• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 718
  • Last Modified:

A domain controller for the domain ***.com could not be contacted

I can't get a laptop to join the domain.  It's a wired connection.  I have 1 server running SBS 2003 SP2.  The server is the only domain controller and it runs DHCP.  I've tried the laptop setup with TCP/IP obtain IP address automatically, and now I've got it setup with a static IP of 192.168.2.99, Subnet 255.255.255.0, gateway 192.168.2.1, and DNS 192.168.2.1
My server's ip is 192.168.2.1, subnet 255.255.255.0, gateway 192.168.2.254 and DNS 192.168.2.1

I've added the laptop computer to Users and  Computers, I can ping the server from the laptop either by name (exchange) or by IP address.

I have the wireless connection on the laptop disabled, for now.  I've tried joining the domain by running the Network ID wizard in My Computer/Properties, and also by going to http://exchange/ConnectComputer like it tells me to after I add the computer to Users and Computers.  Every time I get the error message A domain Controller for the domain ****.com could not be contacted.  Ensure that the domain name is typed correctly.

I don't have a ton of experience with Servers..... This Server has not had a computer added to the domain in several years, it's been a static setup until now.

 I did run DCDIAG and this is what it says:

Domain Controller Diagnosis

Performing initial setup:
   Done gathering initial info.

Doing initial required tests
   
   Testing server: Default-First-Site-Name\EXCHANGE
      Starting test: Connectivity
         ......................... EXCHANGE passed test Connectivity

Doing primary tests
   
   Testing server: Default-First-Site-Name\EXCHANGE
      Starting test: Replications
         ......................... EXCHANGE passed test Replications
      Starting test: Topology
         ......................... EXCHANGE passed test Topology
      Starting test: CutoffServers
         ......................... EXCHANGE passed test CutoffServers
      Starting test: NCSecDesc
         ......................... EXCHANGE passed test NCSecDesc
      Starting test: NetLogons
         ......................... EXCHANGE passed test NetLogons
      Starting test: Advertising
         ......................... EXCHANGE passed test Advertising
      Starting test: KnowsOfRoleHolders
         ......................... EXCHANGE passed test KnowsOfRoleHolders
      Starting test: RidManager
         ......................... EXCHANGE passed test RidManager
      Starting test: MachineAccount
         ......................... EXCHANGE passed test MachineAccount
      Starting test: Services
            IsmServ Service is stopped on [EXCHANGE]
         ......................... EXCHANGE failed test Services
      Starting test: OutboundSecureChannels
         ** Did not run Outbound Secure Channels test
         because /testdomain: was not entered
         ......................... EXCHANGE passed test OutboundSecureChannels
      Starting test: ObjectsReplicated
         ......................... EXCHANGE passed test ObjectsReplicated
      Starting test: frssysvol
         ......................... EXCHANGE passed test frssysvol
      Starting test: frsevent
         ......................... EXCHANGE passed test frsevent
      Starting test: kccevent
         ......................... EXCHANGE passed test kccevent
      Starting test: systemlog
         ......................... EXCHANGE passed test systemlog
      Starting test: VerifyReplicas
         ......................... EXCHANGE passed test VerifyReplicas
      Starting test: VerifyReferences
         ......................... EXCHANGE passed test VerifyReferences
      Starting test: VerifyEnterpriseReferences
         ......................... EXCHANGE passed test VerifyEnterpriseReferences
      Starting test: CheckSecurityError
         [EXCHANGE] No security related replication errors were found on this DC!  To target the connection to a

specific source DC use /ReplSource:<DC>.
         ......................... EXCHANGE passed test CheckSecurityError
   
   Running partition tests on : ForestDnsZones
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
   
   Running partition tests on : DomainDnsZones
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
   
   Running partition tests on : Schema
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
   
   Running partition tests on : Configuration
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
   
   Running partition tests on : mybusiness
      Starting test: CrossRefValidation
         ......................... mybusiness passed test CrossRefValidation
      Starting test: CheckSDRefDom
         ......................... mybusiness passed test CheckSDRefDom
   
