Solved

Issues joining 2008R2 & 2012 Servers to domain over VPN link

Posted on 2013-01-16
4
1,027 Views
Last Modified: 2013-01-31
Hi all

We have an interesting issue currently with joining servers at a DR site to our domain.

When we try to join them after entering the correct username and password we get the following error:

Error snapshot
Windows Firewall is disabled at both ends and the main sites DMC DNS has been set on the NIC.

Any advice or help would be appreciated.
0
Comment
Question by:Will_3rd
  • 3
4 Comments
 
LVL 1

Accepted Solution

by:
GopiKiran earned 500 total points
ID: 38782266
it seems to be issue is either DNS or firewall, do the following from one of your PCs in any of subnet:

nslookup

set type = SRV

_ldap._tcp.Your_FQDN_domain

when you try to join to the doman use the full DNS domain of your .

make sure your able to query DNS , and make sure there is nothing blocking RPC traffic.

Also make sure you can telnet to the server on these ports

135 "rpc port mapper"
389 "LDAP"
3289 "GC"
88 UDP "Kerberos" "you can test UDP ports using port query or another tool like nmap but not telnet"
53 UDP "DNS"

See other useful events in event viewer of the DC and the client, post them here if possible.

and also try changing the domain controllers default gateway to be the router interface and try to join them.
0
 

Author Comment

by:Will_3rd
ID: 38783454
Output from CMD

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>set type = SRV

C:\Users\Administrator>nslookup
Default Server:  abrdmc01.abritas.local
Address:  192.168.2.72

> ^C
C:\Users\Administrator>nslookup
Default Server:  abrdmc01.abritas.local
Address:  192.168.2.72

> set type=srv
> _ldap._tcp.abritas.local
Server:  abrdmc01.abritas.local
Address:  192.168.2.72

_ldap._tcp.abritas.local        SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = abrdmc01.abritas.local
_ldap._tcp.abritas.local        SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = abritas1.abritas.local
abrdmc01.abritas.local  internet address = 192.168.2.72
abritas1.abritas.local  internet address = 192.168.2.2
>

Open in new window


I am using the full DNS domain when trying the domain join if I leave out .local it will fail straight away.

I can query two domain controllers for DNS request and ping by FQDN hostname across the VPN link.

I will check the ports you have specified and event logs as well and get back to you.

The default gateway is already set to be the firewall.
0
 

Author Comment

by:Will_3rd
ID: 38793083
Just an update there are no entries in Event Viewer related to failed domain joins.

I cannot Telnet to the ports you mentioned.

Output from NetSetup Log:

