Solved

How do I fix error message "The specified domain either does not exist or could not be contacted"?

Posted on 2008-10-06
11
17,083 Views
Last Modified: 2012-06-21
Upgraded from an old server to a new server and created a new Domain called Company.local (it was the exact same name as the old server) Server name is Company2003 and all workstations are XP SP2 Pro. Each workstation was disjoined from the old domain and joined to the new domain. A new machine was purchased after the install that never saw the old domain so I don't think that is the issue. None of my group policy items are being pushed down. All windows firewalls are turned off.

Here are the three Event ID's that pop up on all machines...

1.Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1054
Date:            10/6/2008
Time:            7:40:07 PM
User:            NT AUTHORITY\SYSTEM
Computer:      Computer02
Description:
Windows cannot obtain the domain controller name for your computer network. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.
-----

2.Event Type:      Error
Event Source:      AutoEnrollment
Event Category:      None
Event ID:      15
Date:            10/6/2008
Time:            7:40:23 PM
User:            N/A
Computer:      Computer02
Description:
Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.
  Enrollment will not be performed.
-------

3.Event Type:      Error
Event Source:      Userenv
Event Category:      None
Event ID:      1053
Date:            10/6/2008
Time:            7:48:01 PM
User:            NT AUTHORITY\SYSTEM
Computer:      Computer02
Description:
Windows cannot determine the user or computer name. (The specified domain either does not exist or could not be contacted. ). Group Policy processing aborted.

I've already already turned the Autoentrollment Settings in GroupPolicy to "Do not enroll certificates automatically" under computer and user configuration. But when we do that they lose all network connections after the reboot!

Plese help!
0
Comment
Question by:mortega1
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 38

Expert Comment

by:ChiefIT
ID: 22656001
Unless this is a multihomed domain controller, the fix for the below link usually fixes the issue:
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_23356031.html

Multihomed is simply defined as a domain controller with two or more IPs on it. That can mean a single NIC with two IPs or multiple NICs.
0
 
LVL 5

Expert Comment

by:mren08
ID: 22656012
How do your clients get their IP Addresses?
Can you verify that they have the right DNS server addresses?
Do you actually have a CA installed on the network?
0
 

Author Comment

by:mortega1
ID: 22656243
Hey there ChiefIT thanks for the super quick response, funny thing you mention multiple NIC's... yes it does have two NICs. I just got home so I'll read your link tomorrow when I get to work...

Hey mren08, thank you as well for the super duper fast response... right now we only have a linksys router handling the firewall and DHCP with a DSL connection. The DNS records are in the router and I have all pc's (even thought we have DHCP turned on) setup using static IP's because of the issues we were having. Initially the static IP setup was 192.168.1.xxx, SM: 255.255.255.0, GW: 192.168.1.1 (router IP) and DNS was the same DNS entries that were in the router, but i have since changed it to the router itself 192.168.1.1, both ways they are able to view the internet and use all network resources. All users were able to login to the domain and get authenticated. But some users had issues with "All applications locking up either early morning or at about 5pm" which is right were the times these Event IDs pop up. The main problem was the owner of the company saying that every evening he had to restart his computer to print via the network printer. I checked his setup and there was a local printer 955 deskjet that was not physically connected but he had it as his default printer. I deleted it and re-installed the network printer. We'll see if that was the issue tomorrow.

Thanks again to the two of you for the super duper responses... I'll keep you guys posted for tomorrow.
0
 
LVL 5

Accepted Solution

by:
mren08 earned 300 total points
ID: 22656311
Hi mortega1...np..

Ok so can I clarify.. your clients and servers are using your Linksys router as a DNS server?

