We help IT Professionals succeed at work.

"An attempt to resolve the DNS name of a domain controller in the domain being joined has failed."

Everytime I tried to join the domain I get this error message. The client computer is windows 7

An attempt to resolve the DNS name of a domain controller in the domain being joined has failed. Please verify this client is configured to reacha DNS server that can resolve DNS names in the target domain. For information about the newtork troubleshooting see windows help.

Windows 7 Pro
Server 2003 Standard 192.168.1.99
Router 192.168.10.1
Firewalls disabled
IPV6 Disabled

ipconfig /all:
ipv4: 192.168.1.5 (preferred)
SN Mask 255.255.255.0
Default GW 192.168.10.1
DHCP Server: 192.168.10.99
DNS Servers: 192.168.10.99
Primary WINS Server: 192.168.10.99
NetBIOS over TCP: Enabled

ipconfig /flushdns - successfull
ipconfig /registerdns:
The requested operation requiresw elevation

Any help would be greatly appreciated. I'm at the customer's office and I'm under the gun time-wise.
Comment
Watch Question

strivoliIT Manager
CERTIFIED EXPERT

Commented:
First of all: why do you have 192.168.1.0/24 and 192.168.10.0/(I suppose 24) with a Router that does not make sense at all?
bricar1President

Author

Commented:
Typo. Brain is fried.

192.168.10.5 (Preferred)
bricar1President

Author

Commented:
And server is 192.168.10.99
strivoliIT Manager
CERTIFIED EXPERT

Commented:
This is your scenario: Client (10.5/24) and Server (10.99/24) are on the same NET. Client uses the Server for DNS which is mandatory for AD. I don't see any issue.
Do you confirm there is only 1 AD DC?
Do you confirm it is 10.99/24?
bricar1President

Author

Commented:
Everything you've typed is confirmed.

1 single AD DC

DC is 10.99/24
Client is 10.5/24 (though I've tried forcing other addresses)

I inherited this network a few weeks agao, but last week I successfully joined an XP Pro client to the domain. There is also a Win2K connected, believe it or not.

This is the first attempt at joining a Win7 Pro machine to this particular domain. It seems that Win 7 is being fussy about something in the configuration, but I can't figure it out.

BTW, the client can ping the router and DC with no problem.
strivoliIT Manager
CERTIFIED EXPERT

Commented:
I understand you are unable to join Client to the Domain. Which result do you obtain from PING SERVERNAME (from Client, of course)? What if you run NSLOOKUP SERVERNAME?
bricar1President

Author

Commented:
ping server yields expected 4 replies.

ping 192.168.10.99 yields expected 4 replies.

nslookup server yields:
Server: UnKnown
Address: 192.168.10.99
*** UnKnown can't find server: Server failed
strivoliIT Manager
CERTIFIED EXPERT

Commented:
Take a look at DNS on Server. Is there any A Record (also known as HOST) for server? We are driving in the right direction...
bricar1President

Author

Commented:
I think you mean in the Forward lookup zone, correct?

There is no A Record for the server in either Forward or Reverse zones.
strivoliIT Manager
CERTIFIED EXPERT

Commented:
This is the reason. Create an A Record for server. Rerun NSLOOKUP SERVER on the client. If it runs OK, you should join the client to the Domain. Waiting for your feedback. Thank you.
bricar1President

Author

Commented:
This is uncharted territory for me.

Structure:

Server
 Forward Lookup Zones
  _msdcs.ccs.local
    dc
      sites
        etc.

Created new A Record in _msdcs.ccs.local
Tried Name: server
also tried name: [Blank] (Uses parent domain name if blank)

FQDN is unchangeable at -msdcs.ccs.local

IP address is 192.168.10.99

Creat associated pointer is checked.

With both names tried, an nslookuip on client yields:
*** server._msdcs.ccs.local can't find server: Server failed

I understand I might be doing this completely wrong as I've never had to create an A Record before.
 
bricar1President

Author

Commented:
I see in DNS Event log a lot of Event ID 800:

Description:
The zone <zone> is configured to accept updates but the A record for the primary server in the zone's SOA record is not available on this DNS server. This may indicate a configuration problem. If the address of the primary server for the zone cannot be resolved DNS clients will be unable to locate a server to accept updates for this zone. This will cause DNS clients to be unable to perform DNS updates.

I went into SOa, saw the server there with no address listed. I added 192.168.10.99, but still no luck on the nslookup, hoever SOA is set to refresh every 15 minutes. I wonder if I have to wait for refresh.
bricar1President

Author

Commented:
strivoli,

I've got to get out of here. I'm going to study up overnight and attack it again on Friday. Clearly we're on the right track but my knowledge is lacking in this area and I'll brush up what I can tonight and tomorrow and hopefully come back in fully armed to fix the issue. I'm sure you would have it fixed in 3 seconds were you present.

Thanks for the help. I'd truly appreciate it if you'd keep an eye on this thread just in case I have a question or two.

Thanks. Your efforts are appreciated.
strivoliIT Manager
CERTIFIED EXPERT

Commented:
You are Welcome! I'm quite busy now but I can give you some instructions tomorrow morning (means about 24 hours from now). If you can give me feedback immediately (tomorrow morning) I'd appreciate and it would repay my efforts (not to mention that we could get rid of this issue). Bye.
bricar1President

Author

Commented:
The company won't even be open till noon (their emplyees will be working from home) and I may not be able to get there till late.

Is there any way you can give me a run-down of creating an A Record properly, particulary exactly where in the structure it should reside, and what settings should be selected?

I know that's difficult if you're not sitting in front of the particular machine, but I'm asking just in case it's something that is somewhat standardized.

