• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 301
  • Last Modified:

Cannot join new PCs to Domain

We are a medium sized company with about 150 users + printers + mobile phones and other such devices connecting to our network. Our servers run Windows Server 2003 SP2 (32 Bit)

Since last week, when i try to join new PC's into our domain, it says AD-DC cannot be contacted. When I give a static IP, default gateway, dns locations etc to the IPv4 properties of the NIC and try to join to domain, it joins without any problem. after joining the domain, when I take out these static values i gave and give automatic settings, it still gives me unidentified network and limited connectivity. So for the time being, I've been giving IP reservations (same IP i gave static to join the domain) to the DHCP Server so that these PCs can remain connected. Can anyone please help with this?

Also, my DHCP scope has reached its limit. Scope options were from 192.168.0.15 to 192.168.0.199 , subnet of 255.255.255.0 with our default gateway (firewall) being 192.168.0.7
So I created another Scope 192.168.1.15 to 192.168.1.199 with same subnet mask 255.255.255.0 and a secondary working IP address for our firewall (192.168.1.7)
To test this new scope, I gave one of the PCs a static IP address of 192.168.1.100 pointing it to default gateway 192.168.1.7, there seems to be no connectivity. I went to DNS server, added 192.168.1.x subnet to reverse look-ups. Is there anything more I need to do to get the new scope to work? or is this happening because of the same problem which is causing my PCs to not find the domain controller?
0
isaackhazi
Asked:
isaackhazi
  • 10
  • 7
  • 3
  • +1
5 Solutions
 
Swapnil PrajapatiSr. System AdministratorCommented:
Is your new scope activated ?
0
 
Swapnil PrajapatiSr. System AdministratorCommented:
Have you also try to add a static route on server for your new gateway on firewall ?
From server are you able to reach your firewall gateway  ?
0
 
isaackhaziAuthor Commented:
my new scope is active.

my servers are connected to a different firewall (192.168.0.2).
and all the users are connected to the firewall 192.168.0.7

I was able to ping 192.168.1.7 from my PC because my default gateway is firewall 192.168.0.7 and it knows 192.168.1.7 is its own secondary IP address.

I was not able to ping 192.168.1.7 from the servers, because its gateway did not know where 192.168.1.x queries should be sent to. so as you suggested, i added a static route on the server firewall to send all queries coming to 192.168.1.x to 192.168.0.7. so now i'm able to ping 192.168.1.7 from my server.
But when I still try to give my PC static address of 192.168.1.100 and default gateway 192.168.1.7, it still does not connect, gives me unidentified network and limited connectivity (same as before).
0
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

 
isaackhaziAuthor Commented:
also, any explanation regarding my primary question about new PCs not being able to join the domain?
0
 
Swapnil PrajapatiSr. System AdministratorCommented:
your new systems are able to take IP from the new scope ?
0
 
Swapnil PrajapatiSr. System AdministratorCommented:
Also try to give your server a secondary IP on 192.168.1.x range
0
 
Swapnil PrajapatiSr. System AdministratorCommented:
When you are joining your systems to domain it will first look for DNS server if your 192.168.1.x scope is pointed to Your Primary DNS  i.e 192.168.0.x range than it will search from DNS for authorised DC to authenticate.
0
 
rindiCommented:
Active Directory connection issues are usually caused by wrong DNS entries. Make sure your DHCP server only advertises itself or other DC's as DNS servers, and has no foreign entries (like those of your ISP).
0
 
isaackhaziAuthor Commented:
to answer to initial question, my new systems are not able to take on any IP address from the new scope.

after going to my server's NIC IPv4 properties, i added another IP address to it with 192.168.1.x range and also added default gateway 192.168.1.7 to the list.
still i'm not able to connect my PC with static IP of 192.168.1.100 and default gateway 192.168.1.7
gives unidentified network & limited connectivity. Also, when i goto IPv4 properties without disabling the NIC, the default gateway appears to be blank even though i'd specified it to be 192.168.0.7
0
 
isaackhaziAuthor Commented:
@ rindi,
the dhcp scope points to only our dns server. no other entries found.

@swap, the new scope ( 192.168.1.x) is pointed to our dns server (which lies in 192.168.0.x range). do you think this is happening because of the same problem with the new PCs not being able to contact DNS server automatically (DHCP) without statically pointing to our DNS server?
0
 
Swapnil PrajapatiSr. System AdministratorCommented:
For testing when you give your machine a static IP of 192.168.1.100 try to add the same route you added to your server and then check
0
 
isaackhaziAuthor Commented:
@swap,

what route in the server are you referring to?
earlier, i router 192.168.1.x queries in the server's firewall (192.168.0.2) to point to user firewall 192.168.0.7
0
 
Swapnil PrajapatiSr. System AdministratorCommented:
on local sytem add static route that points to your gateway 192.168.0.7
0
 
rindiCommented:
Run an ipconfig /all on one of the PC's that got it's IP through DHCP and attach the results here.
0
 
isaackhaziAuthor Commented:
when i'm giving static ip of 192.168.1.100 and default gateway 192.168.1.7 to my local PC's NIC, u mean add 192.168.0.7 also to the gateway list?
0
 
isaackhaziAuthor Commented:
@rindi,

One of the PCs here with DHCP enabled, here's the result of 'ipconfig /all':


Windows IP Configuration

        Host Name . . . . . . . . . . . . : prtr-124
        Primary Dns Suffix  . . . . . . . : PRTR.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : PRTR.local
                                            prtr.local

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : prtr.local
        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
        Physical Address. . . . . . . . . : 00-22-19-00-F6-B7
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.0.147
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.7
        DHCP Server . . . . . . . . . . . : 192.168.0.3
        DNS Servers . . . . . . . . . . . : 192.168.0.3
                                            192.168.0.4
        Primary WINS Server . . . . . . . : 192.168.0.3
        Lease Obtained. . . . . . . . . . : Friday, September 10, 2010 8:33:40 AM
        Lease Expires . . . . . . . . . . : Tuesday, January 19, 2038 10:14:07 AM
0
 
isaackhaziAuthor Commented:
I'm afraid its bad timing for us. Its weekend and I have to leave now and will be back on Monday morning. There's not much network settings I can change using VPN. Hope you guys return with your suggestions on Monday. Sorry to keep you waiting.
0
 
isaackhaziAuthor Commented:
i will be reading your suggestions throughout the weekend and I can try to answer as much details about our DHCP and DNS, AD settings etc.  as much as possible by connecting to our servers through VPN. But I'm afraid I cant implement much till i return on Monday. Sorry I had to post the question on a friday afternoon.
0
 
rindiCommented:
The ipconfig looks like it should.
0
 
tomtownCommented:
Does that work actually? this looks a bit like a mess to me :)
Try
nslookup PRTR.local
on a PC that cannot join your domain to find out.

Tom
0
 
isaackhaziAuthor Commented:
Good
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

  • 10
  • 7
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now