Solved

cannot join pc to server 2008 domain

Posted on 2011-09-16
40
360 Views
Last Modified: 2012-05-12
Hi there,
I have a Windows 7 Pro PC i am trying to join to my domain. I already have an XP Pro PC joined to the domain, but my windows 7 pc will not join.
I have tried setting a manual ip address to the same subnet as the server, tried setting the dns server as my server, setting the ip settings on the pc to automatic.

When i go to join the domain, i am prompted for the username and password, which is entered correctly, then i am faced with the following error:

"an attempt to resolve the dns name of a domain controller in the domain being joined has failed. please verify this client is configured to reach an dns server that can resolve dns names in the target domain."

What could possibly be the issue?

0
Comment
Question by:dbidesign
  • 15
  • 8
  • 8
  • +3
40 Comments
 
LVL 10

Expert Comment

by:gaurav05
ID: 36547842
Hi,

You might also try to do an nslookup for the domain controllers:
At the command prompt enter nslookup
set type=srv
_ldap._tcp.dc._msdcs.domain.name

Your domain controller(s) should be listed if configured correctly. (Replace domain.name with your actual domain name)
0
 
LVL 10

Expert Comment

by:gaurav05
ID: 36547850
Hi,

If you open up the DNS console from Administrative Tools on your server, then expand Forward Lookup Zones, can you see "domain.name"?
0
 
LVL 10

Expert Comment

by:gaurav05
ID: 36547935
Hi,

computer to join the domain by doing the following:  in the network adapter IP 4 properties, set the DNS ip address to that of the domain controller, NOT the DNS.

OR

cmputer by turning off or unchecking IPv6
0
 
LVL 1

Expert Comment

by:rodeca
ID: 36547945
In my network (SBS 2008) I had to configure and set my DC as DNS server, and then set its IP as DNS address for the clients (in fact, I configured DHCP and set client IP to automatic).

I cannot remember where I saw it, but there was something like that for win7 - Server2008 to work you must enable IPv6, although you don't employ it (perhaps some expert may help on this ;-)

HIH
0
 

Author Comment

by:dbidesign
ID: 36548012
Guarav05
 - the domain controller was not listed when i entered that command
- yes, the domain is listed in DNS under forward lookup
- i set the dns ip address to that of my server (the same ip address i use to remote into the server)
- unchecking ipv6 did not fix it


Rodeca
i have tried with DHCP turned off and turned on, no luck


               
0
 
LVL 10

Expert Comment

by:gaurav05
ID: 36548053
Hi,

add your DC(s) addresses to your Windows 7 machine's HOSTS file
0
 
LVL 10

Expert Comment

by:gaurav05
ID: 36548066
Hi,

Could be you don't have a reverse lookup zone configured. In DNS on your server right-click reverse lookup zone - select New Zone. Make sure it and the rest of your DNS is active directory integrated and in the network address enter the first three octets of your subnet - 10.0.0 or 192.168.0, then next and finish.

Nslookup won't work without correctly configured a reverse lookup zone on the dns server
0
 
LVL 10

Expert Comment

by:gaurav05
ID: 36548079
0
 
LVL 88

Expert Comment

by:rindi
ID: 36548086
Try joining using the following method:

On the Windows 7 PC right click on "Computer", select "Properties", then in the Computer name section select "Change Settings". Now select "Network ID" and now answer the Questions to join the PC to the Domain.

0
 

Author Comment

by:dbidesign
ID: 36548188
gaurav05:
-I set up a reverse lookup zone, still can't find the domain using the command you gave me before and still can't join domain
- Disabled firewall, still can't join domain

Rindi:
I ran the wizard and restarted my PC, nothing changed.

It's a tough one but we can get crack this!
0
 

Author Comment

by:dbidesign
ID: 36548193
I found the hosts file, but i cannot save because i need administrator privileges. I ran notepad as administrator and then tried to open hosts file - still will not let me save it.
Is the DC address the ip address of the server?
0
 
LVL 10

Expert Comment

by:gaurav05
ID: 36548212

did u get the response while you ping your DC server ?

thanks for the information

Is the Dc adderss the ip address of the server ?

yes.

try to make host entry.





