Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Issues joining 2008R2 & 2012 Servers to domain over VPN link

Posted on 2013-01-16
4
Medium Priority
?
1,408 Views
Last Modified: 2013-01-31
Hi all

We have an interesting issue currently with joining servers at a DR site to our domain.

When we try to join them after entering the correct username and password we get the following error:

Error snapshot
Windows Firewall is disabled at both ends and the main sites DMC DNS has been set on the NIC.

Any advice or help would be appreciated.
0
Comment
Question by:Will_3rd
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 1

Accepted Solution

by:
GopiKiran earned 1500 total points
ID: 38782266
it seems to be issue is either DNS or firewall, do the following from one of your PCs in any of subnet:

nslookup

set type = SRV

_ldap._tcp.Your_FQDN_domain

when you try to join to the doman use the full DNS domain of your .

make sure your able to query DNS , and make sure there is nothing blocking RPC traffic.

Also make sure you can telnet to the server on these ports

135 "rpc port mapper"
389 "LDAP"
3289 "GC"
88 UDP "Kerberos" "you can test UDP ports using port query or another tool like nmap but not telnet"
53 UDP "DNS"

See other useful events in event viewer of the DC and the client, post them here if possible.

and also try changing the domain controllers default gateway to be the router interface and try to join them.
0
 

Author Comment

by:Will_3rd
ID: 38783454
Output from CMD

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>set type = SRV

C:\Users\Administrator>nslookup
Default Server:  abrdmc01.abritas.local
Address:  192.168.2.72

> ^C
C:\Users\Administrator>nslookup
Default Server:  abrdmc01.abritas.local
Address:  192.168.2.72

> set type=srv
> _ldap._tcp.abritas.local
Server:  abrdmc01.abritas.local
Address:  192.168.2.72

_ldap._tcp.abritas.local        SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = abrdmc01.abritas.local
_ldap._tcp.abritas.local        SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = abritas1.abritas.local
abrdmc01.abritas.local  internet address = 192.168.2.72
abritas1.abritas.local  internet address = 192.168.2.2
>

Open in new window


I am using the full DNS domain when trying the domain join if I leave out .local it will fail straight away.

I can query two domain controllers for DNS request and ping by FQDN hostname across the VPN link.

I will check the ports you have specified and event logs as well and get back to you.

The default gateway is already set to be the firewall.
0
 

Author Comment

by:Will_3rd
ID: 38793083
Just an update there are no entries in Event Viewer related to failed domain joins.

I cannot Telnet to the ports you mentioned.

Output from NetSetup Log:

