Unable to add computers to the DOMAIN

Posted on 2006-07-11
Medium Priority
Last Modified: 2009-10-16
I am currently running Windows Server 2003, workstations are on XP/SP2. I was getting the error "Unable to logon due to domain controller could not be located". I have since taken workstation off of the domain and attempted to put it back on the domain with no success.

I am getting the error "DNS was successfully queried for the service location (SRV) resource reocrd used to locate a domain controller for domain <domain name removed>:

The query was for the SRV record for_ldap._tcp.dc._msdcs.<domain name removed>

The follwoing domain controllers were identified by the query.

msqnpdc.<domain name removed>
msqnsdc.<domain name removed>
ccpn-mail.<domain name removed>

Common causes of this error include
-Host A records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses.
  -- I have verified that the IP Addresses are correct.

-Domain controllers registered in DNS are not connected to the network or are not running.
  -- I have verified that that controllers are running.

Have still been unable to add computers to the domain.

Question by:flemingh
LVL 33

Expert Comment

ID: 17083898
make sure DNS is setup similar to this:

Server DC 1
NAme:  ServerDC1
DNS1: or  <--- must point to itself and not to ISP DNS server
DNS 2: Some other internal DNS server in the internal domain ....recommended also to be in the same site if possible

Client IP settings
Name:  Clientworkstation1
DNS1:  <--- do not point to ISP ,...must point to local DNS server of the windows domain
DNS2:  some other internal Windows 2003 DNS server....but not to domain.

Other things to check... make sure the the netlogon directory is being displayed on your DC's.  to check Start --> Run--> \\servername\


Author Comment

ID: 17084281
We have checked the above however we continue to get the same errors
LVL 33

Accepted Solution

NJComputerNetworks earned 1600 total points
ID: 17084315
run DCDIAG to check for errors...
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.


Expert Comment

ID: 17084400
Are the machines that you are attempting to join to the domain seperated from the Domain Controller by a VPN tunnel, by any chance?
If that is the case, then I suggest that you use the full domain name (pacomccp.jtf.pacom.mil) during the JOIN DOMAIN process.



Author Comment

ID: 17084519
The machines are connected to the network via cable, I have typed in the fully qualified name, and still unable to join the domain.
LVL 33

Expert Comment

ID: 17084560
start --> run --> CMD

DCDIAG  <enter>


DO YOU SEE THE NETLOGON DIRCTORY ON YOUR DC's?????  Other things to check... make sure the the netlogon directory is being displayed on your DC's.  to check Start --> Run--> \\servername\

On your DC's check for Event log ERRORs!!!

Author Comment

ID: 17084754
Get time errors and also get the following error:
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355 A Primary Domain Controller could not be located. The server holding the PDC role is down.

Warning: DcGetDcName(Time_Server) call failed, error 1355 A time server could not be located.

The server holding the PDC role is down.
Warning: DcGetDcName(good_time_server-preferred) CALL FAILED, ERROR 1355
A good time server could not be located.

Author Comment

ID: 17084978
Another error I have showing Kerberos does not have a ticket for host/msqnpdc.pacomccp.jtf.pacom.mil

The Security System detected an authentication error for the server cifs/PDC. The failure code from authentication protocol Kerberos was
" There are currently no logon servers available to service the logon request.

The description for Event ID in Source W32Time cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE=flag to retrieve this description.
LVL 13

Assisted Solution

by:Yancey Landrum
Yancey Landrum earned 400 total points
ID: 17085660
First of all, make sure the workstation and the server are set to the same time and time zone. Kerberos won't work of they are more than 5 minutes apart. Remember that if the server is set to 5:00 PM Central time and the workstaion is set to 5:00 pm Pacific time, the machines are 2 hours out of sync and Kerberos will not allow the workstation to authenticate.

If everything looks good with the time, make sure that you have a valid active server holding the PDC role. Get onto a DC (or use an xp workstation that has admin tools on it), open a command prompt, and run ntdsutil. Enter the follwoing commands:

connect to server <main dc>
select operation target
list roles for connected server

You should get a listing of roles; make sure they are all correct. In particular, look for the PDC role (yep, there is still a PDC despite what MS says) and make sure it is pointing to the correct machine. It should look something like this:

PDC - CN=NTDS Settings,CN=<Server_Name>,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=<domain>,DC=<ext>

for example:

PDC - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=experts-exchange,DC=com

For that matter, all roles should be correct. If the entry is not correct, continue with the following commands:

transfer pdc

(click Yes when asked)

It will list the known roles again with the PDC listed correctly.

At this menu, you can enter Help to see how to transfer the other roles. One more thing; if any of the entries are pointing to a server that does not exist, you will have to seize those roles rather than transfer them.


Author Comment

ID: 17085834
We are back up online. Able to add computers to the domain.

Ran DC Diag
did a W32tm /register
and rebooted.


Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Numerous times I have been asked this questions that what is it that makes my machine log on so slow, there have been cases where computers took 23 minute exactly after taking password and getting to the desktop. Interesting thing was the fact th…
The video will let you know the exact process to import OST/PST files to the cloud based Office 365 mailboxes. Using Kernel Import PST to Office 365 tool, one can quickly import numerous OST/PST files to Office 365. Besides this, the tool also comes…
Watch the video to know the simple way to remove or recover or reset lost or forgotten passwords of Outlook PST file. With Kernel Outlook Password Recovery tool such operation is very easy to perform. It is a freeware with limitation to use with 500…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question