A domain controller for the domain ***.com could not be contacted
I can't get a laptop to join the domain. It's a wired connection. I have 1 server running SBS 2003 SP2. The server is the only domain controller and it runs DHCP. I've tried the laptop setup with TCP/IP obtain IP address automatically, and now I've got it setup with a static IP of 192.168.2.99, Subnet 255.255.255.0, gateway 192.168.2.1, and DNS 192.168.2.1
My server's ip is 192.168.2.1, subnet 255.255.255.0, gateway 192.168.2.254 and DNS 192.168.2.1
I've added the laptop computer to Users and Computers, I can ping the server from the laptop either by name (exchange) or by IP address.
I have the wireless connection on the laptop disabled, for now. I've tried joining the domain by running the Network ID wizard in My Computer/Properties, and also by going to http://exchange/ConnectComputer like it tells me to after I add the computer to Users and Computers. Every time I get the error message A domain Controller for the domain ****.com could not be contacted. Ensure that the domain name is typed correctly.
I don't have a ton of experience with Servers..... This Server has not had a computer added to the domain in several years, it's been a static setup until now.
I did run DCDIAG and this is what it says:
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\EX
Starting test: Connectivity
......................... EXCHANGE passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\EX
Starting test: Replications
......................... EXCHANGE passed test Replications
Starting test: Topology
......................... EXCHANGE passed test Topology
Starting test: CutoffServers
......................... EXCHANGE passed test CutoffServers
Starting test: NCSecDesc
......................... EXCHANGE passed test NCSecDesc
Starting test: NetLogons
......................... EXCHANGE passed test NetLogons
Starting test: Advertising
......................... EXCHANGE passed test Advertising
Starting test: KnowsOfRoleHolders
......................... EXCHANGE passed test KnowsOfRoleHolders
Starting test: RidManager
......................... EXCHANGE passed test RidManager
Starting test: MachineAccount
......................... EXCHANGE passed test MachineAccount
Starting test: Services
IsmServ Service is stopped on [EXCHANGE]
......................... EXCHANGE failed test Services
Starting test: OutboundSecureChannels
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... EXCHANGE passed test OutboundSecureChannels
Starting test: ObjectsReplicated
......................... EXCHANGE passed test ObjectsReplicated
Starting test: frssysvol
......................... EXCHANGE passed test frssysvol
Starting test: frsevent
......................... EXCHANGE passed test frsevent
Starting test: kccevent
......................... EXCHANGE passed test kccevent
Starting test: systemlog
......................... EXCHANGE passed test systemlog
Starting test: VerifyReplicas
......................... EXCHANGE passed test VerifyReplicas
Starting test: VerifyReferences
......................... EXCHANGE passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... EXCHANGE passed test VerifyEnterpriseReferences
Starting test: CheckSecurityError
[EXCHANGE] No security related replication errors were found on this DC! To target the connection to a
specific source DC use /ReplSource:<DC>.
......................... EXCHANGE passed test CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : mybusiness
Starting test: CrossRefValidation
......................... mybusiness passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... mybusiness passed test CheckSDRefDom
Running enterprise tests on : mybusiness.com
Starting test: Intersite
......................... mybusiness.com passed test Intersite
Starting test: FsmoCheck
......................... mybusiness.com passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:
DC: exchange.mybusiness.com
Domain: mybusiness.com
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder: 208.67.220.220 (<name unavailable>)
Error: Forwarders list has invalid forwarder: 208.67.222.222 (<name unavailable>)
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS
server 208.67.220.220
DNS server: 208.67.222.222 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS
server 208.67.222.222
......................... mybusiness.com passed test DNS
My server's ip is 192.168.2.1, subnet 255.255.255.0, gateway 192.168.2.254 and DNS 192.168.2.1
I've added the laptop computer to Users and Computers, I can ping the server from the laptop either by name (exchange) or by IP address.
I have the wireless connection on the laptop disabled, for now. I've tried joining the domain by running the Network ID wizard in My Computer/Properties, and also by going to http://exchange/ConnectComputer like it tells me to after I add the computer to Users and Computers. Every time I get the error message A domain Controller for the domain ****.com could not be contacted. Ensure that the domain name is typed correctly.
I don't have a ton of experience with Servers..... This Server has not had a computer added to the domain in several years, it's been a static setup until now.
