Solved

Cannot join any servers or workstations to windows 2008 domain

Posted on 2009-05-07
20
1,065 Views
Last Modified: 2012-05-06
Looking for some help!
I installed a W2k08 Server and did initial setup for Active Directory. I believe there is something wrong with my DNS setup but have been unable to figure it out so far.
I've tried joining the domain from both a windows xp client and also another windows server 2008 machine but both fail. I've pointed their DNS to my W2k08 Server (which is running DNS role as well as the other standard comain controller roles).

The error I get when attempting to join the domain from the other W2k08 machine is:
"An attempt to resolve the DNS name of a DC in the domain being joined had failed".

The error I get from the Windows XP workstation when attempting to join the domain is:
"A domain controller for the domain stack.2008 could not be contacted"

I can ping the name of the domain controller from both these clients, although it doesnt display the FQDN in the reply.

No errors showing in DNS or other event logs.

Any ideas what I can try next?
Many thanks in advance.

0
Comment
Question by:stack888
  • 12
  • 7
20 Comments
 
LVL 22

Expert Comment

by:mutahir
ID: 24329182
Hi,
Things to check on client's side are :
A) Both of your clients Windows XP and 2008, do they have Obtain IP and DNS dynamically ?
B) Try setting the DNS Server on Clients side to the IP of your Domain Controller ?
C) Also, when you are trying to join the domain from the client's side and it asks for Domain Admin User/Password, input it in the following way :
stack.2008\administrator
password
where stack.2008\ represents the domain and then administrator is the user name of the super user on the domain.

On Domain Controller :
Set the 1st DNS Server to 127.0.0.1
Set the 2nd DNS Server to the IPV4 IP address of the DC Itself
Hope this helps
Kind Regards
Mutahir
PS : Also, let us know what kind of setup you have, is your dc the dhcp server as well ?
0
 
LVL 2

Author Comment

by:stack888
ID: 24329377
Hi mutahir

thanks for your reply.

A) All clients are set to static IPs (in the same subnet as the DC)
B) DNS is already pointing to the DC on all clients

C) Ok, I changed the Domain Controller DNS settings as per your suggestion (to 127.0.0.1 and the ip address of the dc) and now its failing before even prompting me to enter the username and password.

I'm seeing the following error now on the W2K08 client machine attempting to join the domain...

An error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller for domain stack.2008.

The error was: "The filename, directory name, or volume label syntax is incorrect."
(error code 0x0000007B ERROR_INVALID_NAME)

The query was for the SRV record for _ldap._tcp.dc._msdcs.stack.2008
0
 
LVL 2

Author Comment

by:stack888
ID: 24329422
some more info....
when I run DCDIAG I get the following results:

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = w2k08x86
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\W2K08X86
      Starting test: Connectivity
         The host d3d1fc86-42cf-473c-be84-0b3a264f52e2._msdcs.stack.2008 could
         not be resolved to an IP address. Check the DNS server, DHCP, server
         name, etc.
         ......................... W2K08X86 failed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\W2K08X86
      Skipping all tests, because server W2K08X86 is not responding to
      directory service requests.
   
   
   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test
         CrossRefValidation
   
   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test
         CrossRefValidation
   
   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
   
   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
   
   Running partition tests on : stack
      Starting test: CheckSDRefDom
         ......................... stack passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... stack passed test CrossRefValidation
   
   Running enterprise tests on : stack.2008
      Starting test: LocatorCheck
         ......................... stack.2008 passed test LocatorCheck
      Starting test: Intersite
         ......................... stack.2008 passed test Intersite
0
 
LVL 22

Expert Comment

by:mutahir
ID: 24329584
Hi Stack888,
Please paste an output of " ipconfig /all " from the server and the client
Also, try rebooting your server 2008 Box (DC) ; On the server
1st DNS Server 127.0.0.1 and second (alternate) DC IP Address (assuming it is hosting the DNS Server).
Reboot the clients as well, make sure their static ip address are the same and subnet mask, Also, screenshot of your DNS Server mmc would be useful, if you can allow me RDP access to the server I can check the settings for you.
 
