Solved

Issues joining 2008R2 & 2012 Servers to domain over VPN link

Posted on 2013-01-16
4
990 Views
Last Modified: 2013-01-31
Hi all

We have an interesting issue currently with joining servers at a DR site to our domain.

When we try to join them after entering the correct username and password we get the following error:

Error snapshot
Windows Firewall is disabled at both ends and the main sites DMC DNS has been set on the NIC.

Any advice or help would be appreciated.
0
Comment
Question by:Will_3rd
  • 3
4 Comments
 
LVL 1

Accepted Solution

by:
GopiKiran earned 500 total points
ID: 38782266
it seems to be issue is either DNS or firewall, do the following from one of your PCs in any of subnet:

nslookup

set type = SRV

_ldap._tcp.Your_FQDN_domain

when you try to join to the doman use the full DNS domain of your .

make sure your able to query DNS , and make sure there is nothing blocking RPC traffic.

Also make sure you can telnet to the server on these ports

135 "rpc port mapper"
389 "LDAP"
3289 "GC"
88 UDP "Kerberos" "you can test UDP ports using port query or another tool like nmap but not telnet"
53 UDP "DNS"

See other useful events in event viewer of the DC and the client, post them here if possible.

and also try changing the domain controllers default gateway to be the router interface and try to join them.
0
 

Author Comment

by:Will_3rd
ID: 38783454
Output from CMD

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>set type = SRV

C:\Users\Administrator>nslookup
Default Server:  abrdmc01.abritas.local
Address:  192.168.2.72

> ^C
C:\Users\Administrator>nslookup
Default Server:  abrdmc01.abritas.local
Address:  192.168.2.72

> set type=srv
> _ldap._tcp.abritas.local
Server:  abrdmc01.abritas.local
Address:  192.168.2.72

_ldap._tcp.abritas.local        SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = abrdmc01.abritas.local
_ldap._tcp.abritas.local        SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = abritas1.abritas.local
abrdmc01.abritas.local  internet address = 192.168.2.72
abritas1.abritas.local  internet address = 192.168.2.2
>

Open in new window


I am using the full DNS domain when trying the domain join if I leave out .local it will fail straight away.

I can query two domain controllers for DNS request and ping by FQDN hostname across the VPN link.

I will check the ports you have specified and event logs as well and get back to you.

The default gateway is already set to be the firewall.
0
 

Author Comment

by:Will_3rd
ID: 38793083
Just an update there are no entries in Event Viewer related to failed domain joins.

I cannot Telnet to the ports you mentioned.

Output from NetSetup Log:

