Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

I can Ping the server and the DC but cannot Join a computer to the domain

Posted on 2007-12-15
22
Medium Priority
?
9,842 Views
Last Modified: 2010-07-27
I have a Windows Server 2003 Standard Machine I have installed and configured WINS, DNS, & DHCP as well as my DC, I can ping the server both by name and IP I can ping the DC by name however when ever I go to add a computer to the domain the client PC cannot find the domain controller
0
Comment
Question by:anotherhick
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 9
  • 5
  • 5
  • +2
22 Comments
 
LVL 3

Assisted Solution

by:ahmedalnooh
ahmedalnooh earned 160 total points
ID: 20478281
try to ping the dc by using fully qualified doman name if it fails so check the dns configuration from your saide but if it sucess go to the dc and try to restart the netlogn service and if not work install windows server 2003 support tools to use the command netdiag /fix
hopfully it will work at the end
1
 
LVL 2

Assisted Solution

by:bcmeyer1983
bcmeyer1983 earned 100 total points
ID: 20478311
go to the network properties of the network card and configure a static IP address of the DC in there for dns server 1. then try and join it to the domain.
what method are you using to join it to the domain
0
 

Author Comment

by:anotherhick
ID: 20478645
well tried everything in your reply ahmed nothing worked and I do believe I have my DNS set up properly (but then again I could be wrong on that) as for static IP that was configured when the server was 1st set up it has always had a static IP as for the method simply going to the computer name tab on the client machine and attempting from there to join the domain.
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 3

Assisted Solution

by:ahmedalnooh
ahmedalnooh earned 160 total points
ID: 20478665
plz could you type me the exact error that appear so i can support you more
0
 
LVL 70

Accepted Solution

by:
KCTS earned 1020 total points
ID: 20478666
You must make sure that the preferred (and only) DNS server specified - either statically or via the DHCP options is set to point at the windows DNS server.
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 1020 total points
ID: 20478673
... see http://support.microsoft.com/kb/291382 for more info and FAQs on DNS
0
 
LVL 11

Assisted Solution

by:sysreq2000
sysreq2000 earned 720 total points
ID: 20478677
Make sure your clients are pointing to the server as the DNS server. If you have set up DHCP to give your clients an external (ISP) DNS server then you will have this problem.

Make sure your DNS server is set to allow read access for ANONYMOUS LOGON.

If all else fails, paste this into your lmhosts file in windows\system32\drivers\etc

--- of course --- substitute your ip info, domain name, server name, etc.

IMPORTATANT!!!! The last line is there as a reference only and is commented out (starts with #) so it will not affect your resolution. The spacing on the #PRE line must be exact. Make sure you line up your domain info with the reference line line....start with starting quote, then the \ in \0x1b must be over the asterisk then closing quote must be over the reference closing quote. This is critical.



192.5.83.10    servername        #PRE #DOM:DOMAIN.COM

192.5.83.10   "DOMAIN.COM         \0x1b"   #PRE
# IP Address  "123456789012345*7890"
0
 
LVL 11

Assisted Solution

by:sysreq2000
sysreq2000 earned 720 total points
ID: 20478685
Just to clarify, paste into the lmhosts on the client  8)
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 1020 total points
ID: 20478699
Adding stuff to the lmhosts file is NOT going to help

Windows MUST be able to resolve not only the name to IP but also needs to query DNS to locate SRV records for _ldap, _gc and _kerbros etc
0
 
LVL 11

Assisted Solution

by:sysreq2000
sysreq2000 earned 720 total points
ID: 20478707
It will most certainly help...saved my bacon many times.

p.s. remember to save as lmhosts with no extension...i.e. get rid of the .sam on the sample file
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 1020 total points
ID: 20478969
If DNS aint working Active Directory aint working !
0
 

Author Comment

by:anotherhick
ID: 20479045
Ok I do see my problem my dns is screwed up it is looking for my local domain on my ISP's DNS Server not my server
0
 

Author Comment

by:anotherhick
ID: 20479099
OK here is the error message now but I seem to be digging my self a larger hole

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

The domain name celtic might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller for domain celtic:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.celtic

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

192.168.1.100

- One or more of the following zones do not include delegation to its child zone:

celtic
. (the root zone)

For information about correcting this problem, click Help.
0
 
LVL 70

Assisted Solution

by:KCTS
KCTS earned 1020 total points
ID: 20479131
Check DNS.
Make sure that your windows DC/DNS server points to itself as the preferred DNS server in the TCP/IP Settings. There should be NO OTHER entries here (and certinly not your ISP)

Open the DNS console and make sure that there is a forward lookup zone with the same name as your domain. If not create one.