0
 
LVL 2

Author Comment

by:stack888
ID: 24329665

IPCONFIG / ALL from the DC (which is also DNS server)

Windows IP Configuration

   Host Name . . . . . . . . . . . . : w2k08x86
   Primary Dns Suffix  . . . . . . . : stack.2008
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : stack.2008

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0C-29-6A-21-B8
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::4cdb:5baf:19f4:6391%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.113(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 234884137
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-54-11-69-00-0C-29-6A-21-B8
   DNS Servers . . . . . . . . . . . : ::1
                                       127.0.0.1
                                       192.168.0.113
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{4064B719-E749-47C7-930D-62AE9FB035C9}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes


IPCONFIG / ALL from the client windows 2008 machine:


Windows IP Configuration

   Host Name . . . . . . . . . . . . : w2k08out
   Primary Dns Suffix  . . . . . . . : stack.2008
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : stack.2008

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0C-29-92-B2-F0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::29ea:d53a:ccf5:d83%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.0.117(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 234884137
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-54-11-69-00-0C-29-6A-21-B8
   DNS Servers . . . . . . . . . . . : 192.168.0.113
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{4064B719-E749-47C7-930D-62AE9FB035C9}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e50:14a1:29c8:3f57:ff8a(Preferred)
   Link-local IPv6 Address . . . . . : fe80::14a1:29c8:3f57:ff8a%11(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

0
 
LVL 2

Author Comment

by:stack888
ID: 24329734

here's screenshot of dns attached...
Screenshot.png
0
 
LVL 22

Expert Comment

by:mutahir
ID: 24330186
Hi Stack,

http://technet.microsoft.com/en-us/library/cc738991.aspxhttp://technet.microsoft.com/en-us/library/cc738991.aspx

Follow the above article ; it seems the clients are joined on the domain as they are listed in the dns server entries but I would suggest is a reboot of the clients and the above tutorial to see where we stand.

0
 
LVL 2

Author Comment

by:stack888
ID: 24330324
Hi Mutahir,
following that article, it gives me the following:

nslookup
Default server: Unknown
Address: ::1

set q=srv
_ldap._tcp.dc._msdcs.stack.2008
server: unkwown
Address: ::1

_ldap._tcp.dc._msdcs.stack.2008 SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = w2k08x86.stack.2008
w2k08x86.stack.2008   internet address = 192.168.0.113
quit

I've restarted the DC and also the client machines and re-tried, but still get the same errors when trying to join the domain.



0
 
LVL 2

Author Comment

by:stack888
ID: 24330339
oh, one other thing. I tried manually creating the A and pointer records in DNS for one of the clients as they were not showing up there automatically so thats what you would have seen in the screenshot of DNS.
Still hasn't helped me get them to join the domain though.
0
 
LVL 22

Expert Comment

by:mutahir
ID: 24330428
ok, do one thing, try to uncheck IPV6 on your DC's network adapter and reboot

Also, I am off now and will be back tomorrow sometime, this is strange as I have just deployed AD on Win2k8 without any issues this morning :-)

I hope you get it resolved.

Also, on your client on the screen where you go and do a domain joining thing, click on more and make sure """ change primary domain name suffix ... """" is checked and the field is blank, restart your machine and then try joining it again.

Regards
0
How does your email signature look on mobiles?

Do your employees use mobile devices to reply to emails? With mobile becoming increasingly important to the business world, it is in your best interest to make sure that your email signature looks great across all types of devices.

 
LVL 22

Expert Comment

by:mutahir
ID: 24330432
Also, delete those records you created manually !
0
 
LVL 2

Author Comment

by:stack888
ID: 24331422
thanks again mutahir for the ideas.
Ok, so I removed the manually created records.
One thing I've just discovered....from the client machine, if I ping w2k08x86.stack.2008 it cannot find it.
But if I ping w2k08x86.stack.2008.  (adding an extra period "." at the end) it replies!!
And then if I go and try to add the machine to the domain, it now gives me the prompt to enter a username and password.
But then it still fails saying "An attempt to resolve the DNS of a DC in the domain being joined has failed".
So any ideas why I need to use the extra period "." to resolve a FQDN? I dont need to do this from the DC when pinging itself. Again, seems to point to something I have wrong in DNS setup but not sure what still.
I deployed a W2k03 AD with no problems recently so maybe it is the IPv6 in Windows 2008 thats messing things up. I'll try removing that next, as you suggested and let you know what happens.
thanks
0
 
LVL 2

Author Comment

by:stack888
ID: 24331678
ok, IPv6 removed from both the DC and the client machine and rebooted both.
Unfortunately still the same problem.
I can ping the following from the client:
IP address
Name
FQDN (only IF I add an extra "." at the end)
I can map drives from the client to the DC, using its IP address and name (i'm guessing its using netbios so this isn't really all that useful a test).
I just can't join a client machine to the domain!