DNS is an integral part of Active Directory. Domain services are dependent on SRV records being registered in DNS in order for clients to locate domain controllers, global catalogs and the like.. in fact.. DNS is a pre-requisite for Active Directory installation. DNS should be active and operational on your DC and your clients should really be pointing to the DNS installation on your domain controllers. Your DC's should then be configured to forward DNS as appropriate..
0
 

Author Comment

by:mortega1
ID: 22656596
Hey there mren08, If that's the case, then it's a big whoops on my part! I'll check it out tomorrow. Thanks!
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 38

Expert Comment

by:ChiefIT
ID: 22656657
funny thing you mention multiple NIC's

Also on that link is a method to straighten out your DNS SRV records.
0
 
LVL 6

Expert Comment

by:JimsZ
ID: 22658252
You should point your computers to the IP address of the domain controller for DNS (assuming you have already set up DNS on the DC)

0
 

Author Comment

by:mortega1
ID: 22660357
Even if it doesn't handle DHCP?
0
 
LVL 38

Assisted Solution

by:ChiefIT
ChiefIT earned 200 total points
ID: 22661945
OK:

Let's get down and dirty on the problem. The problems you are seeing result from contacting the NIC outside your LAN IP space for DNS resolution.

(Domain does not exist or can not be contacted) usually always means one thing. DNS is having problems.

Let's first tackle the Multihomed Domain controller problems:
On the outside NIC, you must prevent it from registering its DNS records with DNS. Then, you must remove the SRV records of that NIC from DNS. So, in the NIC configuration on the outside NIC, disable "register this DNS connection". Then, remove the SRV  and HOST A records of that NIC from DNS. Then, flush the DNS cache of the server and client.

Step 1) Disable your outside NIC from registering its DNS connection. You do this by going into the NIC configuration>>TCP/IP properties>>DNS tab.

Step2) 2003 server has a quirk in it that will register the SRV records of both NICs when netlogon is restarted regardless of deselecting the "register this DNS connection" in the NIC configuration. To resolve this issue, you have to apply a hotfix.

There is a fix to the 2003 server. It is a patch.
Have a look at this:
 -- http://support.microsoft.com/?id=832478

Step 3) Once the above patch is installed, you must remove the Outside NIC instance of the SRV records. You can use the following article as a guide.
http://support.microsoft.com/kb/816587

Step4) You must clean out the HOST A record of the DNS server's outside NIC. You don't want your workstations or servers trying to contact the outside NIC to resolve the DNS server's address.

Step5) clear both the server's and client's DNS cache to make sure no cached entries of that outside NIC are in DNS resolver cache. You do this by IPconfig /flushdns

Step 6) make sure your preferred DNS servers list on ALL NICs is your internal microsoft DNS servers, NOT THE GATEWAY/ROUTER OR AN OUTSIDE SERVER. To do this for DHCP recipients, go to the DHCP server snaping, expand it until you come to a folder called SCOPE OPTIONS. Right click Scope Options and navigate to DNS servers list. Edit that list to only include your DNS servers. For fixed IPs, you have to configure your Preferred DNS server's list manually by going to the NIC configuration>>TCP/IP properties.

Step 7) Make sure your DNS records for the LAN NIC are registered to itself and replicate your changes to other servers. To do so:
Type the following at the command prompt:
IPconfig /flushdns
IPconfig /registerdns
net stop netlogon
net start netlogon

Once the above information is followed, you may wish to force replicate your information from the PDC Emulator to the new DC. Replicating the Host A records and SRV records will allow you to share those records with other DNS servers that may have just come on line. If you do not force replicate from one server to another, it will happen automatically. However, you may have to wait up to eight hours per server. So, you may wish to replicate from your PDC emulator to the new DNS server.

To force replicate, and save yourself time:
a) go to the Active Directory Sites and Services Snapin
b) navigate to Default First Site>>Servers
c)Pick the server you want to replicate TO and expand it
d)right click what is showing (NTDS site?) and select "replicate now"



0
 

Author Closing Comment

by:mortega1
ID: 31503688
Thanks to everyone that helped! It was a mistake on my part, and once I set the DNS and set everyone's PC to static IP's everything worked like a champ!
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
Ever notice how you can't use a new drive in Windows without having Windows assigning a Disk Signature?  Ever have a signature collision problem (especially with Virtual Machines?)  This article is intended to help you understand what's going on and…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now