I did run DCDIAG and this is what it says:
Domain Controller Diagnosis
Performing initial setup:
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\EX
Starting test: Connectivity
......................... EXCHANGE passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\EX
Starting test: Replications
......................... EXCHANGE passed test Replications
Starting test: Topology
......................... EXCHANGE passed test Topology
Starting test: CutoffServers
......................... EXCHANGE passed test CutoffServers
Starting test: NCSecDesc
......................... EXCHANGE passed test NCSecDesc
Starting test: NetLogons
......................... EXCHANGE passed test NetLogons
Starting test: Advertising
......................... EXCHANGE passed test Advertising
Starting test: KnowsOfRoleHolders
......................... EXCHANGE passed test KnowsOfRoleHolders
Starting test: RidManager
......................... EXCHANGE passed test RidManager
Starting test: MachineAccount
......................... EXCHANGE passed test MachineAccount
Starting test: Services
IsmServ Service is stopped on [EXCHANGE]
......................... EXCHANGE failed test Services
Starting test: OutboundSecureChannels
** Did not run Outbound Secure Channels test
because /testdomain: was not entered
......................... EXCHANGE passed test OutboundSecureChannels
Starting test: ObjectsReplicated
......................... EXCHANGE passed test ObjectsReplicated
Starting test: frssysvol
......................... EXCHANGE passed test frssysvol
Starting test: frsevent
......................... EXCHANGE passed test frsevent
Starting test: kccevent
......................... EXCHANGE passed test kccevent
Starting test: systemlog
......................... EXCHANGE passed test systemlog
Starting test: VerifyReplicas
......................... EXCHANGE passed test VerifyReplicas
Starting test: VerifyReferences
......................... EXCHANGE passed test VerifyReferences
Starting test: VerifyEnterpriseReferences
......................... EXCHANGE passed test VerifyEnterpriseReferences
Starting test: CheckSecurityError
[EXCHANGE] No security related replication errors were found on this DC! To target the connection to a
specific source DC use /ReplSource:<DC>.
......................... EXCHANGE passed test CheckSecurityError
Running partition tests on : ForestDnsZones
Starting test: CrossRefValidation
......................... ForestDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Running partition tests on : DomainDnsZones
Starting test: CrossRefValidation
......................... DomainDnsZones passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Running partition tests on : Schema
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Running partition tests on : Configuration
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Running partition tests on : mybusiness
Starting test: CrossRefValidation
......................... mybusiness passed test CrossRefValidation
Starting test: CheckSDRefDom
......................... mybusiness passed test CheckSDRefDom
Running enterprise tests on : mybusiness.com
Starting test: Intersite
......................... mybusiness.com passed test Intersite
Starting test: FsmoCheck
......................... mybusiness.com passed test FsmoCheck
Starting test: DNS
Test results for domain controllers:
DC: exchange.mybusiness.com
Domain: mybusiness.com
TEST: Forwarders/Root hints (Forw)
Error: Forwarders list has invalid forwarder: 208.67.220.220 (<name unavailable>)
Error: Forwarders list has invalid forwarder: 208.67.222.222 (<name unavailable>)
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS
server 208.67.220.220
DNS server: 208.67.222.222 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS
server 208.67.222.222
......................... mybusiness.com passed test DNS
yo_bee
What type os is on the laptop?
Hi,
It's pointing to check your DNS, as per your dcdiag "Error: Forwarders list has invalid forwarder: 208.67.220.220 (<name unavailable>)
Error: Forwarders list has invalid forwarder: 208.67.222.222 (<name unavailable>)
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS"
This seems to be the issue, Your DNS server name and Forwarder addresses are showing as same. Also, the DNS addresse which is showing seems to be public IP not your servers local IP.
Usually forwarders will be any public domain IP like google,microsoft, or your ISP etc...
Make sure that your dns configured properly and point the appropriate IP addresse in Primary dns and alternate dns addresses.
Make sure that the servers A record and ptr records are present in DNS.
"Good Luck"
It's pointing to check your DNS, as per your dcdiag "Error: Forwarders list has invalid forwarder: 208.67.220.220 (<name unavailable>)
Error: Forwarders list has invalid forwarder: 208.67.222.222 (<name unavailable>)
Summary of test results for DNS servers used by the above domain controllers:
DNS server: 208.67.220.220 (<name unavailable>)
1 test failure on this DNS server
This is not a valid DNS server. PTR record query for the 1.0.0.127.in-addr.arpa. failed on the DNS"
This seems to be the issue, Your DNS server name and Forwarder addresses are showing as same. Also, the DNS addresse which is showing seems to be public IP not your servers local IP.
