> but it will not recognize the domain when login is attempted
Odd. The thing is, our code don't really do the final domain joining part - having precreated the machine account in the domain on the server side, we let the client machine finish the joining process by calling the NetJoinDomain() API. Since we've precreated the account, we call this without supplying any credentials to it, so the machine picks up the precreated account with a temporary default password and then negotiates itself a new one.
We did alter the process slightly from GSS1.x to GSS2.0, but mainly by making the server machine probe the domain for a writeable DC and then use that particular DC all the way through, and to force the use of the DNS-format version of the writable DC's name to avoid some problems where some of APIs appeared to sometimes do the wrong thing if you fed them a NetBIOS name for an AD domain controller.
If you have a machine where this is happening, we should take a look at the
C:\Windows\Debug\NetSetup.LOG file. Also, the system event log on the client machine should have some entries if for some reason the domain controller is rejecting the client machine's attempt to connect to a DC at boot time and authenticate its machine account.