We help IT Professionals succeed at work.

A domain controller for your domain could not be contacted

Ravelin asked
Last Modified: 2013-12-14
I have setup 2 standalone NT servers.
I add them to the domain from the network properties page of the respective servers. Using create a computer account in the domain.
It says welcome to domain kursus, and ask for a reboot.
After rebooting it says "topic" and I log in.
I have remembered to remove them from the server manager and even waited a whole day after doing the syncronisation.

It is highlighted in server manager as been online but when I try to view properties for it, it responds with: Access Denied.

The other way around I can see the properties fine from the standalone server except for the other standalone server.

I have even tried renaming the one server because I thought it might be some leftovers in the DC's list.
Watch Question


You need a domain controller if you're adding machines to a domain !
Does IP work OK ?
Are these machines connected with a crossover cable ?
Member servers need a domain...

Delete those machines from PDC using server manager, then re-add them again manually

What service pack is installed? In technet there is an article about this. Unfortunately I can not find the Q number at the moment. It says to reinstall the service pack. We had a similar situation here on a couple workstations and this resolved the issue.


I already have 1 PDC and 2 BDC's for the domain.
I can ping the machines fine no problem there, and they even show up in server manager.
I have tried to remove one of them from the domain and keep it powered off for a whole day, even renaming it to be sure that there are no problems regarding name mistakes and SID and stuff.
There is installed SP5 on all the servers several times to make sure.
Thanks for the comments BTW


BTW machines are connected through a 100Mbit switch.
Lee W, MVPTechnology and Business Process Advisor
Most Valuable Expert 2013

If you can, reboot the PDC - I had a problem recently establishing a trust between two PDCs and upon rebooting one, the problem went away.  (Actually, I had them bring their entire domain down, then turn the PDC on then the BDC and I was then able to establish the trust).  The error I had been recieving was "No Domain Server available to validate your password".

Have you added the Domain Admins group to the local Administrators group in the standalone servers?

It sounds like it could be a permissions problem.


leew : I might try that but will have to find a suitable time for this ofcourse.

BareFoot : No I haven't but I definatly will try that.

What _exactly_ is the problem, except for you not being able to manage them using server manager (remotely) - because the answer to that problem is, as BareFoot said, adding the Domain Admins to the administrators group.

Do you have ANOTHER problem?


I can't add the domain admin group to the local administrators group, because as soon as I join the domain and restart it says that it cannot find the domain controller and therefore I can't get to the SAM database.

However strangely enough, I have no problem accessing the SAM database from the domain when the server is set to be in a workgroup.
This one is on us!
(Get your first solution completely free - no credit card required)

You need either LMHOSTS or WINS to do domain resolution.

Is this setup?


During a nbtstat -a here is some of the suspecious looking entries.

What I don't understand are these statements:

Domain  <1C> GROUP  Conflict

And this one?

Inet~Services  <1C> GROUP  Conflict

I have both Wins and LMHOST in place.


I have stopped all IIS services on the PDC and now only
DOMAIN <1C> GROUP Conflict

I think the solution is nearing, please respond since I am starting on a new job on Wednesday and would like to have this cleared out before I leave....


As an additional info the Wins database list the following on the domain name:




Hope somebody can find the error in some of this...


Holy smokes it worked!!!
Ofcourse I have no idea of what did it, but I still have one last stand-alone server, where I will go more systematicly forward.

1C registers the computer as a domain controller.
1B registers it as the domain master browser (which only a domain controller can be)
00 Registers the workstation service
1E is there to facilitate browser elections

You SHOULD find a 1C in there for IP_PDC.

If the PDC is not working/not visible, you won't be able to add machines to the domain, as you can only do this with a PDC, not a BDC.

The 1C conflicts you've been picked up suggests there are two domain controllers with the same name.


Is your WINS server multihomed ?
Are your PDC / BDCs multimhomed - in which case do their WINS entries reflect this ?
There are issues with this, such as NetBIOS can only be bound to one interface per machine...

