Solved

cannot join pc to server 2008 domain

Posted on 2011-09-16
40
359 Views
Last Modified: 2012-05-12
Hi there,
I have a Windows 7 Pro PC i am trying to join to my domain. I already have an XP Pro PC joined to the domain, but my windows 7 pc will not join.
I have tried setting a manual ip address to the same subnet as the server, tried setting the dns server as my server, setting the ip settings on the pc to automatic.

When i go to join the domain, i am prompted for the username and password, which is entered correctly, then i am faced with the following error:

"an attempt to resolve the dns name of a domain controller in the domain being joined has failed. please verify this client is configured to reach an dns server that can resolve dns names in the target domain."

What could possibly be the issue?

0
Comment
Question by:dbidesign
  • 15
  • 8
  • 8
  • +3
40 Comments
 
LVL 10

Expert Comment

by:gaurav05
Comment Utility
Hi,

You might also try to do an nslookup for the domain controllers:
At the command prompt enter nslookup
set type=srv
_ldap._tcp.dc._msdcs.domain.name

Your domain controller(s) should be listed if configured correctly. (Replace domain.name with your actual domain name)
0
 
LVL 10

Expert Comment

by:gaurav05
Comment Utility
Hi,

If you open up the DNS console from Administrative Tools on your server, then expand Forward Lookup Zones, can you see "domain.name"?
0
 
LVL 10

Expert Comment

by:gaurav05
Comment Utility
Hi,

computer to join the domain by doing the following:  in the network adapter IP 4 properties, set the DNS ip address to that of the domain controller, NOT the DNS.

OR

cmputer by turning off or unchecking IPv6
0
 
LVL 1

Expert Comment

by:rodeca
Comment Utility
In my network (SBS 2008) I had to configure and set my DC as DNS server, and then set its IP as DNS address for the clients (in fact, I configured DHCP and set client IP to automatic).

I cannot remember where I saw it, but there was something like that for win7 - Server2008 to work you must enable IPv6, although you don't employ it (perhaps some expert may help on this ;-)

HIH
0
 

Author Comment

by:dbidesign
Comment Utility
Guarav05
 - the domain controller was not listed when i entered that command
- yes, the domain is listed in DNS under forward lookup
- i set the dns ip address to that of my server (the same ip address i use to remote into the server)
- unchecking ipv6 did not fix it


Rodeca
i have tried with DHCP turned off and turned on, no luck


               
0
 
LVL 10

Expert Comment

by:gaurav05
Comment Utility
Hi,

add your DC(s) addresses to your Windows 7 machine's HOSTS file
0
 
LVL 10

Expert Comment

by:gaurav05
Comment Utility
Hi,

Could be you don't have a reverse lookup zone configured. In DNS on your server right-click reverse lookup zone - select New Zone. Make sure it and the rest of your DNS is active directory integrated and in the network address enter the first three octets of your subnet - 10.0.0 or 192.168.0, then next and finish.

Nslookup won't work without correctly configured a reverse lookup zone on the dns server
0
 
LVL 10

Expert Comment

by:gaurav05
Comment Utility
0
 
LVL 87

Expert Comment

by:rindi
Comment Utility
Try joining using the following method:

On the Windows 7 PC right click on "Computer", select "Properties", then in the Computer name section select "Change Settings". Now select "Network ID" and now answer the Questions to join the PC to the Domain.

0
 

Author Comment

by:dbidesign
Comment Utility
gaurav05:
-I set up a reverse lookup zone, still can't find the domain using the command you gave me before and still can't join domain
- Disabled firewall, still can't join domain

Rindi:
I ran the wizard and restarted my PC, nothing changed.

It's a tough one but we can get crack this!
0
 

Author Comment

by:dbidesign
Comment Utility
I found the hosts file, but i cannot save because i need administrator privileges. I ran notepad as administrator and then tried to open hosts file - still will not let me save it.
Is the DC address the ip address of the server?
0
 
LVL 10

Expert Comment

by:gaurav05
Comment Utility

did u get the response while you ping your DC server ?

thanks for the information

Is the Dc adderss the ip address of the server ?

yes.

try to make host entry.





0
 

Author Comment

by:dbidesign
Comment Utility
the ip of my server is 192.168.1.1
I can successfully ping my server
I can successfully remotely log into my server

Is the DC the same address as this? How do i know if it isn't?
I am still trying to make host entry.
0
 
LVL 10

Expert Comment

by:gaurav05
Comment Utility


Hi,

try

nslookup  192.168.1.1

it gives you the DC Name or not ?





0
 
LVL 87

Expert Comment

by:rindi
Comment Utility
Have you made sure the DNS server IP on your PC only points to the DNS server of your AD domain and no others? Also try disabling IPv6 for the connection test. Also make sure the Windows 7 PC has all windowsupdates installed (maybe also disable the AV software for the process).
0
 

Author Comment

by:dbidesign
Comment Utility
at the command prompt i typed: nslookup 192.168.1.1
result: non-existant domain

I changed the preferred DNS address to 192.168.1.1
I set the default gateway to my router - i can still access the internet
I set the default gateway to 192.168.1.1 - i cannot access internet

Yes, have installed all windows updates
Yes, have disabled ipv6 and tried again
Has not worked still

What is strange is it prompts me to enter the username and password after i type in the domain name, and i enter the details correctly. But i still get the error.



0
 
LVL 87

Expert Comment

by:rindi
Comment Utility
"I changed the preferred DNS address to 192.168.1.1"

and you made sure the Alternate DNS address is empty?

