Solved

Vista - Connecting to a domain

Posted on 2008-06-20
23
1,627 Views
Last Modified: 2008-07-05
Hi,

We are in the process of upgrading our office machines to Windows Vista. We have a server set up with windows server and a domain of "sites". We have a number of machines running XP and no issues with these.

THE PROBLEM:

The problem came when we tried to get the new Vista Machines to join the domain "sites".

1. Went to the `System Properties`.
2. Clicked 'Change'
3. Under the Computer Name/Domain Change options, entered "sites"
NOTE:-The computer has been manually added to the server
4. Clicked OK
5. This brings up a dialog box to enter a username and password - In here entered username and password of user on domain
6. ERROR:- We get the following error message:
"The following error occured attempting to join the domain "sites". The specified domain does not exist or could not be contacted."

Any help would be greatfull....

Matt
0
Comment
Question by:ravinesolutions
  • 8
  • 7
  • 5
  • +1
23 Comments
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21830192
Most often this is due to incorrectly configured DNS. Make sure on the network adapter configuration it points ONLY to your Internal DNS server and not to the ISP's even as a alternate/secondary.
Also when entering the user name you sometimes have to add the domain name   domain\user
0
 
LVL 18

Expert Comment

by:chuckyh
ID: 21830366
Robwill is correct, Almost always a DNS issue. Are these computers getting their IP from DHCP? What's the DNS server assigned to them? If you run nslookup from a CMD prompt, you should see the domain controller as the default server.
0
 

Author Comment

by:ravinesolutions
ID: 21830468
Hi Guys,
Yes they are getting IP address from DHCP which is enabled on the router.
And I can confirm under nslookup that its all pointing where it should be.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21830644
But is the ISP's DNS present as a secondary? This will often cause this problem and should not be present.
Also in some cases having 2 network adapters enabled while joining the domain, wired or wireless can cause issues. If a second is present, disable it until joining the domain.
0
 
LVL 18

Expert Comment

by:chuckyh
ID: 21830726
also, is the "site" domain something like site.local? you may need to put in the full domain name when trying to join.
0
 

Author Comment

by:ravinesolutions
ID: 21830756
Thanks chuckyh, but we have tried that previously with no luck...
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21830943
90% of the time, assuming you can ping the server it is DNS configuration, or something such as ISP's DNS, or another NIC is routing DNS incorrectly. However, also verify on the network adapter that "client for Microsoft networks" is enabled, and possibly try disabling the Windows or any other software firewall on the PC.
0
 

Author Comment

by:ravinesolutions
ID: 21830979
Windows Firewall disabled from the start.

After running nslookup I have noticed that it is pointing to: 192.168.1.1 - which is the IP of the router not the server.

Should I disable DNS on the router and setup DHCP on the server?  
0
 

Author Comment

by:ravinesolutions
ID: 21830997
Disable DHCP on router I meant not DNS sorry!!
0
 
LVL 18

Expert Comment

by:chuckyh
ID: 21832163
You can just set static DNS on each of the machines, or change the dhcp settings to give out the correct dns server.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21834391
>>Afr running nslookup I have noticed that it is pointing to: 192.168.1.1"
Once again, as mentioned check the network adapter whether configured statically or dynamically and make sure it points only to the Server for DNS. You can use     ipconfig  /all    from a command line to verify this.The router will default to having it point to itself, which in tern points to the ISP. It can be configured to point to the sever.
If you have a domain the server should be configured as the DHCP server in any case. It allows for more scope options, secure updates, and central management.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 7

Expert Comment

by:stephenhoekstra
ID: 21842504
Hi,

This looks like it's definitely a DNS issue.  First step, turn off the Windows firewall. Your router responding to DHCP requests?    Personally I would disable this and setup DHCP on your windows server (for DDNS for your workstations).  Once done this, check to see clients are getting DHCP from the server and not from the router by running 'cmd', 'ipconfig release', 'ipconfig renew' and then 'ipconfig /all'

DHCP Server . . . . . . . . . . . : 10.0.0.2  (as mine looks)

Alternatively, you could set IP address to come from DHCP and set the DNS manually on each machine (as mentioned), but may as well do it all via DHCP.  If you REALLY want to run DHCP on your router, just make the change there.

Test by doing 'nslookup sites' or 'nslookup sites.local' (depending what you've named your domain), it should resolve to your PDC.  Just 'nslookup' on it's own should show you the address of the DNS server that'll attempt resolving first before handing over to next in list.

If it's still not working, you might want to check that DNS is actually working properly on your PDC.  'nslookup sites(.local) 192.168.1.2' (or whatever your DNS server is) should resolve to your PDC.  You may need to authenticate to your PDC before being able to DNS by browsing a network share on it.


A lot of this is just repeating what people have said, but I can't see it being anything else.  I've come across this problem a couple of times and every time it's been DNS (or contacting the DNS server when there's an incorrectly configured firewall in between client and server).



As well, I would rather not add computers beforehand (unless in a RIS situation) and make the machines tell you they did not find a computer account and prompt to be added.  That way you know they are being properly added onto the domain.
0
 
LVL 7

Expert Comment

by:stephenhoekstra
ID: 21842513
Sorry, it should be 'ipconfig /release' and 'ipconfig /renew'
0
 

Author Comment

by:ravinesolutions
ID: 21844440
This is the error we now get when trying to join the domain...

