Solved

Domain Controller could not be contacted

Posted on 2004-09-02
11
392 Views
Last Modified: 2008-02-01
After lots of searching and numerious attempts to correct the issue, I cannot join an XP workstation to my recently-upgraded AD domain.  Based on previous searches, I've done the following:

1.  Confirmed IP connectivity to my domain controller
2.  Confirmed DNS resolution to my domain controller
3.  Ran a successful NSLOOKUP against my DC
4.  Verified I had a Reverse DNS zone
5.  Added PTR record for my DC in DNS

Here are the details from the error message when joining:

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain corp.mycompany.com:
The query was for the SRV record for _ldap._tcp.dc._msdcs.corp.strategiccompanies.com
The following domain controllers were identified by the query:
stc01.corp.strategiccompanies.com
Common causes of this error include:
- Host (A) records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses.
- Domain controllers registered in DNS are not connected to the network or are not running.

Here is the output from NetDiag:
DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '127.0.0.1'.

Any help is appreciated.  Thanks!


0
Comment
Question by:arnetguru
11 Comments
 
LVL 104

Expert Comment

by:Sembee
ID: 11968226
Do you really have your DNS settings on the server set to 127.0.0.1? If so change them to the server's real IP address.
The server will be registering that IP address in DNS and will then be returning invalid information back to the clients.

Simon.
0
 
LVL 23

Expert Comment

by:rhandels
ID: 11968912
Hi,

Also, try to ping the server form the workstation by using it's Fully Qualified Domain Name (something like server.mydomain.com). If you cannot ping it by it's FQDN, then i would indeed check Simon's suggestion. Else, make sure that you have proper permissions to add a workstation to a domain (and make sure that the domain has a DC)
0
 
LVL 6

Expert Comment

by:Casca1
ID: 11970050
and a GC and PDC, and infrastructure master. If you DC promo'd a server, then removed the original without getting the FSMO roles transferred, you can run into that.
0
 

Author Comment

by:arnetguru
ID: 11971643
My DC's IP is 10.1.0.201.  That interface had its DNS server set to 127.0.0.1 (it's running DNS also).  However, I've changed the interface's DNS server to 10.1.0.201 to see if that will have an effect (I'll be testing it first thing this morning).

I can ping the DC by FQDN.  I don't think I'm running into a permissions issue, since I can't yet get a prompt for an account to add the workstation.

During the migration, I transferred all FSMO roles to the new DC, and checked the Global Catalog option.  

Thanks for the feedback so far.  I'll let you know if the DNS setting did the trick.  
0
 

Author Comment

by:arnetguru
ID: 11972397
Well, no luck changing the DNS server set in the DC's LAN interface.  Here's the latest netdiag output.  It shows the correct DNS server IP now:

**********************************************
Per interface results:

    Adapter : Local Area Connection

        Netcard queries test . . . : Passed

        Host Name. . . . . . . . . : stc01
        IP Address . . . . . . . . : 10.1.0.201
        Subnet Mask. . . . . . . . : 255.255.255.0
        Default Gateway. . . . . . : 10.1.0.254
        Primary WINS Server. . . . : 10.1.0.200
        Dns Servers. . . . . . . . : 10.1.0.201


        AutoConfiguration results. . . . . . : Passed

        Default gateway test . . . : Passed

        NetBT name test. . . . . . : Passed
        [WARNING] At least one of the <00> 'WorkStation Service', <03> 'M
r Service', <20> 'WINS' names is missing.

        WINS service test. . . . . : Passed


Global results:


Domain membership test . . . . . . : Passed


NetBT transports test. . . . . . . : Passed
    List of NetBt transports currently configured:
        NetBT_Tcpip_{459014BF-B2D6-4236-9513-8E19272AE46D}
    1 NetBt transport currently configured.


Autonet address test . . . . . . . : Passed


IP loopback ping test. . . . . . . : Passed


Default gateway test . . . . . . . : Passed


NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStatio
ce', <03> 'Messenger Service', <20> 'WINS' names defined.


Winsock test . . . . . . . . . . . : Passed


DNS test . . . . . . . . . . . . . : Passed
    PASS - All the DNS entries for DC are registered on DNS server '10.1.0.201'.



Redir and Browser test . . . . . . : Passed
    List of NetBt transports currently bound to the Redir
        NetBT_Tcpip_{459014BF-B2D6-4236-9513-8E19272AE46D}
    The redir is bound to 1 NetBt transport.