01/18/2013 17:05:19:227 -----------------------------------------------------------------
01/18/2013 17:05:19:227 NetpValidateName: checking to see if 'TDRW2K8R2' is valid as type 1 name
01/18/2013 17:05:19:227 NetpCheckNetBiosNameNotInUse for 'TDRW2K8R2' [MACHINE] returned 0x0
01/18/2013 17:05:19:227 NetpValidateName: name 'TDRW2K8R2' is valid for type 1
01/18/2013 17:05:19:227 -----------------------------------------------------------------
01/18/2013 17:05:19:227 NetpValidateName: checking to see if 'TDRW2K8R2' is valid as type 5 name
01/18/2013 17:05:19:227 NetpValidateName: name 'TDRW2K8R2' is valid for type 5
01/18/2013 17:05:19:227 -----------------------------------------------------------------
01/18/2013 17:05:19:227 NetpValidateName: checking to see if '*****.local' is valid as type 3 name
01/18/2013 17:05:19:352 NetpCheckDomainNameIsValid [ Exists ] for '*****.local' returned 0x0
01/18/2013 17:05:19:352 NetpValidateName: name '*****.local' is valid for type 3
01/18/2013 17:05:28:025 -----------------------------------------------------------------
01/18/2013 17:05:28:025 NetpDoDomainJoin
01/18/2013 17:05:28:025 NetpMachineValidToJoin: 'TDRW2K8R2'
01/18/2013 17:05:28:025 	OS Version: 6.1
01/18/2013 17:05:28:025 	Build number: 7600 (7600.win7_gdr.120830-0334)
01/18/2013 17:05:28:025 	SKU: Windows Server 2008 R2 Datacenter
01/18/2013 17:05:28:025 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
01/18/2013 17:05:28:025 NetpGetLsaPrimaryDomain: status: 0x0
01/18/2013 17:05:28:025 NetpMachineValidToJoin: status: 0x0
01/18/2013 17:05:28:025 NetpJoinDomain
01/18/2013 17:05:28:025 	Machine: TDRW2K8R2
01/18/2013 17:05:28:025 	Domain: 
01/18/2013 17:05:28:025 	MachineAccountOU: (NULL)
01/18/2013 17:05:28:025 	Account: 
01/18/2013 17:05:28:025 	Options: 0x25
01/18/2013 17:05:28:025 NetpLoadParameters: loading registry parameters...
01/18/2013 17:05:28:025 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/18/2013 17:05:28:025 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/18/2013 17:05:28:025 NetpLoadParameters: status: 0x2
01/18/2013 17:05:28:025 NetpValidateName: checking to see if '*****.local' is valid as type 3 name
01/18/2013 17:05:28:150 NetpCheckDomainNameIsValid [ Exists ] for '*****.local' returned 0x0
01/18/2013 17:05:28:150 NetpValidateName: name '*****.local' is valid for type 3
01/18/2013 17:05:28:150 NetpDsGetDcName: trying to find DC in domain '*****.local', flags: 0x40001010
01/18/2013 17:05:31:364 NetpDsGetDcName: failed to find a DC having account 'TDRW2K8R2$': 0x525, last error is 0x0
01/18/2013 17:05:31:364 NetpLoadParameters: loading registry parameters...
01/18/2013 17:05:31:364 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/18/2013 17:05:31:364 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/18/2013 17:05:31:364 NetpLoadParameters: status: 0x2
01/18/2013 17:05:31:379 NetpDsGetDcName: status of verifying DNS A record name resolution for '*****.local': 0x0
01/18/2013 17:05:31:379 NetpDsGetDcName: found DC '\\*****.local' in the specified domain
01/18/2013 17:05:31:379 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
01/18/2013 17:05:53:516 NetUseAdd to \\*****.local\IPC$ returned 53
01/18/2013 17:05:53:516 NetpJoinDomain: status of connecting to dc '\\*****.local': 0x35
01/18/2013 17:05:53:516 NetpJoinDomainOnDs: Function exits with status of: 0x35
01/18/2013 17:05:53:516 NetpDoDomainJoin: status: 0x35
01/18/2013 17:05:53:516 -----------------------------------------------------------------
01/18/2013 17:05:53:516 NetpDoDomainJoin
01/18/2013 17:05:53:516 NetpMachineValidToJoin: 'TDRW2K8R2'
01/18/2013 17:05:53:516 	OS Version: 6.1
01/18/2013 17:05:53:516 	Build number: 7600 (7600.win7_gdr.120830-0334)
01/18/2013 17:05:53:516 	SKU: Windows Server 2008 R2 Datacenter
01/18/2013 17:05:53:516 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
01/18/2013 17:05:53:516 NetpGetLsaPrimaryDomain: status: 0x0
01/18/2013 17:05:53:516 NetpMachineValidToJoin: status: 0x0
01/18/2013 17:05:53:516 NetpJoinDomain
01/18/2013 17:05:53:516 	Machine: TDRW2K8R2
01/18/2013 17:05:53:516 	Domain: 
01/18/2013 17:05:53:516 	MachineAccountOU: (NULL)
01/18/2013 17:05:53:516 	Account: 
01/18/2013 17:05:53:516 	Options: 0x27
01/18/2013 17:05:53:516 NetpLoadParameters: loading registry parameters...
01/18/2013 17:05:53:516 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/18/2013 17:05:53:516 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/18/2013 17:05:53:516 NetpLoadParameters: status: 0x2
01/18/2013 17:05:53:516 NetpValidateName: checking to see if '*****.local' is valid as type 3 name
01/18/2013 17:05:53:625 NetpCheckDomainNameIsValid [ Exists ] for '*****.local' returned 0x0
01/18/2013 17:05:53:625 NetpValidateName: name '*****.local' is valid for type 3
01/18/2013 17:05:53:625 NetpDsGetDcName: trying to find DC in domain '*****.local', flags: 0x40001010
01/18/2013 17:05:56:854 NetpDsGetDcName: failed to find a DC having account 'TDRW2K8R2$': 0x525, last error is 0x0
01/18/2013 17:05:56:854 NetpLoadParameters: loading registry parameters...
01/18/2013 17:05:56:854 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/18/2013 17:05:56:854 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/18/2013 17:05:56:854 NetpLoadParameters: status: 0x2
01/18/2013 17:05:56:854 NetpDsGetDcName: status of verifying DNS A record name resolution for '*****.local': 0x0
01/18/2013 17:05:56:854 NetpDsGetDcName: found DC '\\*****.local' in the specified domain
01/18/2013 17:05:56:854 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
01/18/2013 17:06:19:006 NetUseAdd to \\*****.local\IPC$ returned 53
01/18/2013 17:06:19:006 NetpJoinDomain: status of connecting to dc '\\*****.local': 0x35
01/18/2013 17:06:19:006 NetpJoinDomainOnDs: Function exits with status of: 0x35
01/18/2013 17:06:19:006 NetpDoDomainJoin: status: 0x35

Open in new window

0
 

Author Comment

by:Will_3rd
ID: 38839007
My colleague found the solution, a Cisco device was interfering with communication on port 389 & 445.

Some old settings on re-used hardware was blocking the above ports on just one of the network interfaces!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question