Solved

Client can't join domain

Posted on 2011-09-09
16
1,323 Views
Last Modified: 2012-06-22
I have a brand new Dell laptop I just took out of the box and tried to join it to my domain.  It gave me an error message stating that it couldn't find the domain name I entered.

Under details it gives me the following info:

-------------------------------------------------------------
DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "lpgaoffice":

The query was for the SRV record for _ldap._tcp.dc._msdcs.lpgaoffice

The following domain controllers were identified by the query:
antares.lpgaoffice
excelsior.lpgaoffice


However no domain controllers could be contacted.

Common causes of this error include:

- Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are not running.
-------------------------------------------------------------

Using a network analyzer, I do see the DNS query going out and coming back, and I see that the response includes the SRV records for both domain controllers, as well as their IP addresses.

From the client, I can reach the domain controllers that were returned by DNS (i.e. antares.lpgaoffice and excelsior.lpgaoffice) and see shared folders on them after I am prompted to authenticate.  In other words, if I go to start > run and type "\\antares.lpgaoffice" I get a list of shared folders on that DC, so I know the client can talk to the DCs.

I'm mystified why I am getting this error since DNS appears to be working properly, and there is connectivity from the client to both DCs.  There are no firewalls between them in the network, the only firewalls are the standard Windows firewall.  I've tried turning those off but that doesn't make any difference.

The client is Windows 7 SP1 and the DCs are Windows 2008 SP1.
0
Comment
Question by:FWeston
  • 7
  • 3
  • 2
  • +3
16 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
Comment Utility
When you are entering the domain name into the domain field are you entering the netbios name of the domain or the DNS name of the domain?
0
 
LVL 17

Expert Comment

by:Spartan_1337
Comment Utility
Are you using DHCP?Can you verify that the DNS is pointing to your DC?
0
 
LVL 3

Author Comment

by:FWeston
Comment Utility
xxdcmast: Both.  It's a single-label domain name (lpgaoffice) which was set up that way 10 years ago by someone who didn't know what they were doing so the dns name is the same as the netbios name.

Spartan_1337: Yes I am using DHCP and the DNS servers are set to the two DC IP addresses.
0
 

Expert Comment

by:cmanglin
Comment Utility
On the network card, make the options are selcted:
1. OBTAIN an IP address automatically
2. OBTAIN DNS address automatically

OR

check and ensure the following is set for this registry entry...
HKLM\System\CCS\Services\LanmanWorkstation\Parameters

DWORD DomainCompatibilityMode = 1

0
 
LVL 3

Author Comment

by:FWeston
Comment Utility
cmanglin: both 1 & 2 from your suggestion are already in place.
0
 

Expert Comment

by:cmanglin
Comment Utility
Does this new laptop have any personal firewall enabled? If so, try temporarily disabling it and testing again.
0
 
LVL 3

Author Comment

by:FWeston
Comment Utility
cmanglin: Yes, as I said I have tried doing that and it did not make a difference.
0
 
LVL 6

Expert Comment

by:joeyfaz
Comment Utility
Go to Administrative Tools -> DNS
In DNS, go to Forward Lookup Zones -> lpgaoffice
In the pane to the right, right click and select "New Host (A)
Leave the Name field blank, go down to the IP address field and enter the IP address of the domain controller, if there is more than one, than repeat the steps for each domain controller
Restart the laptop, and then try joining the domain again.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 3

Author Comment

by:FWeston
Comment Utility
joeyfaz: there are already root A records for each domain controller in the DNS zone.
0
 
LVL 6

Expert Comment

by:joeyfaz
Comment Utility
Can you paste a printout of the following command please:

ipconfig /all
0
 
LVL 3

Author Comment

by:FWeston
Comment Utility
Here it is.  The DNS IP addresses below are the DC IP addresses.

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . : lpgaoffice
   Description . . . . . . . . . . . : Intel(R) 82567LF Gigabit Network Connecti
on
   Physical Address. . . . . . . . . : 00-22-68-0B-4F-46
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::bd60:7fe:e8f5:34b8%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.206.56(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, September 08, 2011 3:41:45 PM
   Lease Expires . . . . . . . . . . : Saturday, September 10, 2011 3:41:48 PM
   Default Gateway . . . . . . . . . : 192.168.206.1
   DHCP Server . . . . . . . . . . . : 192.168.206.1
   DHCPv6 IAID . . . . . . . . . . . : 234889832
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-90-B6-32-00-22-68-0B-4F-46

   DNS Servers . . . . . . . . . . . : 192.168.206.227
                                       192.168.206.190
   NetBIOS over Tcpip. . . . . . . . : Enabled
0
 
LVL 6

Expert Comment

by:joeyfaz
Comment Utility
Ok, there you go, disable IPv6 on the adapter.
0
 
LVL 3

Author Comment

by:FWeston
Comment Utility
I'll try that - and I bet that will solve it.  I've installed dozens of Windows 7 machines which all have IPv6 enabled by default and have never encountered this problem before, BUT we did recently upgrade our DCs from Server 2003 to Server 2008, and I think the fact that Server 2008 has IPv6 enabled by default is probably causing the client to look for an AAAA record instead of an A record.  I bet this is the first time I've tried to join an IPv6 client since upgrading the DCs to 2008, so I'm betting that's what it is.  Thanks for pointing that out to me.  I think I'll disable IPv6 on the DCs instead of on the clients so I only have to do it once.  I'll try this on Monday when I have more time and report back.
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
Comment Utility
Don't disable the IPv6 on the 2k8 DC if exchange role is present on the server as it is required.
It seems that IPv6 is not causing the problem as it is single labled domain,to enable an Active Directory domain member to use DNS to locate domain controllers in domains you need to create AllowSingleLabelDnsDomain in registry on client PC.Follow this link for the same http://www.wincert.net/tips/networking/1614-cant-join-pc-to-a-domain-with-single-label.html.

Also enable NetBIOS over TCP/IP on the adapters for both the DC and the machine and then reboot the PC for the setting to take effect and attempt to join PC to the domain.
0
 
LVL 3

Author Comment

by:FWeston
Comment Utility
Disabling IPv6 on client and server didn't have any effect.

Sandeshdubey: the article you linked did seem to solve the problem and I was able to join the PC to the domain.  I find it odd that before setting that registry key, I could see from the debug output on the PC that it was actually resolving the domain with DNS (evidenced by the fact that I see the two DC names in the debug output).  Since it was resolving it, I don't really understand why it was telling me that it couldn't contact a DC.

At any rate - are you aware of any way that this registry key could be made the "default" so I don't have to remember to set it on every client I want to join to the domain?
0
 
LVL 24

Expert Comment

by:Sandeshdubey
Comment Utility
To enable Windows-based clients to perform dynamic updates to single-label DNS zones use Group Policy to enable the Update Top Level Domain Zones policy and the Location of the DCs hosting a domain with single label DNS name policy as specified in the following link:
http://www.virmansec.com/blogs/skhairuddin/archive/2010/07/26/how-do-i-enable-windows-based-clients-to-perform-dynamic-updates-to-single-label-dns-zones.aspx
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I know all systems administrator at some time or another has had to create a script to copy file from a server share to a desktop. Well now there is an easy way to do this in Group Policy. Using Group policy preferences is not hard. The first thing …
Companies that have implemented Microsoft’s Active Directory need to ensure that the Active Directory is configured and operating properly. If there are issues found and not resolved, it eventually leads the components to fail or stop working and fi…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now