?
Solved

Client can't join domain

Posted on 2011-09-09
16
Medium Priority
?
1,354 Views
Last Modified: 2012-06-22
I have a brand new Dell laptop I just took out of the box and tried to join it to my domain.  It gave me an error message stating that it couldn't find the domain name I entered.

Under details it gives me the following info:

-------------------------------------------------------------
DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "lpgaoffice":

The query was for the SRV record for _ldap._tcp.dc._msdcs.lpgaoffice

The following domain controllers were identified by the query:
antares.lpgaoffice
excelsior.lpgaoffice


However no domain controllers could be contacted.

Common causes of this error include:

- Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are not running.
-------------------------------------------------------------

Using a network analyzer, I do see the DNS query going out and coming back, and I see that the response includes the SRV records for both domain controllers, as well as their IP addresses.

From the client, I can reach the domain controllers that were returned by DNS (i.e. antares.lpgaoffice and excelsior.lpgaoffice) and see shared folders on them after I am prompted to authenticate.  In other words, if I go to start > run and type "\\antares.lpgaoffice" I get a list of shared folders on that DC, so I know the client can talk to the DCs.

I'm mystified why I am getting this error since DNS appears to be working properly, and there is connectivity from the client to both DCs.  There are no firewalls between them in the network, the only firewalls are the standard Windows firewall.  I've tried turning those off but that doesn't make any difference.

The client is Windows 7 SP1 and the DCs are Windows 2008 SP1.
0
Comment
Question by:FWeston
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 3
  • 2
  • +3
16 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 36513354
When you are entering the domain name into the domain field are you entering the netbios name of the domain or the DNS name of the domain?
0
 
LVL 17

Expert Comment

by:James H
ID: 36513361
Are you using DHCP?Can you verify that the DNS is pointing to your DC?
0
 
LVL 3

Author Comment

by:FWeston
ID: 36513375
xxdcmast: Both.  It's a single-label domain name (lpgaoffice) which was set up that way 10 years ago by someone who didn't know what they were doing so the dns name is the same as the netbios name.

Spartan_1337: Yes I am using DHCP and the DNS servers are set to the two DC IP addresses.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Expert Comment

by:cmanglin
ID: 36513446
On the network card, make the options are selcted:
1. OBTAIN an IP address automatically
2. OBTAIN DNS address automatically

OR

check and ensure the following is set for this registry entry...
HKLM\System\CCS\Services\LanmanWorkstation\Parameters

DWORD DomainCompatibilityMode = 1

0
 
LVL 3

Author Comment

by:FWeston
ID: 36513450
cmanglin: both 1 & 2 from your suggestion are already in place.
0
 

Expert Comment

by:cmanglin
ID: 36513469
Does this new laptop have any personal firewall enabled? If so, try temporarily disabling it and testing again.
0
 
LVL 3

Author Comment

by:FWeston
ID: 36513526
cmanglin: Yes, as I said I have tried doing that and it did not make a difference.
0
 
LVL 6

Expert Comment

by:joeyfaz
ID: 36514157
Go to Administrative Tools -> DNS
In DNS, go to Forward Lookup Zones -> lpgaoffice
In the pane to the right, right click and select "New Host (A)
Leave the Name field blank, go down to the IP address field and enter the IP address of the domain controller, if there is more than one, than repeat the steps for each domain controller
Restart the laptop, and then try joining the domain again.
0
 
LVL 3

Author Comment

by:FWeston
ID: 36514677
joeyfaz: there are already root A records for each domain controller in the DNS zone.
0
 
LVL 6

Expert Comment

by:joeyfaz
ID: 36514716
Can you paste a printout of the following command please:

ipconfig /all
0
 
LVL 3

Author Comment

by:FWeston
ID: 36514744
Here it is.  The DNS IP addresses below are the DC IP addresses.

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : lpgaoffice
   Description . . . . . . . . . . . : Intel(R) 82567LF Gigabit Network Connecti
on
   Physical Address. . . . . . . . . : 00-22-68-0B-4F-46
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::bd60:7fe:e8f5:34b8%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.206.56(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, September 08, 2011 3:41:45 PM
   Lease Expires . . . . . . . . . . : Saturday, September 10, 2011 3:41:48 PM
   Default Gateway . . . . . . . . . : 192.168.206.1
   DHCP Server . . . . . . . . . . . : 192.168.206.1
   DHCPv6 IAID . . . . . . . . . . . : 234889832
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-90-B6-32-00-22-68-0B-4F-46

   DNS Servers . . . . . . . . . . . : 192.168.206.227
                                       192.168.206.190
   NetBIOS over Tcpip. . . . . . . . : Enabled
0
 
LVL 6

Expert Comment

by:joeyfaz
ID: 36514749
Ok, there you go, disable IPv6 on the adapter.
0
 
LVL 3

Author Comment

by:FWeston
ID: 36514771
I'll try that - and I bet that will solve it.  I've installed dozens of Windows 7 machines which all have IPv6 enabled by default and have never encountered this problem before, BUT we did recently upgrade our DCs from Server 2003 to Server 2008, and I think the fact that Server 2008 has IPv6 enabled by default is probably causing the client to look for an AAAA record instead of an A record.  I bet this is the first time I've tried to join an IPv6 client since upgrading the DCs to 2008, so I'm betting that's what it is.  Thanks for pointing that out to me.  I think I'll disable IPv6 on the DCs instead of on the clients so I only have to do it once.  I'll try this on Monday when I have more time and report back.
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 2000 total points
ID: 36515430
Don't disable the IPv6 on the 2k8 DC if exchange role is present on the server as it is required.
It seems that IPv6 is not causing the problem as it is single labled domain,to enable an Active Directory domain member to use DNS to locate domain controllers in domains you need to create AllowSingleLabelDnsDomain in registry on client PC.Follow this link for the same http://www.wincert.net/tips/networking/1614-cant-join-pc-to-a-domain-with-single-label.html.

Also enable NetBIOS over TCP/IP on the adapters for both the DC and the machine and then reboot the PC for the setting to take effect and attempt to join PC to the domain.
0
 
LVL 3

Author Comment

by:FWeston
ID: 36522529
Disabling IPv6 on client and server didn't have any effect.

Sandeshdubey: the article you linked did seem to solve the problem and I was able to join the PC to the domain.  I find it odd that before setting that registry key, I could see from the debug output on the PC that it was actually resolving the domain with DNS (evidenced by the fact that I see the two DC names in the debug output).  Since it was resolving it, I don't really understand why it was telling me that it couldn't contact a DC.

At any rate - are you aware of any way that this registry key could be made the "default" so I don't have to remember to set it on every client I want to join to the domain?
0
 
LVL 24

Expert Comment

by:Sandeshdubey
ID: 36526943
To enable Windows-based clients to perform dynamic updates to single-label DNS zones use Group Policy to enable the Update Top Level Domain Zones policy and the Location of the DCs hosting a domain with single label DNS name policy as specified in the following link:
http://www.virmansec.com/blogs/skhairuddin/archive/2010/07/26/how-do-i-enable-windows-based-clients-to-perform-dynamic-updates-to-single-label-dns-zones.aspx
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question