The following error occurred attempting to join the domain "RAVINES":

An attempt to resolve the DNS name of a DC in the domain being joined has failed. Please varify this client is configured to reach a DNS server that can resolve DNS names in the target domain.
*****************************************************************
Below are results from CMD commands
*****************************************************************
C:\Users\Incito>nslookup
Default Server:  ravines
Address:  192.168.1.2
*****************************************************************
C:\Users\Incito>nslookup RAVINES
Server:  ravines
Address:  192.168.1.2

*** ravines can't find RAVINES: Non-existent domain
*****************************************************************
C:\Users\Incito>ipconfig /release
The requested operation requires elevation.
*****************************************************************
C:\Users\Incito>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : Matt-Pond-PC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : RAVINES

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : RAVINES
   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller
   Physical Address. . . . . . . . . : 00-1E-8C-B4-02-78
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::495e:8597:a5af:2be6%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.22(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : 23 June 2008 09:19:47
   Lease Expires . . . . . . . . . . : 01 July 2008 09:29:39
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.2
   DNS Servers . . . . . . . . . . . : 192.168.1.2
   Primary WINS Server . . . . . . . : 192.168.1.2
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : RAVINES
   Description . . . . . . . . . . . : isatap.RAVINES
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:d5c7:a2ca:2cf2:3187:3f57:fee9(Pref
erred)
   Link-local IPv6 Address . . . . . : fe80::2cf2:3187:3f57:fee9%12(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
*****************************************************************
Anything look out of place?
0
 
LVL 7

Expert Comment

by:stephenhoekstra
ID: 21844557
Did you browse to a server share or even just the server IP address before attempting this?

\\192.168.1.2?


In the one case where I had your problem it was because machines were not authenticating to the domain and trying to access the DNS server when attempting to add to the domain, which is why you should open \\192.168.1.2 so it prompts for username and password. Obviously this is resolved once machines are on the domain as they'll authenticate at login time.

0
 

Author Comment

by:ravinesolutions
ID: 21844578
We can acces the server via \\server2 or \\192.168.1.2

We also get an Internet connection and can map a network drive. The network drive doesnt auto-recconect at logon though for obvious reasons.

nslookup 192.169.1.2 =
Server:  ravines
Address:  192.168.1.2

Name:    ravines
Address:  192.168.1.2
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21847663
Nothing to do with a solution, but nslookup is not always a good test. It relies on there being a reverse DNS entry in DNS, which doesn't need to be there for your network to work. In other words, failure of nslookup as above "*** ravines can't find RAVINES: Non-existent domain" does not necessarily indicate a problem.
Does pinging by server name return the correct IP?
0
 

Author Comment

by:ravinesolutions
ID: 21847711
The server DNS was not setup properly. Microsoft remoted in and setup DNS properly on the server. All is now working fine...
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21847727
Excellent glad to hear.
DNS is the root of a Windows 2000/2003 domain.
0
 
LVL 7

Expert Comment

by:stephenhoekstra
ID: 21850346
Hi Rob,

I've yet to see a functioning domain without a forward lookup.  You are right though, there doesn't have to be a reverse, but a forward lookup and a reverse lookup are two different things.  The reverse of the IP the domain name resolves to will resolve to the PDC domain name not the top level domain.

Pinging the hostname should resolve it via DNS (ala nslookup), although you could be mislead by ping resolving host's IP using NetBIOS.  When using nslookup you'll know for sure if you are resolving via DNS.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 21850448
>>"When using nslookup you'll know for sure if you are resolving via DNS"
Agreed, but a my point was a failed nslookup does not necessarily mean incorrectly configured DNS. It may simply mean there is no reverse lookup zone.
0
 

Accepted Solution

by:
ravinesolutions earned 0 total points
ID: 21881463
Resolution
========
"      Ran Nslookup and found name resolution is not working on the client machine
"      Did the same on the server and we got the same result
"      Checked the DNS and found Forward zone was not configured properly.
"      Deleted the forward look up zone and reconfigured the zone
"      Restarted the netlogon service on the server
"      We could see all the SRV records, except PDC one
"      Checked the active directory users and computer snap-in for operation master roles and found Error in the current operation master role text box.
"      Seized the FSMO roles as there  is only 1 domain controller
"      Restarted the netlogon service
"      This time we could see PDC folder
"      On the client machine, ran the below commands
"      Ipconfig /flushdns
"      Ipconfig /registerdns
"      Added the client to domain successfully

Using Ntdsutil.exe to transfer or seize FSMO roles to a domain controller:
http://support.microsoft.com/kb/255504
0
 
LVL 7

Expert Comment

by:stephenhoekstra
ID: 21882192
Good stuff :-)


Robwill: Hi.  An example of using forward lookups without need a reverse is Virtual Hosting (http://en.wikipedia.org/wiki/Virtual_hosting), where you have many hostnames resolving to a single IP address and the webserver serving a different website for each vhost.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

A brief overview to explain gateways, default gateways and static routes OR NO - you CANNOT have two default gateways on the same server, PC or other Windows-based network device. In simple terms a gateway is formed when a computer such as a serv…
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now