0
 

Author Comment

by:dbidesign
ID: 36548229
the ip of my server is 192.168.1.1
I can successfully ping my server
I can successfully remotely log into my server

Is the DC the same address as this? How do i know if it isn't?
I am still trying to make host entry.
0
 
LVL 10

Expert Comment

by:gaurav05
ID: 36548300


Hi,

try

nslookup  192.168.1.1

it gives you the DC Name or not ?





0
 
LVL 88

Expert Comment

by:rindi
ID: 36548356
Have you made sure the DNS server IP on your PC only points to the DNS server of your AD domain and no others? Also try disabling IPv6 for the connection test. Also make sure the Windows 7 PC has all windowsupdates installed (maybe also disable the AV software for the process).
0
 

Author Comment

by:dbidesign
ID: 36548420
at the command prompt i typed: nslookup 192.168.1.1
result: non-existant domain

I changed the preferred DNS address to 192.168.1.1
I set the default gateway to my router - i can still access the internet
I set the default gateway to 192.168.1.1 - i cannot access internet

Yes, have installed all windows updates
Yes, have disabled ipv6 and tried again
Has not worked still

What is strange is it prompts me to enter the username and password after i type in the domain name, and i enter the details correctly. But i still get the error.



0
 
LVL 88

Expert Comment

by:rindi
ID: 36548431
"I changed the preferred DNS address to 192.168.1.1"

and you made sure the Alternate DNS address is empty?

Are there more than one NICs in the PC?
0
 

Author Comment

by:dbidesign
ID: 36548446
That's right, the alternate dns is empty
There is only 1 NIC, which is of course my onboard NIC.
0
 

Author Comment

by:dbidesign
ID: 36553114
Can anyone offer any further assistance?
0
 

Expert Comment

by:Lamini
ID: 36555357
several times i have users trying to join the domain and i have seen the error.

when attempting to join the domain, you will get the credential pop-up window. on this window, ive seen the servername work just fine, and sometimes i've seen that not work, but entering the full fqdn work.

short: servername
long: servername.domain.com

log on exactly as you did on XP? Account you're using not locked out on AD? Using credentials with enough priveleges to get you on the domain? flush/register dns? restart netlogon?  I've never had to go beyond that.

good luck
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 22

Expert Comment

by:yo_bee
ID: 36555367
Do you have another machine that you can try?
To rule out a specific computer or possible type.
Can you also post an output of the ipconfig of the client?
0
 

Author Comment

by:dbidesign
ID: 36558574
Lamini:

I've tried both versions of domain name, im using the same administrator account i used for the other XP machine, already tried flushing dns cache. But i haven't tried restarting netlogon i will give that a go. \

yo_bee:
I do have a few laptops to try i didn't want them on the domain but may as well try and can convert back to workgroup anyway.

Here is the ipconfig of the problem client:
 ipconfig
0
 
LVL 22

Expert Comment

by:yo_bee
ID: 36559696
can you post a ipconfig /all
0
 

Expert Comment

by:Lamini
ID: 36564647
we need the "ipconfig /all" to view dns settings.
0
 

Author Comment

by:dbidesign
ID: 36565645
here we go:

 ip
0
 

Author Comment

by:dbidesign
ID: 36597359
So i've tried using another computer to connect to the domain, but get the same error. I am thinking it is a problem with the DNS applicaiton on the server? It is a newly set up DNS server set up only a few weeks ago.
0
 
LVL 22

Expert Comment

by:yo_bee
ID: 36598583
Sounds like it.

Listed below are the items that need to be in DNS for AD to work properly. Are they all there?
   Foward Lookup ZOne
0
 

Expert Comment

by:Lamini
ID: 36598898
you said earlier you could ping your dns server, assuming you also tried DNS ping? do not see your pointers so just askin.

ping <servername>.