01/18/2013 17:05:19:227 -----------------------------------------------------------------
01/18/2013 17:05:19:227 NetpValidateName: checking to see if 'TDRW2K8R2' is valid as type 1 name
01/18/2013 17:05:19:227 NetpCheckNetBiosNameNotInUse for 'TDRW2K8R2' [MACHINE] returned 0x0
01/18/2013 17:05:19:227 NetpValidateName: name 'TDRW2K8R2' is valid for type 1
01/18/2013 17:05:19:227 -----------------------------------------------------------------
01/18/2013 17:05:19:227 NetpValidateName: checking to see if 'TDRW2K8R2' is valid as type 5 name
01/18/2013 17:05:19:227 NetpValidateName: name 'TDRW2K8R2' is valid for type 5
01/18/2013 17:05:19:227 -----------------------------------------------------------------
01/18/2013 17:05:19:227 NetpValidateName: checking to see if '*****.local' is valid as type 3 name
01/18/2013 17:05:19:352 NetpCheckDomainNameIsValid [ Exists ] for '*****.local' returned 0x0
01/18/2013 17:05:19:352 NetpValidateName: name '*****.local' is valid for type 3
01/18/2013 17:05:28:025 -----------------------------------------------------------------
01/18/2013 17:05:28:025 NetpDoDomainJoin
01/18/2013 17:05:28:025 NetpMachineValidToJoin: 'TDRW2K8R2'
01/18/2013 17:05:28:025 	OS Version: 6.1
01/18/2013 17:05:28:025 	Build number: 7600 (7600.win7_gdr.120830-0334)
01/18/2013 17:05:28:025 	SKU: Windows Server 2008 R2 Datacenter
01/18/2013 17:05:28:025 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
01/18/2013 17:05:28:025 NetpGetLsaPrimaryDomain: status: 0x0
01/18/2013 17:05:28:025 NetpMachineValidToJoin: status: 0x0
01/18/2013 17:05:28:025 NetpJoinDomain
01/18/2013 17:05:28:025 	Machine: TDRW2K8R2
01/18/2013 17:05:28:025 	Domain: 
01/18/2013 17:05:28:025 	MachineAccountOU: (NULL)
01/18/2013 17:05:28:025 	Account: 
01/18/2013 17:05:28:025 	Options: 0x25
01/18/2013 17:05:28:025 NetpLoadParameters: loading registry parameters...
01/18/2013 17:05:28:025 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/18/2013 17:05:28:025 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/18/2013 17:05:28:025 NetpLoadParameters: status: 0x2
01/18/2013 17:05:28:025 NetpValidateName: checking to see if '*****.local' is valid as type 3 name
01/18/2013 17:05:28:150 NetpCheckDomainNameIsValid [ Exists ] for '*****.local' returned 0x0
01/18/2013 17:05:28:150 NetpValidateName: name '*****.local' is valid for type 3
01/18/2013 17:05:28:150 NetpDsGetDcName: trying to find DC in domain '*****.local', flags: 0x40001010
01/18/2013 17:05:31:364 NetpDsGetDcName: failed to find a DC having account 'TDRW2K8R2$': 0x525, last error is 0x0
01/18/2013 17:05:31:364 NetpLoadParameters: loading registry parameters...
01/18/2013 17:05:31:364 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/18/2013 17:05:31:364 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/18/2013 17:05:31:364 NetpLoadParameters: status: 0x2
01/18/2013 17:05:31:379 NetpDsGetDcName: status of verifying DNS A record name resolution for '*****.local': 0x0
01/18/2013 17:05:31:379 NetpDsGetDcName: found DC '\\*****.local' in the specified domain
01/18/2013 17:05:31:379 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
01/18/2013 17:05:53:516 NetUseAdd to \\*****.local\IPC$ returned 53
01/18/2013 17:05:53:516 NetpJoinDomain: status of connecting to dc '\\*****.local': 0x35
01/18/2013 17:05:53:516 NetpJoinDomainOnDs: Function exits with status of: 0x35
01/18/2013 17:05:53:516 NetpDoDomainJoin: status: 0x35
01/18/2013 17:05:53:516 -----------------------------------------------------------------
01/18/2013 17:05:53:516 NetpDoDomainJoin
01/18/2013 17:05:53:516 NetpMachineValidToJoin: 'TDRW2K8R2'
01/18/2013 17:05:53:516 	OS Version: 6.1
01/18/2013 17:05:53:516 	Build number: 7600 (7600.win7_gdr.120830-0334)
01/18/2013 17:05:53:516 	SKU: Windows Server 2008 R2 Datacenter
01/18/2013 17:05:53:516 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
01/18/2013 17:05:53:516 NetpGetLsaPrimaryDomain: status: 0x0
01/18/2013 17:05:53:516 NetpMachineValidToJoin: status: 0x0
01/18/2013 17:05:53:516 NetpJoinDomain
01/18/2013 17:05:53:516 	Machine: TDRW2K8R2
01/18/2013 17:05:53:516 	Domain: 
01/18/2013 17:05:53:516 	MachineAccountOU: (NULL)
01/18/2013 17:05:53:516 	Account: 
01/18/2013 17:05:53:516 	Options: 0x27
01/18/2013 17:05:53:516 NetpLoadParameters: loading registry parameters...
01/18/2013 17:05:53:516 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/18/2013 17:05:53:516 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/18/2013 17:05:53:516 NetpLoadParameters: status: 0x2
01/18/2013 17:05:53:516 NetpValidateName: checking to see if '*****.local' is valid as type 3 name
01/18/2013 17:05:53:625 NetpCheckDomainNameIsValid [ Exists ] for '*****.local' returned 0x0
01/18/2013 17:05:53:625 NetpValidateName: name '*****.local' is valid for type 3
01/18/2013 17:05:53:625 NetpDsGetDcName: trying to find DC in domain '*****.local', flags: 0x40001010
01/18/2013 17:05:56:854 NetpDsGetDcName: failed to find a DC having account 'TDRW2K8R2$': 0x525, last error is 0x0
01/18/2013 17:05:56:854 NetpLoadParameters: loading registry parameters...
01/18/2013 17:05:56:854 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/18/2013 17:05:56:854 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/18/2013 17:05:56:854 NetpLoadParameters: status: 0x2
01/18/2013 17:05:56:854 NetpDsGetDcName: status of verifying DNS A record name resolution for '*****.local': 0x0
01/18/2013 17:05:56:854 NetpDsGetDcName: found DC '\\*****.local' in the specified domain
01/18/2013 17:05:56:854 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
01/18/2013 17:06:19:006 NetUseAdd to \\*****.local\IPC$ returned 53
01/18/2013 17:06:19:006 NetpJoinDomain: status of connecting to dc '\\*****.local': 0x35
01/18/2013 17:06:19:006 NetpJoinDomainOnDs: Function exits with status of: 0x35
01/18/2013 17:06:19:006 NetpDoDomainJoin: status: 0x35

Open in new window

0
 

Author Comment

by:Will_3rd
ID: 38839007
My colleague found the solution, a Cisco device was interfering with communication on port 389 & 445.

Some old settings on re-used hardware was blocking the above ports on just one of the network interfaces!
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question