Can you add other machines to the domain OK ?

From a failing machine, can you NBTSTAT to view resources on the domain controller OK - ie NBTSTAT -a PDC, or NBTSTAT -A PDC's_ipaddress

It may help if you remove and reinstall NetBIOS on failing machines (control panel > network).



It was the conflict appearently.
I disabled all IIS related services and it worked.

Thanks alot for the help...


Worked a little further on it, and it worked.
I don't know what exeactly caused the problem but it is fixed now.

Out of curiosity, did you have another IP address bound for usage for IIS? i.e., a virtual ip-based host (as opposed to name-based).


I don't know what you mean.
It was reached on the same IP as the normal server IP...

It still says conflict under the domain?? Shouldn't it say Registered?

You can bind several IP addresses to one NIC in order
to allow virtual hosting (i.e., you would register several domain names on the zone file (DNS), then have each one point to another IP address. That way the HTTPD server would know what address it needs to host by the IP address used to reach it - today virtual name-based hosting is more common anyhow).

Post your relevant WINS entries again, plus
nbtstat -a output.


Sorry I didn't see Tim's question...

None of my systems are multihomed.
I can do the nbtstat -a PDC fine, but it does list that conflict :-(

I do not however have anything else but TCP/IP installed on any of the machines.
Do I HAVE to have netbeui installed on the PDC which is WINS and DHCP at the same time?

To my knowledge there isn't a server name conflict.

I haven't tried to remove and add others because i am afraid it won't work. And as said I don't work there anymore, so it isn't as easy to fix.
I would just try to know whats causing this.

When you say Netbios, do you then mean netBEUI?

>It says welcome to domain kursus, and >ask for a reboot.
>After rebooting it says "topic" and I >log in.

Going back a bit - so when you add the computer to domain kursus, and reboot, the domain 'topic' is listed instead ?

When I say NetBIOS, I mean NetBIOS - it sits on top of either TCP/IP, NetBEUI or NWLink to perform 'day-to-day' SMB operations.

It's a component you can add and remove within the network applet.


When I start the server up in a workgroup there isn't a problem finding the domain controller, at least viewing the users in the domain.
When I then afterwards add it to the domain it says welcome to the XXXX domain.

When I then reboot as it ask for and log in, it says: "A domain controller for your domain could not be contacted" and a little more on the error message saying that I have been logged on using cached credentials.

The only place I can see Netbios is on the bindings tab under wins client -> NIC

Network control panel, services, NetBIOS interface.


But what I don't understand is, shouldn't NT be able to run on strictly TCP/IP?

BTW it is installed on the PDC.

I installed a BDC a week ago in a completely different site, where it had no problems joining my domain over the internet.

Well, I think I'll let it hang.
I don't work there anymore as said earlier.

Thanks for trying.

You need a NetBIOS interface on an NT machine in order for it to talk to other Microsoft machines.
This interface can run on TCP/IP, NWLink and NetBEUI.


Thanks for clearing it up :-)

No news on what can cause that conflict?

Honestly, I don't see any relationship between "Access Denied" and lmhosts file... Very strange answer. Tim?

I have no idea why that answer was accepted - Ravelin ?

To get to the cause of the conflict, look in the event viewer for msg 4319 or 4320, or any NetBT related event message for that matter.

Although NBTSTAT -N may show a conflict, it won't give you the IP address of the failing machine, which you need to decipher from hexadecimal entries in the event log.

There are also potential issues with WINS.

If a WINS entry is static, yet the client still has WINS enabled, you'll also get a conflict.

If you want to progress this line of thought, please post up another question, or contact community support to get your points back and stick the event msg up here.

Gain unlimited access to on-demand training courses with an Experts Exchange subscription.

Get Access
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Empower Your Career
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE

Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Unlock the solution to this question.
Join our community and discover your potential

Experts Exchange is the only place where you can interact directly with leading experts in the technology field. Become a member today and access the collective knowledge of thousands of technology experts.

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.