If that dont work, obviously, no logon. If thats the case, rather than troubleshooting, i'd tear it down and rebuild if possible.
0
 

Author Comment

by:dbidesign
ID: 36708236
Lamini:
I pinged the ip, but i didn't ping the server name.

Yo Bee:
I can't find where those items are.


I will try to re-install the DNS role again.
0
 

Expert Comment

by:Lamini
ID: 36709004
if you cant ping your dns server, you know what your problem is then. easiest and quickest way to resolve this is simply rebuilding your dns server. If clearing your DNS settings (AdminTools>DNS>forwarders/reverse lookup) (and i dont know what yours looks like) doesnt do the job (most of the time it has for me), simply reinstalling the DNS role will do it, as long as everything else is set correctly.
0
 
LVL 22

Expert Comment

by:yo_bee
ID: 36709262
@DBidesign
Open DNS > Forward lookup Zone > Domain Name >  those items should be there.  If not there is your problem.
0
 
LVL 22

Expert Comment

by:yo_bee
ID: 36709410
Here is a snippet of some things to look for
So you are saying you had an AD integrated zone, then you made it a non-AD integrated zone, which wiped it out of the AD database and into a text file on the machine you did this on, specifically in the system32\dns in a file called zonename.dns. Is that correct?
 
So do you still have that zone file name, zonename.dns? If so, load it into DNS, and go into properties, and make it AD integrated again.

Unless you lost the zone text file?

First check to see if your DNS is set to AD intergration
1:Open DNS
2: Expand Forward lookup zone
  DNS structure3:Right click the Domain and select Properties
 Propteries of Domain DNS4: Check to see if the DNS is working off of a file or AD/Registry
Right click the DNS server name and select properties > Advanced
Server DNS Properties
How to clear bad information in Active Directory-integrated DNS
How to reinstall a dynamic DNS Active Directory-integrated zone
 
0
 

Author Comment

by:dbidesign
ID: 36922698
I have reinstalled the DNS server, and also configured it as per the screen shots by Yo_Bee. But here is a screenshot of what my forward zone looks like:

 hg
0
 

Author Comment

by:dbidesign
ID: 36927808
does anyone know why it doesn't look the same as Yo_Bee?
0
 
LVL 22

Expert Comment

by:yo_bee
ID: 36927850
Can you confirm that your dns is in intergrated mode.
0
 
LVL 22

Expert Comment

by:yo_bee
ID: 36927885
Are there any errors or warnings in your DC event logs for DNS?
I just noticed your IPCONFIG.

I see your server ip is .10 and your DNS is .1.
Is that correct?
0
 

Author Comment

by:dbidesign
ID: 36928170
Thats right, it is in integrated mode, doublechecked just then.
Also, the Forward lookup zone seems to have updated now to be the same as the screenshot of your forward lookup zone.
I will check on the event logs soon.

Here is an updated screenshot of the ipconfig for the server.

 fg
0
 
LVL 22

Expert Comment

by:yo_bee
ID: 36928212
0
 

Accepted Solution

by:
Lamini earned 125 total points
ID: 36928268
your dns stuff looks a bit screwed.

open tcp/ip properties, check your dns tab. make sure apped parent suffixes... radio tab is checked, and check the box below it "Apped parent suffixes..."; and on the bottom, make sure the bottom check boxes are both checked. follow by a refresh a couple times in you DNS Manager. If that dont do it, restarting the dns server (right click, restart) should do it.
0
 

Author Closing Comment

by:dbidesign
ID: 36928290
I finally got it! I followed as you said above, but i used the network id wizard instead of the other method of changing the radio tab from workgroup to domain.
All works now. Thanks a heap for your help.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
cannot unmapped a network drive 10 76
How computer Arp Table gets populated. 21 86
RDNS & PTR Recrods for mail server 4 16
SBS2008 c:\ drive toosmall 64 58
Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

948 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now