Solved

Unable to add computers to the DOMAIN

Posted on 2006-07-11
11
2,661 Views
Last Modified: 2009-10-16
I am currently running Windows Server 2003, workstations are on XP/SP2. I was getting the error "Unable to logon due to domain controller could not be located". I have since taken workstation off of the domain and attempted to put it back on the domain with no success.

I am getting the error "DNS was successfully queried for the service location (SRV) resource reocrd used to locate a domain controller for domain <domain name removed>:

The query was for the SRV record for_ldap._tcp.dc._msdcs.<domain name removed>

The follwoing domain controllers were identified by the query.

msqnpdc.<domain name removed>
msqnsdc.<domain name removed>
ccpn-mail.<domain name removed>

Common causes of this error include
-Host A records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses.
  -- I have verified that the IP Addresses are correct.

-Domain controllers registered in DNS are not connected to the network or are not running.
  -- I have verified that that controllers are running.

Have still been unable to add computers to the domain.

0
Comment
Question by:flemingh
11 Comments
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 17083898
make sure DNS is setup similar to this:

Server DC 1
NAme:  ServerDC1
IP:  10.10.10.5
subnet: 255.255.255.0
Gateway: 10.10.10.1
DNS1:  10.10.10.5 or 127.0.0.1  <--- must point to itself and not to ISP DNS server
DNS 2: Some other internal DNS server in the internal domain ....recommended also to be in the same site if possible

Client IP settings
Name:  Clientworkstation1
IP:  10.10.10.25
subnet: 255.255.255.0
Gateway:  10.10.10.1
DNS1:  10.10.10.5  <--- do not point to ISP ,...must point to local DNS server of the windows domain
DNS2:  some other internal Windows 2003 DNS server....but not to domain.



Other things to check... make sure the the netlogon directory is being displayed on your DC's.  to check Start --> Run--> \\servername\

0
 

Author Comment

by:flemingh
ID: 17084281
We have checked the above however we continue to get the same errors
0
 
LVL 33

Accepted Solution

by:
NJComputerNetworks earned 400 total points
ID: 17084315
run DCDIAG to check for errors...
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 1

Expert Comment

by:JEEGO
ID: 17084400
Are the machines that you are attempting to join to the domain seperated from the Domain Controller by a VPN tunnel, by any chance?
If that is the case, then I suggest that you use the full domain name (pacomccp.jtf.pacom.mil) during the JOIN DOMAIN process.

Thanks

JEEGO
0
 

Author Comment

by:flemingh
ID: 17084519
The machines are connected to the network via cable, I have typed in the fully qualified name, and still unable to join the domain.
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 17084560
start --> run --> CMD

DCDIAG  <enter>


http://technet2.microsoft.com/WindowsServer/en/Library/5237db58-a1e8-40cd-ae8a-7f52848a90f21033.mspx?mfr=true


DO YOU SEE THE NETLOGON DIRCTORY ON YOUR DC's?????  Other things to check... make sure the the netlogon directory is being displayed on your DC's.  to check Start --> Run--> \\servername\


On your DC's check for Event log ERRORs!!!
0
 

Author Comment

by:flemingh
ID: 17084754
Get time errors and also get the following error:
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355 A Primary Domain Controller could not be located. The server holding the PDC role is down.

Warning: DcGetDcName(Time_Server) call failed, error 1355 A time server could not be located.

The server holding the PDC role is down.
Warning: DcGetDcName(good_time_server-preferred) CALL FAILED, ERROR 1355
A good time server could not be located.
0
 

Author Comment

by:flemingh
ID: 17084978
Another error I have showing Kerberos does not have a ticket for host/msqnpdc.pacomccp.jtf.pacom.mil

The Security System detected an authentication error for the server cifs/PDC. The failure code from authentication protocol Kerberos was
" There are currently no logon servers available to service the logon request.

The description for Event ID in Source W32Time cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE=flag to retrieve this description.
0
 
LVL 13

Assisted Solution

by:ylandrum
ylandrum earned 100 total points
ID: 17085660
First of all, make sure the workstation and the server are set to the same time and time zone. Kerberos won't work of they are more than 5 minutes apart. Remember that if the server is set to 5:00 PM Central time and the workstaion is set to 5:00 pm Pacific time, the machines are 2 hours out of sync and Kerberos will not allow the workstation to authenticate.

If everything looks good with the time, make sure that you have a valid active server holding the PDC role. Get onto a DC (or use an xp workstation that has admin tools on it), open a command prompt, and run ntdsutil. Enter the follwoing commands:

roles
connections
connect to server <main dc>
quit
select operation target
list roles for connected server

You should get a listing of roles; make sure they are all correct. In particular, look for the PDC role (yep, there is still a PDC despite what MS says) and make sure it is pointing to the correct machine. It should look something like this:

PDC - CN=NTDS Settings,CN=<Server_Name>,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=<domain>,DC=<ext>

for example:

PDC - CN=NTDS Settings,CN=SERVER1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=experts-exchange,DC=com

For that matter, all roles should be correct. If the entry is not correct, continue with the following commands:

quit
transfer pdc

(click Yes when asked)

It will list the known roles again with the PDC listed correctly.

At this menu, you can enter Help to see how to transfer the other roles. One more thing; if any of the entries are pointing to a server that does not exist, you will have to seize those roles rather than transfer them.

0
 

Author Comment

by:flemingh
ID: 17085834
We are back up online. Able to add computers to the domain.

Ran DC Diag
did a W32tm /register
and rebooted.

0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now