Unable to join server to domain

I have a server that was having an issue talking to the domain.

- Installed windows updates to see if that would solved problem.
- Scanned for infections (using malwarebytes) and cleaned up 2 trojans. Still could not ping or be pinged by name.
- Tried repairing NIC and received error: "clearing NetBT".
- I uninstalled NIC drivers and reinstalled drivers for the NIC.
- resetting IP stack using netsh command. I was then able to see network devices and ping by name, fqdn, and IP without a problem. Still unable to browse other network devices
- I removed server from domain. Rejoin to domain failed. Error DNS- checked DNS for incorrect entries or missing server entries.

Urgently need assistance. Microsoft Support is a joke if you aren't in the US.
IAmDHAsked:
Who is Participating?
 
DonovanRojasConnect With a Mentor Commented:
You then need to try and scan the server offline (either from a recovery media like UBCD or from safe mode), please be advised that if there are binaries infected this will remove them.

Running this form a secured usb disk or dvd from live mode could also avoid it from being hijacked by the virus/trojan

0
 
Don S.Commented:
this looks like a clasic unable to resolve the name problem.  That is typically caused by one or more of the following:
-Incorrect DNS server and/or domain suffix entries in your IP configuration
-Malware generated Host file intercepting name resolution
-A firewall is on somewhere between the the server and the DNS that is blocking the DNS request.
-the specified DNS server is either not reponding at all or does not have the requested information.
0
 
teomcamCommented:
Hi,

1- Could you update NIC Firmware (not driver)
2- Use different NIC port if available
3- Make sure manual IP settings are correct (Double check recommended)
4- Replace the patch cable (Cheap data cables gives up frequently even they physically OK)
5- Change the switch port

0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
IAmDHAuthor Commented:
@dons6718

When attempting to add to domain, the error in screenshot shows up. It's detecting the two DCs, because it lists the servers by name. So the DNS suffix is definitely correct. I've run Malwarebytes through twice and haven't detected any further infections other than the ones initially detected. The DNS servers are servicing all other devices beside this one server.

@teomcam

I can try firmware, but for the problem arise as a result of the infection on the server leads me to believe there's a different route to take. I already tried a different NIC port. IP settings are correct. I haven't tried the patch cable or the switch port. Though I'm sure the problem is within the NIC, since the netsh command restored my ability to see actually see devices on the network.
0
 
DonovanRojasCommented:
Verify your hosts file:
c:\windows\system32\drivers\etc\hosts

Once you take out the server of the domain remove its DNS register from the dns server and remove the computer account from the domain, reboot. Then upon adding it to the domain use FQDN for the registration (domain.com instead of just domain) I would suggest you try to ping the dc first to see if it 'sees' it.

I've had similar issues with Win7 workstations and this solved the issue.
0
 
IAmDHAuthor Commented:
So here's a little further insight into the problem.

I believe there's an infection that I cannot remove on the server. I tried to run SuperAntiSpyware and after about 20 seconds of scanning it just disappears. If I try to run the executable it says I don't have permission to run this file. Same thing for my Malwarebytes shortcut.

I'm pretty sure that's what it actually jacking up my ability to connect to the domain.

Can anyone provide any assistance with this?
0
 
IAmDHAuthor Commented:
Thanks for the assistance. I was finally able to remove the infection by using Kaspersky removal tool in Safe Mode. Had to run the scan through twice to totally remove infections.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.