Usually forwarders will be any public domain IP like google,microsoft, or your ISP etc...
Make sure that your dns configured properly and point the appropriate IP addresse in Primary dns and alternate dns addresses.
Make sure that the servers A record and ptr records are present in DNS.
"Good Luck"
There is a problem with the forwarders configured on your DNS server for the external DNS 208.67.220.220 etc. These are valid external DNS but as your DC must be behind a firewall, it wont be able to forward the dns request unless specifically permitted on firewall.
However the problem of not been able to join the domain has no relation with this. The default gateway of the PC should also be 192.168.2.254. Pl try changing the gateway and check domain joining activity.
However the problem of not been able to join the domain has no relation with this. The default gateway of the PC should also be 192.168.2.254. Pl try changing the gateway and check domain joining activity.
Yes the cleint gateway should be pointed to 192.168.2.254.Under TCP/IP Options enable NetBIOS over TCP/IP.Checked the workstation,server,TCP/IP Netbios helper,computer browser services are up and running.Point the DNS setting to correct DC.
Disjoin the PC from domain.Delete the computer object from AD and DC wait for replication to take place if multiple DC are in the environment.After replication is completed join the PC to domain if possible change the PC name and add to domain.
Make sure that DNS is running on the server. Go to administrative tools and click on services. Check to make sure DNS server is running.In administrative tools double click on DNS server and make sure the forward and reverse lookup are configured right.
On the server check the DNS setting on the Server it should point to itself.If the public ip address is added in the NIC DNS setting remove the same and add to DNS forwarders if required.If 127.0.0.1 is entered as dns remove the same and add ip address of the server.
Check NIC binding the Nic which is online and has ip details should be in first order.If multiple NIC are present then disabled the unrequired NIC.
Check the Windows firewall GPO on the SBS server add the cleint subnet to exception.
Disjoin the PC from domain.Delete the computer object from AD and DC wait for replication to take place if multiple DC are in the environment.After replication is completed join the PC to domain if possible change the PC name and add to domain.
Make sure that DNS is running on the server. Go to administrative tools and click on services. Check to make sure DNS server is running.In administrative tools double click on DNS server and make sure the forward and reverse lookup are configured right.
On the server check the DNS setting on the Server it should point to itself.If the public ip address is added in the NIC DNS setting remove the same and add to DNS forwarders if required.If 127.0.0.1 is entered as dns remove the same and add ip address of the server.
Check NIC binding the Nic which is online and has ip details should be in first order.If multiple NIC are present then disabled the unrequired NIC.
Check the Windows firewall GPO on the SBS server add the cleint subnet to exception.
If it's Windows 7 that you are trying to add in Windows 2003 SBS domain then disable the firewall on the Windows 7 machine and turn on network discovery.
Try giving the static IP address on the system that you are trying to add. I don't think the forwarders will make any difference while joining the machine into the domain. Though as mentioned earlier correct your DNS settings and check your firewall if any which is restricting your DNS to contact the forwarder's IP address.
The client machine should be pointed to the valid DNS server i.e., 192.168.2.1 and should be a gateway IP address.
Check the network adapter settings, the option "Register this connection's address in DNS should be marked checked".
Are we able to ping the DNS, Default Gateway or ping the FQDN? Do we see the valid results?
Good Luck..!!
~SG~
Try giving the static IP address on the system that you are trying to add. I don't think the forwarders will make any difference while joining the machine into the domain. Though as mentioned earlier correct your DNS settings and check your firewall if any which is restricting your DNS to contact the forwarder's IP address.
The client machine should be pointed to the valid DNS server i.e., 192.168.2.1 and should be a gateway IP address.
Check the network adapter settings, the option "Register this connection's address in DNS should be marked checked".
Are we able to ping the DNS, Default Gateway or ping the FQDN? Do we see the valid results?
Good Luck..!!
~SG~
The reason I asked what OS the client is running is because there are none issue with trying to use the SBS 2003 Web utilities to join W7 computers.
First thing is W7 flavor must be W7 Pro or Enterprise. If this is not one of those then you can not join a Windows domain.
If it is one of the flavors then you cannot use the Web join utility. You need to do this manually.
Right click Computer > Properties > Advance System Settings > Computer Name Tab > Change > Enter the Domain you want to join.