I'm not sure if I'll even be able to get into the facility today, but I do have to resolve it by Monday the latest, so I'll report back here as things unfold. Thanks again for you help. It really is greatly appreciated.
strivoliIT Manager
CERTIFIED EXPERT

Commented:
a. Open DNS,
b. Expand Tree as shown,
c. Add an A Record (Host) with server name and IP. Select "Add Host", "OK" and "Done"
Your feedback is welcome. Bye. Screen Shot
bricar1President

Author

Commented:
Awesome, thank you.

Are there issues with delays (ie. needing to wait X amount of time for server's new A Record to be able to process the client's request to join), or are reboots required (Server and/or client)?

You're the BEST, man. Thank you. I'll remote in over the weekend to create the record, and on Mondy I'll be onsite and attempt the rejoin.

Is there a way to award more points than the initial 500 for exemplary work?
strivoliIT Manager
CERTIFIED EXPERT

Commented:
Thank you for your feedback! No issues, no time to wait to Join after the A Record has being added, no reboots on the server (where you add the Record), client must be rebooted after you have Joined the domain. 500 points are enough but most of all it's your success! Glad to help you. Bye.
bricar1President

Author

Commented:
No joy. The domain is CCS.local, and as you can see, unlike your example, CSS.local doesn't even have any subfolders underneath it.

There is now an A Record pointing to the server both in the CCS folder (as depicted) and also in the
_msdcs.ccs.local folder. Same error message when trying to connect client to domain.

As I said, I inherited this mess and it looks like DNS was not set up right from the start. Any other ideas? Thanks!

 ccs.local dns
strivoliIT Manager
CERTIFIED EXPERT

Commented:
Let me study the situation. I'll be back this afternoon (now it's 12.13). Hope to give you step-by-step instructions. Bye.
bricar1President

Author

Commented:
Again, I thank you for your help.

For what it's worth, I did re-join her old XP client to the domain without any problem at all.

Many thanks!!!
IT Manager
CERTIFIED EXPERT
Commented:
I would start over with DNS because actual situation is not clean. I've built a Video Tutorial. It is divided in 2 parts. Each Video starts at "Video Time 00.00" (of course). Video Time will be, now on, refered as VT in the following instructions. My Server displays the Time on the default position (on the right of the Taskbar). Server Time will be, now on, refered as ST in the following instructions. The 2 used links on the Desktop are available in "Administrative Tools". I've putted the 2 on the Desktop for ease. I suggest you watch at the video at 720p Expanded of Full Screen. There is no audio.

You might need the Windows 2003 CD. Keep it handy.

Video 1 (starts at ST 13.53) Video 1
a. Right-Click the server, select Properties, select Forwarders, write down (or better, take a Screen Shot) of the settings. On my server I have only 1 DNS Domain and 1 forwarder which is 192.168.100.198. ATTENTION: if you have more DNS Domains, select each one at a time to get a list of forwarders for each Domain. VT 0.16.
b. Click Cancel to close the Properties Window.
c. If you wish, you could take Screen Shots of all tabs of the Properties Window even though there should not be any other infos needed.
d. On my server I have only 1 zone. You have 2. Delete the zones. VT 0.29.
e. Remove DNS Role. VT 1.00.
f. Add the DNS Role. Keep you Windows 2003 CD handy. It might be requested. VT 1.07.
g. I have dynamic IP. As a result the Wizard display a warning. I simply ignore the warning because my server is a test box. VT 1.20.
h. After the DNS Role has been added, the Wizard continues with configuring the DNS. Leave default settings, just press Next. VT 1.29.
i. Write your Zone name. My server is configured for domain1.local. VT 1.33.
j. Write your first forwarder (see step a.). If you do not have forwarders, select "No, it should not...". If you have more than 1 forwarder you can add them later. VT 1.41.
k. When you are finished DNS should look like VT 2.02. As you see there is only 1 zone and it has only 3 Records, no subfolders. Don't panic.

Video 2 (starts at ST 14.48) Video 2
a. The zone is now correctly populated (you see the subfolders). I did nothing to populate it. AD does it automatically. You do not have to wait such a long time. Repopulation should happen in about 5-10'. VT 0.11.
b. Check Forwarders settings in order to match previous settings. VT 0.28.

Please let me know. Good Luck!
bricar1President

Author

Commented:
Wow, thanks for all the effort. I thought it would probably come down to reconfiguring DNS.

I will be doing it either Thursday or Friday. Clearly DNS was set up wrong from the get-go, although XP was very forgiving with the problesms. Not so with Win7.

The videos helped tremendously and I thank you for that. I will be sure to keep you up to date. Much, much appreciated!

Brian
strivoliIT Manager
CERTIFIED EXPERT

Commented:
Hy, did you reconfigure DNS? Did that help? Feedback welcome. Thanks.
bricar1President

Author

Commented:
I spoke with the client on Friday and they said they want to just replace the server with a new one since it's getting old.

I'm quite certain that your solutions are correct. There might have been additional issues, but your instructions were definitely the proper procedure. They helped me to understand DNS much better, and again I truly appreciate the help.

Since they are going to retire the machine (many other issues have popped up before due to their previous tech messing up the setup) they don't want me to continue troubleshooting.

Of course I'm awarding you full points, with many thanks. Is it possible for you to leave the videos up a little while longer? I'd like to watch them a few more times.

Brian
bricar1President

Author

Commented:
Awesome job. Your sticking with me for several days is much appreciated. I feel I have a better understanding of DNS thanks to you.
strivoliIT Manager
CERTIFIED EXPERT

Commented:
You are welcome! I thank you for closing this question anyway even though the co. has decided to retire the server. The videos will remain online. Have a nice time!

Explore More ContentExplore courses, solutions, and other research materials related to this topic.