[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1639
  • Last Modified:

Vista - Connecting to a domain

Hi,

We are in the process of upgrading our office machines to Windows Vista. We have a server set up with windows server and a domain of "sites". We have a number of machines running XP and no issues with these.

THE PROBLEM:

The problem came when we tried to get the new Vista Machines to join the domain "sites".

1. Went to the `System Properties`.
2. Clicked 'Change'
3. Under the Computer Name/Domain Change options, entered "sites"
NOTE:-The computer has been manually added to the server
4. Clicked OK
5. This brings up a dialog box to enter a username and password - In here entered username and password of user on domain
6. ERROR:- We get the following error message:
"The following error occured attempting to join the domain "sites". The specified domain does not exist or could not be contacted."

Any help would be greatfull....

Matt
0
ravinesolutions
Asked:
ravinesolutions
  • 8
  • 7
  • 5
  • +1
1 Solution
 
Rob WilliamsCommented:
Most often this is due to incorrectly configured DNS. Make sure on the network adapter configuration it points ONLY to your Internal DNS server and not to the ISP's even as a alternate/secondary.
Also when entering the user name you sometimes have to add the domain name   domain\user
0
 
chuckyhCommented:
Robwill is correct, Almost always a DNS issue. Are these computers getting their IP from DHCP? What's the DNS server assigned to them? If you run nslookup from a CMD prompt, you should see the domain controller as the default server.
0
 
ravinesolutionsAuthor Commented:
Hi Guys,
Yes they are getting IP address from DHCP which is enabled on the router.
And I can confirm under nslookup that its all pointing where it should be.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
Rob WilliamsCommented:
But is the ISP's DNS present as a secondary? This will often cause this problem and should not be present.
Also in some cases having 2 network adapters enabled while joining the domain, wired or wireless can cause issues. If a second is present, disable it until joining the domain.
0
 
chuckyhCommented:
also, is the "site" domain something like site.local? you may need to put in the full domain name when trying to join.
0
 
ravinesolutionsAuthor Commented:
Thanks chuckyh, but we have tried that previously with no luck...
0
 
Rob WilliamsCommented:
90% of the time, assuming you can ping the server it is DNS configuration, or something such as ISP's DNS, or another NIC is routing DNS incorrectly. However, also verify on the network adapter that "client for Microsoft networks" is enabled, and possibly try disabling the Windows or any other software firewall on the PC.
0
 
ravinesolutionsAuthor Commented:
Windows Firewall disabled from the start.

After running nslookup I have noticed that it is pointing to: 192.168.1.1 - which is the IP of the router not the server.

Should I disable DNS on the router and setup DHCP on the server?  
0
 
ravinesolutionsAuthor Commented:
Disable DHCP on router I meant not DNS sorry!!
0
 
chuckyhCommented:
You can just set static DNS on each of the machines, or change the dhcp settings to give out the correct dns server.
0
 
Rob WilliamsCommented:
>>Afr running nslookup I have noticed that it is pointing to: 192.168.1.1"
Once again, as mentioned check the network adapter whether configured statically or dynamically and make sure it points only to the Server for DNS. You can use     ipconfig  /all    from a command line to verify this.The router will default to having it point to itself, which in tern points to the ISP. It can be configured to point to the sever.
If you have a domain the server should be configured as the DHCP server in any case. It allows for more scope options, secure updates, and central management.
0
 
stephenhoekstraCommented:
Hi,

This looks like it's definitely a DNS issue.  First step, turn off the Windows firewall. Your router responding to DHCP requests?    Personally I would disable this and setup DHCP on your windows server (for DDNS for your workstations).  Once done this, check to see clients are getting DHCP from the server and not from the router by running 'cmd', 'ipconfig release', 'ipconfig renew' and then 'ipconfig /all'

DHCP Server . . . . . . . . . . . : 10.0.0.2  (as mine looks)

Alternatively, you could set IP address to come from DHCP and set the DNS manually on each machine (as mentioned), but may as well do it all via DHCP.  If you REALLY want to run DHCP on your router, just make the change there.

Test by doing 'nslookup sites' or 'nslookup sites.local' (depending what you've named your domain), it should resolve to your PDC.  Just 'nslookup' on it's own should show you the address of the DNS server that'll attempt resolving first before handing over to next in list.

If it's still not working, you might want to check that DNS is actually working properly on your PDC.  'nslookup sites(.local) 192.168.1.2' (or whatever your DNS server is) should resolve to your PDC.  You may need to authenticate to your PDC before being able to DNS by browsing a network share on it.


A lot of this is just repeating what people have said, but I can't see it being anything else.  I've come across this problem a couple of times and every time it's been DNS (or contacting the DNS server when there's an incorrectly configured firewall in between client and server).



