same DNS namespace on the member server on which you want to install ISA Server 2000, as that of Active Directory.

Microsoft has confirmed that this is a problem in Microsoft Internet Security and Acceleration Server 2000.

The following example describes this issue in more detail:

1. Configure a Windows 2000 Server as a new domain controller for a new domain named example.com.
2. Start the DNS snap-in and create a new primary DNS zone (in addition to the DNS zone for example.com) with a namespace of domain.com.
3. Configure a member server to use this new DNS namespace. To do so:
   1. On the member server, right-click My Computer and then click Properties.
   2. Click the Network Identification tab, and then click Properties.
   3. Click More, and then type domain.com in the Primary DNS suffix of this computer box.
   4. Click to clear the Change primary DNS suffix when domain membership changes check box and then click OK.
   5. Click OK, and then restart the computer when prompted.
4. Join the member server to the Example.com domain.
5. On the domain controller, run the ISA Server Enterprise Initialization portion of Setup.
6. When Active Directory schema has been successfully updated, run the Install ISA Server portion of Setup on the member server whose domain namespace you changed to domain.com.

The installation of ISA Server 2000 will be unsuccessful on this member server because ISA Server 2000 Setup queries the DNS that is specified in the TCP/IP properties of the member server (in this case, that of domain.com) to obtain service records like LDAP and Kerberos. However, because these records do not exist in the domain.com zone, but are registered in the example.com zone, Setup is unsuccessful.

For additional information about other issues that may prevent ISA Server 2000 from querying Active Directory, click the following article number to view the article in the Microsoft Knowledge Base: