Solved

Cannot join new PCs to Domain

Posted on 2010-09-10
21
289 Views
Last Modified: 2012-06-27
We are a medium sized company with about 150 users + printers + mobile phones and other such devices connecting to our network. Our servers run Windows Server 2003 SP2 (32 Bit)

Since last week, when i try to join new PC's into our domain, it says AD-DC cannot be contacted. When I give a static IP, default gateway, dns locations etc to the IPv4 properties of the NIC and try to join to domain, it joins without any problem. after joining the domain, when I take out these static values i gave and give automatic settings, it still gives me unidentified network and limited connectivity. So for the time being, I've been giving IP reservations (same IP i gave static to join the domain) to the DHCP Server so that these PCs can remain connected. Can anyone please help with this?

Also, my DHCP scope has reached its limit. Scope options were from 192.168.0.15 to 192.168.0.199 , subnet of 255.255.255.0 with our default gateway (firewall) being 192.168.0.7
So I created another Scope 192.168.1.15 to 192.168.1.199 with same subnet mask 255.255.255.0 and a secondary working IP address for our firewall (192.168.1.7)
To test this new scope, I gave one of the PCs a static IP address of 192.168.1.100 pointing it to default gateway 192.168.1.7, there seems to be no connectivity. I went to DNS server, added 192.168.1.x subnet to reverse look-ups. Is there anything more I need to do to get the new scope to work? or is this happening because of the same problem which is causing my PCs to not find the domain controller?
0
Comment
Question by:isaackhazi
  • 10
  • 7
  • 3
  • +1
21 Comments
 
LVL 5

Accepted Solution

by:
swap_101982 earned 200 total points
ID: 33644652
Is your new scope activated ?
0
 
LVL 5

Assisted Solution

by:swap_101982
swap_101982 earned 200 total points
ID: 33644660
Have you also try to add a static route on server for your new gateway on firewall ?
From server are you able to reach your firewall gateway  ?
0
 
LVL 8

Author Comment

by:isaackhazi
ID: 33644709
my new scope is active.

my servers are connected to a different firewall (192.168.0.2).
and all the users are connected to the firewall 192.168.0.7

I was able to ping 192.168.1.7 from my PC because my default gateway is firewall 192.168.0.7 and it knows 192.168.1.7 is its own secondary IP address.

I was not able to ping 192.168.1.7 from the servers, because its gateway did not know where 192.168.1.x queries should be sent to. so as you suggested, i added a static route on the server firewall to send all queries coming to 192.168.1.x to 192.168.0.7. so now i'm able to ping 192.168.1.7 from my server.
But when I still try to give my PC static address of 192.168.1.100 and default gateway 192.168.1.7, it still does not connect, gives me unidentified network and limited connectivity (same as before).
0
 
LVL 8

Author Comment

by:isaackhazi
ID: 33644726
also, any explanation regarding my primary question about new PCs not being able to join the domain?
0
 
LVL 5

Expert Comment

by:swap_101982
ID: 33644730
your new systems are able to take IP from the new scope ?
0
 
LVL 5

Expert Comment

by:swap_101982
ID: 33644740
Also try to give your server a secondary IP on 192.168.1.x range
0
 
LVL 5

Expert Comment

by:swap_101982
ID: 33644747
When you are joining your systems to domain it will first look for DNS server if your 192.168.1.x scope is pointed to Your Primary DNS  i.e 192.168.0.x range than it will search from DNS for authorised DC to authenticate.
0
 
LVL 87

Assisted Solution

by:rindi
rindi earned 200 total points
ID: 33644762
Active Directory connection issues are usually caused by wrong DNS entries. Make sure your DHCP server only advertises itself or other DC's as DNS servers, and has no foreign entries (like those of your ISP).
0
 
LVL 8

Author Comment

by:isaackhazi
ID: 33644784
to answer to initial question, my new systems are not able to take on any IP address from the new scope.

after going to my server's NIC IPv4 properties, i added another IP address to it with 192.168.1.x range and also added default gateway 192.168.1.7 to the list.
still i'm not able to connect my PC with static IP of 192.168.1.100 and default gateway 192.168.1.7
gives unidentified network & limited connectivity. Also, when i goto IPv4 properties without disabling the NIC, the default gateway appears to be blank even though i'd specified it to be 192.168.0.7
0
 
LVL 8

Author Comment

by:isaackhazi
ID: 33644823
@ rindi,
the dhcp scope points to only our dns server. no other entries found.