As well, I would rather not add computers beforehand (unless in a RIS situation) and make the machines tell you they did not find a computer account and prompt to be added.  That way you know they are being properly added onto the domain.
0
 
stephenhoekstraCommented:
Sorry, it should be 'ipconfig /release' and 'ipconfig /renew'
0
 
ravinesolutionsAuthor Commented:
This is the error we now get when trying to join the domain...

The following error occurred attempting to join the domain "RAVINES":

An attempt to resolve the DNS name of a DC in the domain being joined has failed. Please varify this client is configured to reach a DNS server that can resolve DNS names in the target domain.
*****************************************************************
Below are results from CMD commands
*****************************************************************
C:\Users\Incito>nslookup
Default Server:  ravines
Address:  192.168.1.2
*****************************************************************
C:\Users\Incito>nslookup RAVINES
Server:  ravines
Address:  192.168.1.2

*** ravines can't find RAVINES: Non-existent domain
*****************************************************************
C:\Users\Incito>ipconfig /release
The requested operation requires elevation.
*****************************************************************
C:\Users\Incito>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Matt-Pond-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : RAVINES

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : RAVINES
   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Physical Address. . . . . . . . . : 00-1E-8C-B4-02-78
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::495e:8597:a5af:2be6%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.22(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 23 June 2008 09:19:47
   Lease Expires . . . . . . . . . . : 01 July 2008 09:29:39
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.2
   DNS Servers . . . . . . . . . . . : 192.168.1.2
   Primary WINS Server . . . . . . . : 192.168.1.2
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : RAVINES
   Description . . . . . . . . . . . : isatap.RAVINES
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:d5c7:a2ca:2cf2:3187:3f57:fee9(Pref
erred)
   Link-local IPv6 Address . . . . . : fe80::2cf2:3187:3f57:fee9%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
*****************************************************************
Anything look out of place?
0
 
stephenhoekstraCommented:
Did you browse to a server share or even just the server IP address before attempting this?

\\192.168.1.2?


In the one case where I had your problem it was because machines were not authenticating to the domain and trying to access the DNS server when attempting to add to the domain, which is why you should open \\192.168.1.2 so it prompts for username and password. Obviously this is resolved once machines are on the domain as they'll authenticate at login time.

0
 
ravinesolutionsAuthor Commented:
We can acces the server via \\server2 or \\192.168.1.2

We also get an Internet connection and can map a network drive. The network drive doesnt auto-recconect at logon though for obvious reasons.

nslookup 192.169.1.2 =
Server:  ravines
Address:  192.168.1.2

Name:    ravines
Address:  192.168.1.2
0
 
Rob WilliamsCommented:
Nothing to do with a solution, but nslookup is not always a good test. It relies on there being a reverse DNS entry in DNS, which doesn't need to be there for your network to work. In other words, failure of nslookup as above "*** ravines can't find RAVINES: Non-existent domain" does not necessarily indicate a problem.
Does pinging by server name return the correct IP?
0
 
ravinesolutionsAuthor Commented:
The server DNS was not setup properly. Microsoft remoted in and setup DNS properly on the server. All is now working fine...
0
 
Rob WilliamsCommented:
Excellent glad to hear.
DNS is the root of a Windows 2000/2003 domain.
0
 
stephenhoekstraCommented:
Hi Rob,

I've yet to see a functioning domain without a forward lookup.  You are right though, there doesn't have to be a reverse, but a forward lookup and a reverse lookup are two different things.  The reverse of the IP the domain name resolves to will resolve to the PDC domain name not the top level domain.

Pinging the hostname should resolve it via DNS (ala nslookup), although you could be mislead by ping resolving host's IP using NetBIOS.  When using nslookup you'll know for sure if you are resolving via DNS.
0
 
Rob WilliamsCommented:
>>"When using nslookup you'll know for sure if you are resolving via DNS"
Agreed, but a my point was a failed nslookup does not necessarily mean incorrectly configured DNS. It may simply mean there is no reverse lookup zone.
0
 
ravinesolutionsAuthor Commented:
Resolution
========
"      Ran Nslookup and found name resolution is not working on the client machine
"      Did the same on the server and we got the same result
"      Checked the DNS and found Forward zone was not configured properly.
"      Deleted the forward look up zone and reconfigured the zone
"      Restarted the netlogon service on the server
"      We could see all the SRV records, except PDC one
"      Checked the active directory users and computer snap-in for operation master roles and found Error in the current operation master role text box.
"      Seized the FSMO roles as there  is only 1 domain controller
"      Restarted the netlogon service
"      This time we could see PDC folder
"      On the client machine, ran the below commands
"      Ipconfig /flushdns
"      Ipconfig /registerdns
"      Added the client to domain successfully

Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller:
http://support.microsoft.com/kb/255504
0
 
stephenhoekstraCommented:
Good stuff :-)


Robwill: Hi.  An example of using forward lookups without need a reverse is Virtual Hosting (http://en.wikipedia.org/wiki/Virtual_hosting), where you have many hostnames resolving to a single IP address and the webserver serving a different website for each vhost.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 8
  • 7
  • 5
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now