01/18/2013 17:05:19:227 -----------------------------------------------------------------
01/18/2013 17:05:19:227 NetpValidateName: checking to see if 'TDRW2K8R2' is valid as type 1 name
01/18/2013 17:05:19:227 NetpCheckNetBiosNameNotInUse for 'TDRW2K8R2' [MACHINE] returned 0x0
01/18/2013 17:05:19:227 NetpValidateName: name 'TDRW2K8R2' is valid for type 1
01/18/2013 17:05:19:227 -----------------------------------------------------------------
01/18/2013 17:05:19:227 NetpValidateName: checking to see if 'TDRW2K8R2' is valid as type 5 name
01/18/2013 17:05:19:227 NetpValidateName: name 'TDRW2K8R2' is valid for type 5
01/18/2013 17:05:19:227 -----------------------------------------------------------------
01/18/2013 17:05:19:227 NetpValidateName: checking to see if '*****.local' is valid as type 3 name
01/18/2013 17:05:19:352 NetpCheckDomainNameIsValid [ Exists ] for '*****.local' returned 0x0
01/18/2013 17:05:19:352 NetpValidateName: name '*****.local' is valid for type 3
01/18/2013 17:05:28:025 -----------------------------------------------------------------
01/18/2013 17:05:28:025 NetpDoDomainJoin
01/18/2013 17:05:28:025 NetpMachineValidToJoin: 'TDRW2K8R2'
01/18/2013 17:05:28:025 	OS Version: 6.1
01/18/2013 17:05:28:025 	Build number: 7600 (7600.win7_gdr.120830-0334)
01/18/2013 17:05:28:025 	SKU: Windows Server 2008 R2 Datacenter
01/18/2013 17:05:28:025 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
01/18/2013 17:05:28:025 NetpGetLsaPrimaryDomain: status: 0x0
01/18/2013 17:05:28:025 NetpMachineValidToJoin: status: 0x0
01/18/2013 17:05:28:025 NetpJoinDomain
01/18/2013 17:05:28:025 	Machine: TDRW2K8R2
01/18/2013 17:05:28:025 	Domain: 
01/18/2013 17:05:28:025 	MachineAccountOU: (NULL)
01/18/2013 17:05:28:025 	Account: 
01/18/2013 17:05:28:025 	Options: 0x25
01/18/2013 17:05:28:025 NetpLoadParameters: loading registry parameters...
01/18/2013 17:05:28:025 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/18/2013 17:05:28:025 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/18/2013 17:05:28:025 NetpLoadParameters: status: 0x2
01/18/2013 17:05:28:025 NetpValidateName: checking to see if '*****.local' is valid as type 3 name
01/18/2013 17:05:28:150 NetpCheckDomainNameIsValid [ Exists ] for '*****.local' returned 0x0
01/18/2013 17:05:28:150 NetpValidateName: name '*****.local' is valid for type 3
01/18/2013 17:05:28:150 NetpDsGetDcName: trying to find DC in domain '*****.local', flags: 0x40001010
01/18/2013 17:05:31:364 NetpDsGetDcName: failed to find a DC having account 'TDRW2K8R2$': 0x525, last error is 0x0
01/18/2013 17:05:31:364 NetpLoadParameters: loading registry parameters...
01/18/2013 17:05:31:364 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/18/2013 17:05:31:364 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/18/2013 17:05:31:364 NetpLoadParameters: status: 0x2
01/18/2013 17:05:31:379 NetpDsGetDcName: status of verifying DNS A record name resolution for '*****.local': 0x0
01/18/2013 17:05:31:379 NetpDsGetDcName: found DC '\\*****.local' in the specified domain
01/18/2013 17:05:31:379 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
01/18/2013 17:05:53:516 NetUseAdd to \\*****.local\IPC$ returned 53
01/18/2013 17:05:53:516 NetpJoinDomain: status of connecting to dc '\\*****.local': 0x35
01/18/2013 17:05:53:516 NetpJoinDomainOnDs: Function exits with status of: 0x35
01/18/2013 17:05:53:516 NetpDoDomainJoin: status: 0x35
01/18/2013 17:05:53:516 -----------------------------------------------------------------
01/18/2013 17:05:53:516 NetpDoDomainJoin
01/18/2013 17:05:53:516 NetpMachineValidToJoin: 'TDRW2K8R2'
01/18/2013 17:05:53:516 	OS Version: 6.1
01/18/2013 17:05:53:516 	Build number: 7600 (7600.win7_gdr.120830-0334)
01/18/2013 17:05:53:516 	SKU: Windows Server 2008 R2 Datacenter
01/18/2013 17:05:53:516 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
01/18/2013 17:05:53:516 NetpGetLsaPrimaryDomain: status: 0x0
01/18/2013 17:05:53:516 NetpMachineValidToJoin: status: 0x0
01/18/2013 17:05:53:516 NetpJoinDomain
01/18/2013 17:05:53:516 	Machine: TDRW2K8R2
01/18/2013 17:05:53:516 	Domain: 
01/18/2013 17:05:53:516 	MachineAccountOU: (NULL)
01/18/2013 17:05:53:516 	Account: 
01/18/2013 17:05:53:516 	Options: 0x27
01/18/2013 17:05:53:516 NetpLoadParameters: loading registry parameters...
01/18/2013 17:05:53:516 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/18/2013 17:05:53:516 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/18/2013 17:05:53:516 NetpLoadParameters: status: 0x2
01/18/2013 17:05:53:516 NetpValidateName: checking to see if '*****.local' is valid as type 3 name
01/18/2013 17:05:53:625 NetpCheckDomainNameIsValid [ Exists ] for '*****.local' returned 0x0
01/18/2013 17:05:53:625 NetpValidateName: name '*****.local' is valid for type 3
01/18/2013 17:05:53:625 NetpDsGetDcName: trying to find DC in domain '*****.local', flags: 0x40001010
01/18/2013 17:05:56:854 NetpDsGetDcName: failed to find a DC having account 'TDRW2K8R2$': 0x525, last error is 0x0
01/18/2013 17:05:56:854 NetpLoadParameters: loading registry parameters...
01/18/2013 17:05:56:854 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/18/2013 17:05:56:854 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/18/2013 17:05:56:854 NetpLoadParameters: status: 0x2
01/18/2013 17:05:56:854 NetpDsGetDcName: status of verifying DNS A record name resolution for '*****.local': 0x0
01/18/2013 17:05:56:854 NetpDsGetDcName: found DC '\\*****.local' in the specified domain
01/18/2013 17:05:56:854 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
01/18/2013 17:06:19:006 NetUseAdd to \\*****.local\IPC$ returned 53
01/18/2013 17:06:19:006 NetpJoinDomain: status of connecting to dc '\\*****.local': 0x35
01/18/2013 17:06:19:006 NetpJoinDomainOnDs: Function exits with status of: 0x35
01/18/2013 17:06:19:006 NetpDoDomainJoin: status: 0x35

Open in new window

0
 

Author Comment

by:Will_3rd
ID: 38839007
My colleague found the solution, a Cisco device was interfering with communication on port 389 & 445.

Some old settings on re-used hardware was blocking the above ports on just one of the network interfaces!
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now