@swap, the new scope ( 192.168.1.x) is pointed to our dns server (which lies in 192.168.0.x range). do you think this is happening because of the same problem with the new PCs not being able to contact DNS server automatically (DHCP) without statically pointing to our DNS server?
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 5

Expert Comment

by:swap_101982
ID: 33644843
For testing when you give your machine a static IP of 192.168.1.100 try to add the same route you added to your server and then check
0
 
LVL 8

Author Comment

by:isaackhazi
ID: 33644855
@swap,

what route in the server are you referring to?
earlier, i router 192.168.1.x queries in the server's firewall (192.168.0.2) to point to user firewall 192.168.0.7
0
 
LVL 5

Expert Comment

by:swap_101982
ID: 33644875
on local sytem add static route that points to your gateway 192.168.0.7
0
 
LVL 87

Expert Comment

by:rindi
ID: 33644889
Run an ipconfig /all on one of the PC's that got it's IP through DHCP and attach the results here.
0
 
LVL 8

Author Comment

by:isaackhazi
ID: 33644909
when i'm giving static ip of 192.168.1.100 and default gateway 192.168.1.7 to my local PC's NIC, u mean add 192.168.0.7 also to the gateway list?
0
 
LVL 8

Author Comment

by:isaackhazi
ID: 33644928
@rindi,

One of the PCs here with DHCP enabled, here's the result of 'ipconfig /all':


Windows IP Configuration

        Host Name . . . . . . . . . . . . : prtr-124
        Primary Dns Suffix  . . . . . . . : PRTR.local
        Node Type . . . . . . . . . . . . : Hybrid
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No
        DNS Suffix Search List. . . . . . : PRTR.local
                                            prtr.local

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : prtr.local
        Description . . . . . . . . . . . : Broadcom NetXtreme 57xx Gigabit Controller
        Physical Address. . . . . . . . . : 00-22-19-00-F6-B7
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 192.168.0.147
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.7
        DHCP Server . . . . . . . . . . . : 192.168.0.3
        DNS Servers . . . . . . . . . . . : 192.168.0.3
                                            192.168.0.4
        Primary WINS Server . . . . . . . : 192.168.0.3
        Lease Obtained. . . . . . . . . . : Friday, September 10, 2010 8:33:40 AM
        Lease Expires . . . . . . . . . . : Tuesday, January 19, 2038 10:14:07 AM
0
 
LVL 8

Author Comment

by:isaackhazi
ID: 33645002
I'm afraid its bad timing for us. Its weekend and I have to leave now and will be back on Monday morning. There's not much network settings I can change using VPN. Hope you guys return with your suggestions on Monday. Sorry to keep you waiting.
0
 
LVL 8

Author Comment

by:isaackhazi
ID: 33645029
i will be reading your suggestions throughout the weekend and I can try to answer as much details about our DHCP and DNS, AD settings etc.  as much as possible by connecting to our servers through VPN. But I'm afraid I cant implement much till i return on Monday. Sorry I had to post the question on a friday afternoon.
0
 
LVL 87

Assisted Solution

by:rindi
rindi earned 200 total points
ID: 33645466
The ipconfig looks like it should.
0
 
LVL 1

Assisted Solution

by:tomtown
tomtown earned 100 total points
ID: 33645683
Does that work actually? this looks a bit like a mess to me :)
Try
nslookup PRTR.local
on a PC that cannot join your domain to find out.

Tom
0
 
LVL 8

Author Closing Comment

by:isaackhazi
ID: 33865933
Good
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now