0
 
LVL 2

Author Comment

by:stack888
ID: 24331725
more info....
ok, so for example if you go to the local Admin group on any client machine and you look to add in a user from the domain, it doesn't see the domain at all in the browse list. All it shows is the local servername.
So, DNS is not broadcasting the domain name for clients to be able to browse and see it.
I've looked on my windows xp client which can see the Windows 2003 Domain I have and again it doesn't see the W2k08 domain at all.
0
 
LVL 59

Expert Comment

by:Darius Ghassem
ID: 24332103
Do another ipconfig /all and post. Make sure you remove the DNS server in your DNS settings with the number 1. Second remove 127.0.0.1 and put the actuall IP address in of the server.

Make sure IPv6 is disabled.

Run ipconfig /flushdns, ipconfig /registerdns, and dcdiag /fix.
0
 
LVL 2

Author Comment

by:stack888
ID: 24332171
i ran ipconfig / flushdns, registerdns and dcdiag /fix.

DCDIAG /fix still shows same error:

"The host d3d1fc86-42cf-473c-be84-0b3a264f52e2._msdcs.stack.2008 could not be resolved to an IP address. Check the DNS Server, DHCP, server name, etc."

IPc6 is disabled on both the DC and the client machines.

Still same problem with no clients being able to connect to the domain, nor see the domain in the browse list from local Users and Computers.

Here's current ipconfig/ all for both DC and Client.

DC:


Windows IP Configuration

   Host Name . . . . . . . . . . . . : w2k08x86
   Primary Dns Suffix  . . . . . . . : stack.2008
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : stack.2008

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0C-29-6A-21-B8
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.113(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 127.0.0.1
                                       192.168.0.113
   NetBIOS over Tcpip. . . . . . . . : Enabled


Client Machine:


Windows IP Configuration

   Host Name . . . . . . . . . . . . : w2k08out
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
   Physical Address. . . . . . . . . : 00-0C-29-92-B2-F0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 192.168.0.117(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1
   DNS Servers . . . . . . . . . . . : 192.168.0.113
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{4064B719-E749-47C7-930D-62AE9FB035C9}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 02-00-54-55-4E-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e50:2c93:1f09:3f57:ff8a(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2c93:1f09:3f57:ff8a%11(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled

0
 
LVL 22

Accepted Solution

by:
mutahir earned 500 total points
ID: 24333187
Hi Stacks,
Last thing to try would be : adding to the domain type this :
w2k08x86.stack.2008.  {with a period at the end} as a domain name to join on clients. cause this is the record in your dns server for the ad controller '' w2k08x86.stack.2008. with a period in the end ; this would work.
--------------------------------------
It will take half an hour or maximum 45minutes ; just run :
start >> run >> dcpromo                    { on the domain controller }
This will come up with the screen to uninstall active directory and will also allow you to remove dns server role.
Once you have done this, do a reboot with your local admin account ; join all your client machines back to workgroup and then do a dcpromo on your domain controller again to create a new active directory.
If you are using this at home as a test environment, create a domain name like stacks2009.lan or stacks2008.net ; if you are planning to use exchange server then make sure to pick up a dns name which is not ending in .local or .lan
Once you have done the dcpromo then join the workstations and they will be fine.
 
0
 
LVL 2

Author Comment

by:stack888
ID: 24333247
HI mutahir
I did try using the whole name as described, with the period when adding clients to the domain.
Still fails with same errors as previously.

I dont really want to uninstall Active Directory and reisntall again. I mean, I dont see what would be different as I just followed the step by step instructions as per a Windows 2008 tutorial I have. I left everything as default and only selected my forest name, so if i re-installed it would be exactly the same again. All the client machines are still in workgroups because I've never managed to get them into a domain yet. So still a bit stuck here.

Any other ideas guys? Especially around the error that DCDIAG reported.....
Doing initial required tests
   
   Testing server: Default-First-Site-Name\W2K08X86
      Starting test: Connectivity
         The host d3d1fc86-42cf-473c-be84-0b3a264f52e2._msdcs.stack.2008 could
         not be resolved to an IP address. Check the DNS server, DHCP, server
         name, etc.
         ......................... W2K08X86 failed test Connectivity
0
 
LVL 22

Expert Comment

by:mutahir
ID: 24333694
Hi Stack,

Can you run this command on your dc :

dnscmd /EnumDirectoryPartitions

Also in your DNS Server console, if you expand forward lookup zones then click on msdcs.stack.2008 and get us a screenshot, the problem lies there ; you might have to add or edit a record in there ; plz give us a scrshot of that.

awaiting
0
 
LVL 2

Author Closing Comment

by:stack888
ID: 31579151
mutahir, its working now! Took your advice and did a reinstall of AD and used a new domain name this time. No idea what is different but I am able to join it now and DCDIAG doesn't show the error anymore! Many thanks for your help.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Suggested Solutions

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now