Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Issues joining 2008R2 & 2012 Servers to domain over VPN link

Posted on 2013-01-16
4
Medium Priority
?
1,567 Views
Last Modified: 2013-01-31
Hi all

We have an interesting issue currently with joining servers at a DR site to our domain.

When we try to join them after entering the correct username and password we get the following error:

Error snapshot
Windows Firewall is disabled at both ends and the main sites DMC DNS has been set on the NIC.

Any advice or help would be appreciated.
0
Comment
Question by:Will_3rd
  • 3
4 Comments
 
LVL 1

Accepted Solution

by:
GopiKiran earned 1500 total points
ID: 38782266
it seems to be issue is either DNS or firewall, do the following from one of your PCs in any of subnet:

nslookup

set type = SRV

_ldap._tcp.Your_FQDN_domain

when you try to join to the doman use the full DNS domain of your .

make sure your able to query DNS , and make sure there is nothing blocking RPC traffic.

Also make sure you can telnet to the server on these ports

135 "rpc port mapper"
389 "LDAP"
3289 "GC"
88 UDP "Kerberos" "you can test UDP ports using port query or another tool like nmap but not telnet"
53 UDP "DNS"

See other useful events in event viewer of the DC and the client, post them here if possible.

and also try changing the domain controllers default gateway to be the router interface and try to join them.
0
 

Author Comment

by:Will_3rd
ID: 38783454
Output from CMD

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>set type = SRV

C:\Users\Administrator>nslookup
Default Server:  abrdmc01.abritas.local
Address:  192.168.2.72

> ^C
C:\Users\Administrator>nslookup
Default Server:  abrdmc01.abritas.local
Address:  192.168.2.72

> set type=srv
> _ldap._tcp.abritas.local
Server:  abrdmc01.abritas.local
Address:  192.168.2.72

_ldap._tcp.abritas.local        SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = abrdmc01.abritas.local
_ldap._tcp.abritas.local        SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = abritas1.abritas.local
abrdmc01.abritas.local  internet address = 192.168.2.72
abritas1.abritas.local  internet address = 192.168.2.2
>

Open in new window


I am using the full DNS domain when trying the domain join if I leave out .local it will fail straight away.

I can query two domain controllers for DNS request and ping by FQDN hostname across the VPN link.

I will check the ports you have specified and event logs as well and get back to you.

The default gateway is already set to be the firewall.
0
 

Author Comment

by:Will_3rd
ID: 38793083
Just an update there are no entries in Event Viewer related to failed domain joins.

I cannot Telnet to the ports you mentioned.

Output from NetSetup Log:

01/18/2013 17:05:19:227 -----------------------------------------------------------------
01/18/2013 17:05:19:227 NetpValidateName: checking to see if 'TDRW2K8R2' is valid as type 1 name
01/18/2013 17:05:19:227 NetpCheckNetBiosNameNotInUse for 'TDRW2K8R2' [MACHINE] returned 0x0
01/18/2013 17:05:19:227 NetpValidateName: name 'TDRW2K8R2' is valid for type 1
01/18/2013 17:05:19:227 -----------------------------------------------------------------
01/18/2013 17:05:19:227 NetpValidateName: checking to see if 'TDRW2K8R2' is valid as type 5 name
01/18/2013 17:05:19:227 NetpValidateName: name 'TDRW2K8R2' is valid for type 5
01/18/2013 17:05:19:227 -----------------------------------------------------------------
01/18/2013 17:05:19:227 NetpValidateName: checking to see if '*****.local' is valid as type 3 name
01/18/2013 17:05:19:352 NetpCheckDomainNameIsValid [ Exists ] for '*****.local' returned 0x0
01/18/2013 17:05:19:352 NetpValidateName: name '*****.local' is valid for type 3
01/18/2013 17:05:28:025 -----------------------------------------------------------------
01/18/2013 17:05:28:025 NetpDoDomainJoin
01/18/2013 17:05:28:025 NetpMachineValidToJoin: 'TDRW2K8R2'
01/18/2013 17:05:28:025 	OS Version: 6.1
01/18/2013 17:05:28:025 	Build number: 7600 (7600.win7_gdr.120830-0334)
01/18/2013 17:05:28:025 	SKU: Windows Server 2008 R2 Datacenter
01/18/2013 17:05:28:025 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
01/18/2013 17:05:28:025 NetpGetLsaPrimaryDomain: status: 0x0
01/18/2013 17:05:28:025 NetpMachineValidToJoin: status: 0x0
01/18/2013 17:05:28:025 NetpJoinDomain
01/18/2013 17:05:28:025 	Machine: TDRW2K8R2
01/18/2013 17:05:28:025 	Domain: 
01/18/2013 17:05:28:025 	MachineAccountOU: (NULL)
01/18/2013 17:05:28:025 	Account: 
01/18/2013 17:05:28:025 	Options: 0x25
01/18/2013 17:05:28:025 NetpLoadParameters: loading registry parameters...
01/18/2013 17:05:28:025 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/18/2013 17:05:28:025 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/18/2013 17:05:28:025 NetpLoadParameters: status: 0x2
01/18/2013 17:05:28:025 NetpValidateName: checking to see if '*****.local' is valid as type 3 name
01/18/2013 17:05:28:150 NetpCheckDomainNameIsValid [ Exists ] for '*****.local' returned 0x0
01/18/2013 17:05:28:150 NetpValidateName: name '*****.local' is valid for type 3
01/18/2013 17:05:28:150 NetpDsGetDcName: trying to find DC in domain '*****.local', flags: 0x40001010
01/18/2013 17:05:31:364 NetpDsGetDcName: failed to find a DC having account 'TDRW2K8R2$': 0x525, last error is 0x0
01/18/2013 17:05:31:364 NetpLoadParameters: loading registry parameters...
01/18/2013 17:05:31:364 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/18/2013 17:05:31:364 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/18/2013 17:05:31:364 NetpLoadParameters: status: 0x2
01/18/2013 17:05:31:379 NetpDsGetDcName: status of verifying DNS A record name resolution for '*****.local': 0x0
01/18/2013 17:05:31:379 NetpDsGetDcName: found DC '\\*****.local' in the specified domain
01/18/2013 17:05:31:379 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
01/18/2013 17:05:53:516 NetUseAdd to \\*****.local\IPC$ returned 53
01/18/2013 17:05:53:516 NetpJoinDomain: status of connecting to dc '\\*****.local': 0x35
01/18/2013 17:05:53:516 NetpJoinDomainOnDs: Function exits with status of: 0x35
01/18/2013 17:05:53:516 NetpDoDomainJoin: status: 0x35
01/18/2013 17:05:53:516 -----------------------------------------------------------------
01/18/2013 17:05:53:516 NetpDoDomainJoin
01/18/2013 17:05:53:516 NetpMachineValidToJoin: 'TDRW2K8R2'
01/18/2013 17:05:53:516 	OS Version: 6.1
01/18/2013 17:05:53:516 	Build number: 7600 (7600.win7_gdr.120830-0334)
01/18/2013 17:05:53:516 	SKU: Windows Server 2008 R2 Datacenter
01/18/2013 17:05:53:516 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
01/18/2013 17:05:53:516 NetpGetLsaPrimaryDomain: status: 0x0
01/18/2013 17:05:53:516 NetpMachineValidToJoin: status: 0x0
01/18/2013 17:05:53:516 NetpJoinDomain
01/18/2013 17:05:53:516 	Machine: TDRW2K8R2
01/18/2013 17:05:53:516 	Domain: 
01/18/2013 17:05:53:516 	MachineAccountOU: (NULL)
01/18/2013 17:05:53:516 	Account: 
01/18/2013 17:05:53:516 	Options: 0x27
01/18/2013 17:05:53:516 NetpLoadParameters: loading registry parameters...
01/18/2013 17:05:53:516 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/18/2013 17:05:53:516 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/18/2013 17:05:53:516 NetpLoadParameters: status: 0x2
01/18/2013 17:05:53:516 NetpValidateName: checking to see if '*****.local' is valid as type 3 name
01/18/2013 17:05:53:625 NetpCheckDomainNameIsValid [ Exists ] for '*****.local' returned 0x0
01/18/2013 17:05:53:625 NetpValidateName: name '*****.local' is valid for type 3
01/18/2013 17:05:53:625 NetpDsGetDcName: trying to find DC in domain '*****.local', flags: 0x40001010
01/18/2013 17:05:56:854 NetpDsGetDcName: failed to find a DC having account 'TDRW2K8R2$': 0x525, last error is 0x0
01/18/2013 17:05:56:854 NetpLoadParameters: loading registry parameters...
01/18/2013 17:05:56:854 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/18/2013 17:05:56:854 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/18/2013 17:05:56:854 NetpLoadParameters: status: 0x2
01/18/2013 17:05:56:854 NetpDsGetDcName: status of verifying DNS A record name resolution for '*****.local': 0x0
01/18/2013 17:05:56:854 NetpDsGetDcName: found DC '\\*****.local' in the specified domain
01/18/2013 17:05:56:854 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
01/18/2013 17:06:19:006 NetUseAdd to \\*****.local\IPC$ returned 53
01/18/2013 17:06:19:006 NetpJoinDomain: status of connecting to dc '\\*****.local': 0x35
01/18/2013 17:06:19:006 NetpJoinDomainOnDs: Function exits with status of: 0x35
01/18/2013 17:06:19:006 NetpDoDomainJoin: status: 0x35

Open in new window

0
 

Author Comment

by:Will_3rd
ID: 38839007
My colleague found the solution, a Cisco device was interfering with communication on port 389 & 445.

Some old settings on re-used hardware was blocking the above ports on just one of the network interfaces!
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to install and use the NTBackup utility that comes with Windows Server.
Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licenā€¦
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlleā€¦

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question