   Running enterprise tests on : mybusiness.com
      Starting test: Intersite
         ......................... mybusiness.com passed test Intersite
      Starting test: FsmoCheck
         ......................... mybusiness.com passed test FsmoCheck
      Starting test: DNS
         Test results for domain controllers:
           
            DC: exchange.mybusiness.com
            Domain: mybusiness.com

                 
               TEST: Forwarders/Root hints (Forw)
                  Error: Forwarders list has invalid forwarder: 208.67.220.220 (<name unavailable>)
                  Error: Forwarders list has invalid forwarder: 208.67.222.222 (<name unavailable>)
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 208.67.220.220 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS

server 208.67.220.220
               
            DNS server: 208.67.222.222 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS

server 208.67.222.222
               
         ......................... mybusiness.com passed test DNS


0
riebese
Asked:
riebese
  • 5
  • 4
  • 3
  • +3
1 Solution
 
yo_beeDirector of ITCommented:
What type os is on the laptop?
0
 
Radhakrishnan RITCommented:
Hi,

It's pointing to check your DNS, as per your dcdiag "Error: Forwarders list has invalid forwarder: 208.67.220.220 (<name unavailable>)
                  Error: Forwarders list has invalid forwarder: 208.67.222.222 (<name unavailable>)
         
         Summary of test results for DNS servers used by the above domain controllers:

            DNS server: 208.67.220.220 (<name unavailable>)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS"

This seems to be the issue, Your DNS server name and Forwarder addresses are showing as same. Also, the DNS addresse which is showing seems to be public IP not your servers local IP.
Usually forwarders will be any public domain IP like google,microsoft, or your ISP etc...

Make sure that your dns configured properly and point the appropriate IP addresse in Primary dns and alternate dns addresses.

Make sure that the servers A record and ptr records are present in DNS.

"Good Luck"
0
 
archmukCommented:
There is a problem with the forwarders configured on your DNS server for the external DNS 208.67.220.220 etc. These are valid external DNS but as your DC must be behind a firewall, it wont be able to forward the dns request unless specifically permitted on firewall.
However the problem of not been able to join the domain has no relation with this. The default gateway of the PC should also be 192.168.2.254. Pl try changing the gateway and check domain joining activity.
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
SandeshdubeyCommented:
Yes the cleint gateway should be  pointed to 192.168.2.254.Under TCP/IP Options enable NetBIOS over TCP/IP.Checked the workstation,server,TCP/IP Netbios helper,computer browser services are up and running.Point the DNS setting to correct DC.

Disjoin the PC from domain.Delete the computer object from AD and DC wait for replication to take place if multiple DC are in the environment.After replication is completed join the PC to domain if possible change the PC name and add to domain.

Make sure that DNS is running on the server. Go to administrative tools and click on services. Check to make sure DNS server is running.In administrative tools double click on DNS server and make sure the forward and reverse lookup are configured right.

On the server check the DNS setting on the Server it should point to itself.If the public ip address is added in the NIC DNS setting remove the same and add to DNS forwarders if required.If 127.0.0.1 is entered as dns remove the same and add ip address of the server.

Check NIC binding the Nic which is online and has ip details should be in first order.If multiple NIC are present then disabled the unrequired NIC.

Check the Windows firewall GPO on the SBS server add the cleint subnet to exception.

0
 
Sushant GulatiConsultantCommented:
If it's Windows 7 that you are trying to add in Windows 2003 SBS domain then disable the firewall on the Windows 7 machine and turn on network discovery.

Try giving the static IP address on the system that you are trying to add. I don't think the forwarders will make any difference while joining the machine into the domain. Though as mentioned earlier correct your DNS settings and check your firewall if any which is restricting your DNS to contact the forwarder's IP address.

The client machine should be pointed to the valid DNS server i.e., 192.168.2.1 and should be a gateway IP address.

Check the network adapter settings, the option "Register this connection's address in DNS should be marked checked".

Are we able to ping the DNS, Default Gateway or ping the FQDN? Do we see the valid results?