    List of NetBt transports currently bound to the browser
        NetBT_Tcpip_{459014BF-B2D6-4236-9513-8E19272AE46D}
    The browser is bound to 1 NetBt transport.


DC discovery test. . . . . . . . . : Passed


DC list test . . . . . . . . . . . : Passed


Trust relationship test. . . . . . : Skipped


Kerberos test. . . . . . . . . . . : Passed


LDAP test. . . . . . . . . . . . . : Passed


Bindings test. . . . . . . . . . . : Passed


WAN configuration test . . . . . . : Skipped
    No active remote access connections.


Modem diagnostics test . . . . . . : Passed

IP Security test . . . . . . . . . : Skipped

    Note: run "netsh ipsec dynamic show /?" for more detailed information


The command completed successfully
******************************************************

Here is output from DCDiag as well:

**********************************************************
Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests

   Testing server: CORP\STC01
      Starting test: Connectivity
         ......................... STC01 passed test Connectivity

Doing primary tests

   Testing server: CORP\STC01
      Starting test: Replications
         ......................... STC01 passed test Replications
      Starting test: NCSecDesc
         ......................... STC01 passed test NCSecDesc
      Starting test: NetLogons
         ......................... STC01 passed test NetLogons
      Starting test: Advertising
         ......................... STC01 passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... STC01 passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... STC01 passed test RidManager
      Starting test: MachineAccount
         ......................... STC01 passed test MachineAccount
      Starting test: Services
         ......................... STC01 passed test Services
      Starting test: ObjectsReplicated
         ......................... STC01 passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... STC01 passed test frssysvol
      Starting test: frsevent
         ......................... STC01 passed test frsevent
      Starting test: kccevent
         ......................... STC01 passed test kccevent
      Starting test: systemlog
         ......................... STC01 passed test systemlog
      Starting test: VerifyReferences
         ......................... STC01 passed test VerifyReferences

   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom

   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom

   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom

   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom

   Running partition tests on : corp
      Starting test: CrossRefValidation
         ......................... corp passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... corp passed test CheckSDRefDom

   Running enterprise tests on : corp.strategiccompanies.com
      Starting test: Intersite
         ......................... corp.strategiccompanies.com passed test Intersite
      Starting test: FsmoCheck
         ......................... corp.strategiccompanies.com passed test FsmoCheck
****************************************************************

Could this be an issue on the client?  The reason I ask is that I haven't had to manually join any other workstations to the AD domain since the upgrade.  They were able to connect to the AD domain after a reboot.  This workstation did not.  BTW, if you can't tell already, this is my first domain migration, so I may be missing simple things that a more experienced admin wouldn't.

Thanks again for your feedback!
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 6

Expert Comment

by:Casca1
ID: 11978436
Hmmm; Kill the WINS?
Sometimes, especially if the machine was an upgrade rather than a wipe and reinstall, the NT days come back to haunt you becuase the regustry is still set to use the old NetBios. It's just a thought, but...
0
 
LVL 4

Expert Comment

by:mcsallad
ID: 11985228
Lets get back to basic stuff, have you checked the cables and NICs? It might be a hardware problem.
Its just a thought, to be sure.

And what about the ip for the client? Let us see a ipconfig /all from the client too.
Are you running wins server on the dc too? If you do, reset the wins database, and if you arent running wins server on the dc try to set one up, wins is good
0
 
LVL 6

Accepted Solution

by:
Casca1 earned 125 total points
ID: 11985896
I disagree with only one part of that; WINS is not good. I do not disgree, however, that WINS might fix this issue.
Another thing that you might try is removing the IP stack from the client, heck, remove it all, do a restart, then re-add the stack. If troubleshooting the basic stuff, this is the first step, anyway.
Good Luck!
0
 
LVL 6

Expert Comment

by:Casca1
ID: 12118110
So which of my approaches worked? The shotgun? 8-)
Thanks for the score and points.
0
 

Author Comment

by:arnetguru
ID: 12128916
Completely removing and re-adding TCP/IP from the client did it.  My next step was to crush it with a car, claim ignorance, and order a new laptop.  :)
0
 
LVL 6

Expert Comment

by:Casca1
ID: 12129676
Hey, that would have worked! ;-)
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now