Link to home
Start Free TrialLog in
Avatar of J.R. Sitman
J.R. SitmanFlag for United States of America

asked on

Can't add computer to new domain

I'm trying to add computers from a friends business that are currently not connected to a domain.  When I select to join a domain after I enter the credentials, I get the error, "an attempt to resolve DNS name of a domain controller in the domain being joined failed."

The DC is 2008 R2 sp1 and it is a Hyper-V VM.

How do I fix this?
Avatar of lpelkie
lpelkie
Flag of United States of America image

You need to check the DSN settings on the workstations.  In order to see and join the domain, they must be using the same DNS server as the domain controller is.

Control Panel\Network and Internet\Network Connections

right click the Network Connection that is being used,  goto properties, then click on the preferred IP Version (probably 4).  

Chances are, the computers are pulling thier DNS via DHCP from the router, while the domain controller is acting as its own DNS.  Assuming that the DNS on the server is setup correctly, easiest fix would be to modify the DNS server address that the router is handing out via the DHCP request.  Then, you would just have to reboot the computers and you would be able to join the domain.
If you look in DNS on the DC, can you find an entry for the DC itself?  It should be under Forward Lookup Zones for that domain and the FQDN should be set as an NS record.  Usually at the top with the name or (same as parent)
Avatar of J.R. Sitman

ASKER

I set the DNS to the dns of the server.  The domain is called angies.local and I just noticed the workgroup the computer currently belongs to is angies.  Is that a problem?
Yes the DC is listed in DNS
Try setting your IP config to automatic and then try joining the domain.  But no, the workgroup name shouldn't matter.
Hello,

Don't you have the windows firewall enabled on the dns server?
I've manually set the IP address of the computer and the DNS.  That didn't work
I've selected obtain automatically for the IP and gave it the DNS address.  That didn't work
I've selected obtain automatically for both.  That didn't work.
In DHCP on the server it shows the computer I'm trying to join to the domain.

When I do ipconfig /all, it list under DNS ::1
                                                                         192.168.168.133


What can I try next?
I can ping the IP address of the DC, but not the FQDN
Can you ping angies.local from the computer?
Then it is definitely DNS related.  And if you do ipconfig /all from the computer, and from the DC, the dns server entries match
ipconfig /all for the host and computer show 192.168.168.133.  From the DC (VM) it shows
::1
192.168.168.133
I can ping the FQDN from the DC but not the computers
From the computer I'm trying to add, I can see the DC in Networks and I access the shares
just turned off the firewall.  didn't help.  

If I try to join the domain using angies, I get the login credentials.  If I use angies.local I get "the the AD DC could not be contacted."
I can ping the FQDN of the host
Avatar of footech
On the DC, run the following;
ipconfig /flushdns
net stop netlogon
net start netlogon

This should cause the DC to re-register it's records.  Then run dcdiag /v and dcdiag /v /test:dns and check for errors.  Feel free to post the results back if there are any errors and you're not sure what to do about them.
it failed the dns test.  How do I post the results?
I just realized I had the DC DNS set to the DNS server of the ISP.  I changed it to it own IP address and the DNS tests passed.

However, still can't join domain or ping FQDN

Also see attachment
dns.jpg
::1 is a loopback address for IPv6, there's no problem with that.  If the DC was set to use the ISP's DNS that could definitely cause problems.  No that it's cleared out, let's do these steps one more time.
ipconfig /flushdns
ipconfig /registerdns
net stop netlogon
net start netlogon


If you need to post the results, you can copy the output on the console to Notepad and save as a .txt file and then attach it just like you did the .jpg above, you can also run a command like dcdiag /v > results.txt which will direct all the output into a file called results.txt which will be created in the folder you are running the command from.

Can you confirm that this is your current status?
On the DC, you run nslookup and get results for both the FQDN of the DC and the domain name.
On workstations, you run nslookup and don't get results for either the FQDN of the DC or the domain name?

Earlier posts mentioned 192.168.168.133 as a DNS server, but the screenshot above is pointing to 192.168.168.55.  Do you have multiple DNS servers, or is one of these incorrect?  All workstations should only point to Windows DNS servers for their DNS.
When I run nslookup from the DC I get DNS request timed out.  default server unknown. Address ::1
From the computer, "server unknown, 192.168.168.55, which is the DNS of the server that I entered manually in the NIC connection.

Attached are the latest results.
resultsV.txt
results.txt
I changed the setting on the IPV6 to obtain the DNS automatically, then ran nslookup and get
server unknown, 192.168.168.55
ASKER CERTIFIED SOLUTION
Avatar of footech
footech
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
I unchecked IPv^ and was able to join the domain.  I'm working remotely now and can no longer access the workstation after joining the domain.  So we've made a lot of progress.  Thanks for hanging in there.  I'll be at their location tomorrow around noon PST.  I'll post then.

Night.

thanks
Unchecking IPv6 fixed it.