• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2667
  • Last Modified:

Unable to add computers to the DOMAIN

I am currently running Windows Server 2003, workstations are on XP/SP2. I was getting the error "Unable to logon due to domain controller could not be located". I have since taken workstation off of the domain and attempted to put it back on the domain with no success.

I am getting the error "DNS was successfully queried for the service location (SRV) resource reocrd used to locate a domain controller for domain <domain name removed>:

The query was for the SRV record for_ldap._tcp.dc._msdcs.<domain name removed>

The follwoing domain controllers were identified by the query.

msqnpdc.<domain name removed>
msqnsdc.<domain name removed>
ccpn-mail.<domain name removed>

Common causes of this error include
-Host A records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses.
  -- I have verified that the IP Addresses are correct.

-Domain controllers registered in DNS are not connected to the network or are not running.
  -- I have verified that that controllers are running.

Have still been unable to add computers to the domain.

0
flemingh
Asked:
flemingh
2 Solutions
 
NJComputerNetworksCommented:
make sure DNS is setup similar to this:

Server DC 1
NAme:  ServerDC1
IP:  10.10.10.5
subnet: 255.255.255.0
Gateway: 10.10.10.1
DNS1:  10.10.10.5 or 127.0.0.1  <--- must point to itself and not to ISP DNS server
DNS 2: Some other internal DNS server in the internal domain ....recommended also to be in the same site if possible

Client IP settings
Name:  Clientworkstation1
IP:  10.10.10.25
subnet: 255.255.255.0
Gateway:  10.10.10.1
DNS1:  10.10.10.5  <--- do not point to ISP ,...must point to local DNS server of the windows domain
DNS2:  some other internal Windows 2003 DNS server....but not to domain.



Other things to check... make sure the the netlogon directory is being displayed on your DC's.  to check Start --> Run--> \\servername\

0
 
fleminghAuthor Commented:
We have checked the above however we continue to get the same errors
0
 
NJComputerNetworksCommented:
run DCDIAG to check for errors...
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
JEEGOCommented:
Are the machines that you are attempting to join to the domain seperated from the Domain Controller by a VPN tunnel, by any chance?
If that is the case, then I suggest that you use the full domain name (pacomccp.jtf.pacom.mil) during the JOIN DOMAIN process.

Thanks

JEEGO
0
 
fleminghAuthor Commented:
The machines are connected to the network via cable, I have typed in the fully qualified name, and still unable to join the domain.
0
 
NJComputerNetworksCommented:
start --> run --> CMD

DCDIAG  <enter>


http://technet2.microsoft.com/WindowsServer/en/Library/5237db58-a1e8-40cd-ae8a-7f52848a90f21033.mspx?mfr=true


DO YOU SEE THE NETLOGON DIRCTORY ON YOUR DC's?????  Other things to check... make sure the the netlogon directory is being displayed on your DC's.  to check Start --> Run--> \\servername\


On your DC's check for Event log ERRORs!!!
0
 
fleminghAuthor Commented:
Get time errors and also get the following error:
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355 A Primary Domain Controller could not be located. The server holding the PDC role is down.

Warning: DcGetDcName(Time_Server) call failed, error 1355 A time server could not be located.

The server holding the PDC role is down.
Warning: DcGetDcName(good_time_server-preferred) CALL FAILED, ERROR 1355
A good time server could not be located.
0
 
fleminghAuthor Commented:
Another error I have showing Kerberos does not have a ticket for host/msqnpdc.pacomccp.jtf.pacom.mil

The Security System detected an authentication error for the server cifs/PDC. The failure code from authentication protocol Kerberos was
" There are currently no logon servers available to service the logon request.

The description for Event ID in Source W32Time cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE=flag to retrieve this description.
0
 
Yancey LandrumTechnical Team LeadCommented:
First of all, make sure the workstation and the server are set to the same time and time zone. Kerberos won't work of they are more than 5 minutes apart. Remember that if the server is set to 5:00 PM Central time and the workstaion is set to 5:00 pm Pacific time, the machines are 2 hours out of sync and Kerberos will not allow the workstation to authenticate.

If everything looks good with the time, make sure that you have a valid active server holding the PDC role. Get onto a DC (or use an xp workstation that has admin tools on it), open a command prompt, and run ntdsutil. Enter the follwoing commands:

roles
connections
connect to server <main dc>
quit
select operation target
list roles for connected server

You should get a listing of roles; make sure they are all correct. In particular, look for the PDC role (yep, there is still a PDC despite what MS says) and make sure it is pointing to the correct machine. It should look something like this:

PDC - CN=NTDS Settings,CN=<Server_Name>,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=<domain>,DC=<ext>

for example:

PDC - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=experts-exchange,DC=com

For that matter, all roles should be correct. If the entry is not correct, continue with the following commands:

quit
transfer pdc

(click Yes when asked)

It will list the known roles again with the PDC listed correctly.

At this menu, you can enter Help to see how to transfer the other roles. One more thing; if any of the entries are pointing to a server that does not exist, you will have to seize those roles rather than transfer them.

0
 
fleminghAuthor Commented:
We are back up online. Able to add computers to the domain.

Ran DC Diag
did a W32tm /register
and rebooted.

0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now