Are there more than one NICs in the PC?
0
 

Author Comment

by:dbidesign
Comment Utility
That's right, the alternate dns is empty
There is only 1 NIC, which is of course my onboard NIC.
0
 

Author Comment

by:dbidesign
Comment Utility
Can anyone offer any further assistance?
0
 

Expert Comment

by:Lamini
Comment Utility
several times i have users trying to join the domain and i have seen the error.

when attempting to join the domain, you will get the credential pop-up window. on this window, ive seen the servername work just fine, and sometimes i've seen that not work, but entering the full fqdn work.

short: servername
long: servername.domain.com

log on exactly as you did on XP? Account you're using not locked out on AD? Using credentials with enough priveleges to get you on the domain? flush/register dns? restart netlogon?  I've never had to go beyond that.

good luck
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 21

Expert Comment

by:yo_bee
Comment Utility
Do you have another machine that you can try?
To rule out a specific computer or possible type.
Can you also post an output of the ipconfig of the client?
0
 

Author Comment

by:dbidesign
Comment Utility
Lamini:

I've tried both versions of domain name, im using the same administrator account i used for the other XP machine, already tried flushing dns cache. But i haven't tried restarting netlogon i will give that a go. \

yo_bee:
I do have a few laptops to try i didn't want them on the domain but may as well try and can convert back to workgroup anyway.

Here is the ipconfig of the problem client:
 ipconfig
0
 
LVL 21

Expert Comment

by:yo_bee
Comment Utility
can you post a ipconfig /all
0
 

Expert Comment

by:Lamini
Comment Utility
we need the "ipconfig /all" to view dns settings.
0
 

Author Comment

by:dbidesign
Comment Utility
here we go:

 ip
0
 

Author Comment

by:dbidesign
Comment Utility
So i've tried using another computer to connect to the domain, but get the same error. I am thinking it is a problem with the DNS applicaiton on the server? It is a newly set up DNS server set up only a few weeks ago.
0
 
LVL 21

Expert Comment

by:yo_bee
Comment Utility
Sounds like it.

Listed below are the items that need to be in DNS for AD to work properly. Are they all there?
   Foward Lookup ZOne
0
 

Expert Comment

by:Lamini
Comment Utility
you said earlier you could ping your dns server, assuming you also tried DNS ping? do not see your pointers so just askin.

ping <servername>.

If that dont work, obviously, no logon. If thats the case, rather than troubleshooting, i'd tear it down and rebuild if possible.
0
 

Author Comment

by:dbidesign
Comment Utility
Lamini:
I pinged the ip, but i didn't ping the server name.

Yo Bee:
I can't find where those items are.


I will try to re-install the DNS role again.
0
 

Expert Comment

by:Lamini
Comment Utility
if you cant ping your dns server, you know what your problem is then. easiest and quickest way to resolve this is simply rebuilding your dns server. If clearing your DNS settings (AdminTools>DNS>forwarders/reverse lookup) (and i dont know what yours looks like) doesnt do the job (most of the time it has for me), simply reinstalling the DNS role will do it, as long as everything else is set correctly.
0
 
LVL 21

Expert Comment

by:yo_bee
Comment Utility
@DBidesign
Open DNS > Forward lookup Zone > Domain Name >  those items should be there.  If not there is your problem.
0
 
LVL 21

Expert Comment

by:yo_bee
Comment Utility
Here is a snippet of some things to look for
So you are saying you had an AD integrated zone, then you made it a non-AD integrated zone, which wiped it out of the AD database and into a text file on the machine you did this on, specifically in the system32\dns in a file called zonename.dns. Is that correct?
 
So do you still have that zone file name, zonename.dns? If so, load it into DNS, and go into properties, and make it AD integrated again.

Unless you lost the zone text file?

First check to see if your DNS is set to AD intergration
1:Open DNS
2: Expand Forward lookup zone
  DNS structure3:Right click the Domain and select Properties
 Propteries of Domain DNS4: Check to see if the DNS is working off of a file or AD/Registry
Right click the DNS server name and select properties > Advanced
Server DNS Properties
How to clear bad information in Active Directory-integrated DNS
How to reinstall a dynamic DNS Active Directory-integrated zone
 
0
 

Author Comment

by:dbidesign
Comment Utility
I have reinstalled the DNS server, and also configured it as per the screen shots by Yo_Bee. But here is a screenshot of what my forward zone looks like:

 hg
0
 

Author Comment

by:dbidesign
Comment Utility
does anyone know why it doesn't look the same as Yo_Bee?
0
 
LVL 21

Expert Comment

by:yo_bee
Comment Utility
Can you confirm that your dns is in intergrated mode.
0
 
LVL 21

Expert Comment

by:yo_bee
Comment Utility
Are there any errors or warnings in your DC event logs for DNS?
I just noticed your IPCONFIG.

I see your server ip is .10 and your DNS is .1.
Is that correct?
0
 

Author Comment

by:dbidesign
Comment Utility
Thats right, it is in integrated mode, doublechecked just then.
Also, the Forward lookup zone seems to have updated now to be the same as the screenshot of your forward lookup zone.
I will check on the event logs soon.

Here is an updated screenshot of the ipconfig for the server.

 fg
0
 
LVL 21

Expert Comment

by:yo_bee
Comment Utility
0
 

Accepted Solution

by:
Lamini earned 125 total points
Comment Utility
your dns stuff looks a bit screwed.

open tcp/ip properties, check your dns tab. make sure apped parent suffixes... radio tab is checked, and check the box below it "Apped parent suffixes..."; and on the bottom, make sure the bottom check boxes are both checked. follow by a refresh a couple times in you DNS Manager. If that dont do it, restarting the dns server (right click, restart) should do it.
0
 

Author Closing Comment

by:dbidesign
Comment Utility
I finally got it! I followed as you said above, but i used the network id wizard instead of the other method of changing the radio tab from workgroup to domain.
All works now. Thanks a heap for your help.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now