Set up forwarders to point to your ISPs DNS as described at http://www.petri.co.il/configure_dns_forwarding.htm

Stop and restart the netlogon service to re-register the SRV records properly

Make sure the DHCP option i set properly to provide clients with the IP of your windows DNS server (only)

Set up fow
0
 
LVL 11

Assisted Solution

by:sysreq2000
sysreq2000 earned 720 total points
ID: 20479262
You have two servers, right? The new windows2003 and a pre-existing DC is how I understand your scenario. Did you by any chance set up DNS on the new server and are pointing to that? Were you able to join the server to the domain or did it have the same problem as the client pc's?

Make sure you are pointing to your domain DNS server, which was preferably set up as AD Integrated.

If this is not the case please clarify your topology.
0
 

Author Comment

by:anotherhick
ID: 20479478
actually no just a single server  

all references to my ISP NS's have been removed with the exception of the forwarders

double checked wins, dhcp, dns and my dc everything seems to be in order but yet I still cannot join the domain

also now I cannot ping my server by name I can by IP and I can also ping the dc however when I go to join the domain thru the system properties the dc does not resolve and returns the following error-

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

The domain name celtic might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller for domain celtic:

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.celtic

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

192.168.1.100

- One or more of the following zones do not include delegation to its child zone:

celtic
. (the root zone)

For information about correcting this problem, click Help.
0
 

Author Comment

by:anotherhick
ID: 20479531
as for my general topology single server running dns and dhcp with a singe local domain, and IIS and WINS

Along with the normal router, 2 switches, gateway, and 4 other PC's
0
 
LVL 11

Assisted Solution

by:sysreq2000
sysreq2000 earned 720 total points
ID: 20479637
When you ran DCPromo on the server did it warn you about using celtic as a domain name. Usually it would be celtic.something....celtic.com or celtic.local or whatever.

Is it possible for you to re-install....is this a production network or a lab?

If it's possible for you it may be easiest just to run dcpromo on the server again to demote it, then dcpromo it again using a FQDN. The error may be telling us everything we need to know  8)

DNS should be configured automatically when you run DCpromo.
0
 

Author Comment

by:anotherhick
ID: 20479689
actually I am using celtic.local celtic is just the netbios name
and this is actually a little of both

it si possible to blow it away and start over but I would much rather not do that if it can be avoided.

besides believe it or not we are making progress. after setting the ANON login security settings to read and a fresh reboot I can now ping successfully, and when I go to join the domain it now gets past the login but still fails

what it is doing now is actually creating the account in AD for the computer but instantly disabling it which of course is going to cause it to fail on the client side now I just gotta figure out whats causing that
0
 

Author Comment

by:anotherhick
ID: 20479697
ok to recap what I have done sop far to get to this point was reconfigure the dns, and wins to remove any reference of my isp dns with the exception of the forwarders,  verified that all entries in dns had the proper information in them i.e. the server IP and then set the security settings in the dns server allowing anonomous login read access then rebooted

Now I get all the way upto providing credentials when trying to join the domain and it fails due to the account being automatically disabled in ad as soon as it's created I have a feeling it has something to do with privledges and rights but not sure.
0
 

Author Comment

by:anotherhick
ID: 20480430
definatly a permissions issue
0
 

Author Closing Comment

by:anotherhick
ID: 31415245
as far as the actually being able to find and attempt to join the domain that issue has been resolved using many of the steps that were offered by multiple ppl. I 1st had to reconfigure my nic, then had to search for and remove any other reference to my ISP DNS from AD other than the DNS Forwarders, Also added some permissions to the anonomous login, aand finally make surte that all entries in DNS, DHCP, and WINS were pointing to the server then perform a reboot, I still cannot join the domain however that is an entirely different issue at this point of which I have opened another question so guys I thank you for answering this question and look forward to your help in the next
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

670 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question