Note you will need the domain admin name and password.
You do not have to set the ip-address as static. As long as the DHCP is dishing out the proper scope and dns info you should be fine.
You have another issue on your hand with the forwarder in DNS, but that is not the cause of why you are not able to join the domain.
You might want to look at that when you are able to join the client.
First thing is W7 flavor must be W7 Pro or Enterprise. If this is not one of those then you can not join a Windows domain.
If it is one of the flavors then you cannot use the Web join utility. You need to do this manually.
Right click Computer > Properties > Advance System Settings > Computer Name Tab > Change > Enter the Domain you want to join.
Note you will need the domain admin name and password.
You do not have to set the ip-address as static. As long as the DHCP is dishing out the proper scope and dns info you should be fine.
You have another issue on your hand with the forwarder in DNS, but that is not the cause of why you are not able to join the domain.
You might want to look at that when you are able to join the client.
ASKER
The OS on the laptop is XP Pro. I'll check on the other suggestions now and report back. Thank you.
Are you able to resolve DNS pinging the domain controller name or doing a NSLOOKUP
1: Open Command Prompt for the Client computer
2: Type PING [Computername] (note leave out the brackets)
If successful you should see four replies with an IP-ADDRESS of the server.
Option two
1: Open Command Prompt
2: NSLOOKUP [ComputerName]
If you are not returned the domain computer IP then you have other issues with your DNS.
On another note even though I stated the steps for W7 you can also do the same on XP and see if it works.
Right Click My Computer > Properties > Computer Name Tab > Change > enter the domain name.
1: Open Command Prompt for the Client computer
2: Type PING [Computername] (note leave out the brackets)
If successful you should see four replies with an IP-ADDRESS of the server.
Option two
1: Open Command Prompt
2: NSLOOKUP [ComputerName]
If you are not returned the domain computer IP then you have other issues with your DNS.
On another note even though I stated the steps for W7 you can also do the same on XP and see if it works.
Right Click My Computer > Properties > Computer Name Tab > Change > enter the domain name.
ASKER
I will be back onsite to try these suggestions in a few hours, and will report back. Thank you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I changed the gateway on the laptop to be 192.168.2.254. I changed the name of the laptop and rebooted. I added the new laptop name in AD computers. Tried to join domain again and got the same message that domain controller could not be contacted.
With the gateway changed to 192.168.2.154 I can't get to any websites from the laptop, but I can ping the server, 192.168.2.1
DNS Server service is running on the server. Under DNS Management on the server, the IP to server DNS requests is 192.168.2.1 (Server IP).
The TCP/IP settings of the NIC on the Server are Gateway 192.168.2.254 and DNS is 192.168.2.1
Sorry for taking so long, I just got back on site. I'll answer the rest of the questions in a minute.
With the gateway changed to 192.168.2.154 I can't get to any websites from the laptop, but I can ping the server, 192.168.2.1
DNS Server service is running on the server. Under DNS Management on the server, the IP to server DNS requests is 192.168.2.1 (Server IP).
The TCP/IP settings of the NIC on the Server are Gateway 192.168.2.254 and DNS is 192.168.2.1
Sorry for taking so long, I just got back on site. I'll answer the rest of the questions in a minute.
ASKER
Register this connection's address in DNS is set on the laptop TCP/IP settings.
I can't ping the gateway 192.168.2.254
I can ping the DNS server 192.168.2.1, I can't ping the FQDN
Sandeshdubey, I don' know what you mean by the NIC binding.....
Working on answering/trying the rest of the suggestions now.
I can't ping the gateway 192.168.2.254
I can ping the DNS server 192.168.2.1, I can't ping the FQDN
Sandeshdubey, I don' know what you mean by the NIC binding.....
Working on answering/trying the rest of the suggestions now.
The NIC binding is setting up the network priority or if the NIC cards are teamed using NIC teaming method. This will be checked if the system is running on dual NIC cards.
Network and Connections settings > Advanced > Advanced Settings > Connections > NIC with the right IP should be at the top
Because we have forwarders errors in dcdiag thats why. Any more tests done?
Network and Connections settings > Advanced > Advanced Settings > Connections > NIC with the right IP should be at the top
Because we have forwarders errors in dcdiag thats why. Any more tests done?
ASKER
NetBIOS over tcpip was disabled. I followed SG's thread and editted the registry and all is good.
thank you everyone!
thank you everyone!
You bet..!! Adios..!! riebese...