Good Luck..!!
~SG~
0
 
yo_beeDirector of ITCommented:
The reason I asked what OS the client is running is because there are none issue with trying to use the SBS 2003 Web utilities to join W7 computers.
First thing is W7 flavor must be W7 Pro or Enterprise.  If this is not one of those then you can not join a Windows domain.

If it is one of the flavors then you cannot use the Web join utility.  You need to do this manually.

Right click Computer > Properties > Advance System Settings > Computer Name Tab > Change > Enter the Domain you want to join.

Note you will need the domain admin name and password.

You do not have to set the ip-address as static.  As long as the DHCP is dishing out the proper scope and dns info you should be fine.

You have another issue on your hand with the forwarder in DNS, but that is not the cause of why you are not able to join the domain.
You might want to look at that when you are able to join the client.

 
0
 
riebeseAuthor Commented:
The OS on the laptop is XP Pro.  I'll check on the other suggestions now and report back.  Thank you.
0
 
yo_beeDirector of ITCommented:
Are you able to resolve DNS pinging the domain controller name or doing a NSLOOKUP
1: Open Command Prompt for the Client computer
2: Type PING [Computername] (note leave out the brackets)

If successful you should see four replies with an IP-ADDRESS of the server.

Option two

1: Open Command Prompt
2: NSLOOKUP [ComputerName]  

If you are not returned the domain computer IP then you have other issues with your DNS.  

On another note even though I stated the steps for W7 you can also do the same on XP and see if it works.

Right Click My Computer > Properties > Computer Name Tab > Change > enter the domain name.  
0
 
riebeseAuthor Commented:
I will be back onsite to try these suggestions in a few hours, and will report back.  Thank you.
0
 
Sushant GulatiConsultantCommented:
Check the ipconfig /all result see if the "NETBIOS over TCP/IP is disabled. You can see in the GUI it shows enable but in the CLI it shows up as disabled.

NetBIOS over Tcpip. . . . . . . . : Disabled

Follow this forum.

http://social.technet.microsoft.com/Forums/en-US/winservercore/thread/d18bd172-e1a0-4a61-ba52-0952a1e3cabc/

Also paste the exact error message when you get at the time of adding the XP machine into the domain.

Good Luck..!!
~SG~
0
 
riebeseAuthor Commented:
I changed the gateway on the laptop to be 192.168.2.254.  I changed the name of the laptop and rebooted.  I added the new laptop name in AD computers.  Tried to join domain again and got the same message that domain controller could not be contacted.
With the gateway changed to 192.168.2.154 I can't get to any websites from the laptop, but I can ping the server, 192.168.2.1
DNS Server service is running on the server.  Under DNS Management on the server, the IP to server DNS requests is 192.168.2.1 (Server IP).
The TCP/IP settings of the NIC on the Server are Gateway 192.168.2.254 and DNS is 192.168.2.1

Sorry for taking so long, I just got back on site.  I'll answer the rest of the questions in a minute.
0
 
riebeseAuthor Commented:
Register this connection's address in DNS is set on the laptop TCP/IP settings.
I can't ping the gateway 192.168.2.254
I can ping the DNS server 192.168.2.1, I can't ping the FQDN
Sandeshdubey, I don' know what you mean by the NIC binding.....
Working on answering/trying the rest of the suggestions now.
0
 
Sushant GulatiConsultantCommented:
The NIC binding is setting up the network priority or if the NIC cards are teamed using NIC teaming method. This will be checked if the system is running on dual NIC cards.

Network and Connections settings > Advanced > Advanced Settings > Connections > NIC with the right IP should be at the top

Because we have forwarders errors in dcdiag thats why. Any more tests done?
0
 
riebeseAuthor Commented:
NetBIOS over tcpip was disabled.  I followed SG's thread and editted the registry and all is good.
thank you everyone!
0
 
Sushant GulatiConsultantCommented:
You bet..!! Adios..!! riebese...
0

Featured Post

Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

  • 5
  • 4
  • 3
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now