Link to home
Start Free TrialLog in
Avatar of FWeston

asked on

Client can't join domain

I have a brand new Dell laptop I just took out of the box and tried to join it to my domain.  It gave me an error message stating that it couldn't find the domain name I entered.

Under details it gives me the following info:

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "lpgaoffice":

The query was for the SRV record for _ldap._tcp.dc._msdcs.lpgaoffice

The following domain controllers were identified by the query:

However no domain controllers could be contacted.

Common causes of this error include:

- Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are not running.

Using a network analyzer, I do see the DNS query going out and coming back, and I see that the response includes the SRV records for both domain controllers, as well as their IP addresses.

From the client, I can reach the domain controllers that were returned by DNS (i.e. antares.lpgaoffice and excelsior.lpgaoffice) and see shared folders on them after I am prompted to authenticate.  In other words, if I go to start > run and type "\\antares.lpgaoffice" I get a list of shared folders on that DC, so I know the client can talk to the DCs.

I'm mystified why I am getting this error since DNS appears to be working properly, and there is connectivity from the client to both DCs.  There are no firewalls between them in the network, the only firewalls are the standard Windows firewall.  I've tried turning those off but that doesn't make any difference.

The client is Windows 7 SP1 and the DCs are Windows 2008 SP1.
Avatar of Joseph Daly
Joseph Daly
Flag of United States of America image

When you are entering the domain name into the domain field are you entering the netbios name of the domain or the DNS name of the domain?
Are you using DHCP?Can you verify that the DNS is pointing to your DC?
Avatar of FWeston


xxdcmast: Both.  It's a single-label domain name (lpgaoffice) which was set up that way 10 years ago by someone who didn't know what they were doing so the dns name is the same as the netbios name.

Spartan_1337: Yes I am using DHCP and the DNS servers are set to the two DC IP addresses.
On the network card, make the options are selcted:
1. OBTAIN an IP address automatically
2. OBTAIN DNS address automatically


check and ensure the following is set for this registry entry...

DWORD DomainCompatibilityMode = 1

Avatar of FWeston


cmanglin: both 1 & 2 from your suggestion are already in place.
Does this new laptop have any personal firewall enabled? If so, try temporarily disabling it and testing again.
Avatar of FWeston


cmanglin: Yes, as I said I have tried doing that and it did not make a difference.
Go to Administrative Tools -> DNS
In DNS, go to Forward Lookup Zones -> lpgaoffice
In the pane to the right, right click and select "New Host (A)
Leave the Name field blank, go down to the IP address field and enter the IP address of the domain controller, if there is more than one, than repeat the steps for each domain controller
Restart the laptop, and then try joining the domain again.
Avatar of FWeston


joeyfaz: there are already root A records for each domain controller in the DNS zone.
Can you paste a printout of the following command please:

ipconfig /all
Avatar of FWeston


Here it is.  The DNS IP addresses below are the DC IP addresses.

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : lpgaoffice
   Description . . . . . . . . . . . : Intel(R) 82567LF Gigabit Network Connecti
   Physical Address. . . . . . . . . : 00-22-68-0B-4F-46
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::bd60:7fe:e8f5:34b8%11(Preferred)
   IPv4 Address. . . . . . . . . . . :
   Subnet Mask . . . . . . . . . . . :
   Lease Obtained. . . . . . . . . . : Thursday, September 08, 2011 3:41:45 PM
   Lease Expires . . . . . . . . . . : Saturday, September 10, 2011 3:41:48 PM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 234889832
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-90-B6-32-00-22-68-0B-4F-46

   DNS Servers . . . . . . . . . . . :
   NetBIOS over Tcpip. . . . . . . . : Enabled
Ok, there you go, disable IPv6 on the adapter.
Avatar of FWeston


I'll try that - and I bet that will solve it.  I've installed dozens of Windows 7 machines which all have IPv6 enabled by default and have never encountered this problem before, BUT we did recently upgrade our DCs from Server 2003 to Server 2008, and I think the fact that Server 2008 has IPv6 enabled by default is probably causing the client to look for an AAAA record instead of an A record.  I bet this is the first time I've tried to join an IPv6 client since upgrading the DCs to 2008, so I'm betting that's what it is.  Thanks for pointing that out to me.  I think I'll disable IPv6 on the DCs instead of on the clients so I only have to do it once.  I'll try this on Monday when I have more time and report back.
Avatar of Sandesh Dubey
Sandesh Dubey
Flag of India image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of FWeston


Disabling IPv6 on client and server didn't have any effect.

Sandeshdubey: the article you linked did seem to solve the problem and I was able to join the PC to the domain.  I find it odd that before setting that registry key, I could see from the debug output on the PC that it was actually resolving the domain with DNS (evidenced by the fact that I see the two DC names in the debug output).  Since it was resolving it, I don't really understand why it was telling me that it couldn't contact a DC.

At any rate - are you aware of any way that this registry key could be made the "default" so I don't have to remember to set it on every client I want to join to the domain?
To enable Windows-based clients to perform dynamic updates to single-label DNS zones use Group Policy to enable the Update Top Level Domain Zones policy and the Location of the DCs hosting a domain with single label DNS name policy as specified in the following link: