Solved

Issues joining 2008R2 & 2012 Servers to domain over VPN link

Posted on 2013-01-16
4
956 Views
Last Modified: 2013-01-31
Hi all

We have an interesting issue currently with joining servers at a DR site to our domain.

When we try to join them after entering the correct username and password we get the following error:

Error snapshot
Windows Firewall is disabled at both ends and the main sites DMC DNS has been set on the NIC.

Any advice or help would be appreciated.
0
Comment
Question by:Will_3rd
  • 3
4 Comments
 
LVL 1

Accepted Solution

by:
GopiKiran earned 500 total points
ID: 38782266
it seems to be issue is either DNS or firewall, do the following from one of your PCs in any of subnet:

nslookup

set type = SRV

_ldap._tcp.Your_FQDN_domain

when you try to join to the doman use the full DNS domain of your .

make sure your able to query DNS , and make sure there is nothing blocking RPC traffic.

Also make sure you can telnet to the server on these ports

135 "rpc port mapper"
389 "LDAP"
3289 "GC"
88 UDP "Kerberos" "you can test UDP ports using port query or another tool like nmap but not telnet"
53 UDP "DNS"

See other useful events in event viewer of the DC and the client, post them here if possible.

and also try changing the domain controllers default gateway to be the router interface and try to join them.
0
 

Author Comment

by:Will_3rd
ID: 38783454
Output from CMD

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\Administrator>set type = SRV

C:\Users\Administrator>nslookup
Default Server:  abrdmc01.abritas.local
Address:  192.168.2.72

> ^C
C:\Users\Administrator>nslookup
Default Server:  abrdmc01.abritas.local
Address:  192.168.2.72

> set type=srv
> _ldap._tcp.abritas.local
Server:  abrdmc01.abritas.local
Address:  192.168.2.72

_ldap._tcp.abritas.local        SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = abrdmc01.abritas.local
_ldap._tcp.abritas.local        SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = abritas1.abritas.local
abrdmc01.abritas.local  internet address = 192.168.2.72
abritas1.abritas.local  internet address = 192.168.2.2
>

Open in new window


I am using the full DNS domain when trying the domain join if I leave out .local it will fail straight away.

I can query two domain controllers for DNS request and ping by FQDN hostname across the VPN link.

I will check the ports you have specified and event logs as well and get back to you.

The default gateway is already set to be the firewall.
0
 

Author Comment

by:Will_3rd
ID: 38793083
Just an update there are no entries in Event Viewer related to failed domain joins.

I cannot Telnet to the ports you mentioned.

Output from NetSetup Log:

01/18/2013 17:05:19:227 -----------------------------------------------------------------
01/18/2013 17:05:19:227 NetpValidateName: checking to see if 'TDRW2K8R2' is valid as type 1 name
01/18/2013 17:05:19:227 NetpCheckNetBiosNameNotInUse for 'TDRW2K8R2' [MACHINE] returned 0x0
01/18/2013 17:05:19:227 NetpValidateName: name 'TDRW2K8R2' is valid for type 1
01/18/2013 17:05:19:227 -----------------------------------------------------------------
01/18/2013 17:05:19:227 NetpValidateName: checking to see if 'TDRW2K8R2' is valid as type 5 name
01/18/2013 17:05:19:227 NetpValidateName: name 'TDRW2K8R2' is valid for type 5
01/18/2013 17:05:19:227 -----------------------------------------------------------------
01/18/2013 17:05:19:227 NetpValidateName: checking to see if '*****.local' is valid as type 3 name
01/18/2013 17:05:19:352 NetpCheckDomainNameIsValid [ Exists ] for '*****.local' returned 0x0
01/18/2013 17:05:19:352 NetpValidateName: name '*****.local' is valid for type 3
01/18/2013 17:05:28:025 -----------------------------------------------------------------
01/18/2013 17:05:28:025 NetpDoDomainJoin
01/18/2013 17:05:28:025 NetpMachineValidToJoin: 'TDRW2K8R2'
01/18/2013 17:05:28:025 	OS Version: 6.1
01/18/2013 17:05:28:025 	Build number: 7600 (7600.win7_gdr.120830-0334)
01/18/2013 17:05:28:025 	SKU: Windows Server 2008 R2 Datacenter
01/18/2013 17:05:28:025 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
01/18/2013 17:05:28:025 NetpGetLsaPrimaryDomain: status: 0x0
01/18/2013 17:05:28:025 NetpMachineValidToJoin: status: 0x0
01/18/2013 17:05:28:025 NetpJoinDomain
01/18/2013 17:05:28:025 	Machine: TDRW2K8R2
01/18/2013 17:05:28:025 	Domain: 
01/18/2013 17:05:28:025 	MachineAccountOU: (NULL)
01/18/2013 17:05:28:025 	Account: 
01/18/2013 17:05:28:025 	Options: 0x25
01/18/2013 17:05:28:025 NetpLoadParameters: loading registry parameters...
01/18/2013 17:05:28:025 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/18/2013 17:05:28:025 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/18/2013 17:05:28:025 NetpLoadParameters: status: 0x2
01/18/2013 17:05:28:025 NetpValidateName: checking to see if '*****.local' is valid as type 3 name
01/18/2013 17:05:28:150 NetpCheckDomainNameIsValid [ Exists ] for '*****.local' returned 0x0
01/18/2013 17:05:28:150 NetpValidateName: name '*****.local' is valid for type 3
01/18/2013 17:05:28:150 NetpDsGetDcName: trying to find DC in domain '*****.local', flags: 0x40001010
01/18/2013 17:05:31:364 NetpDsGetDcName: failed to find a DC having account 'TDRW2K8R2$': 0x525, last error is 0x0
01/18/2013 17:05:31:364 NetpLoadParameters: loading registry parameters...
01/18/2013 17:05:31:364 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/18/2013 17:05:31:364 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/18/2013 17:05:31:364 NetpLoadParameters: status: 0x2
01/18/2013 17:05:31:379 NetpDsGetDcName: status of verifying DNS A record name resolution for '*****.local': 0x0
01/18/2013 17:05:31:379 NetpDsGetDcName: found DC '\\*****.local' in the specified domain
01/18/2013 17:05:31:379 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
01/18/2013 17:05:53:516 NetUseAdd to \\*****.local\IPC$ returned 53
01/18/2013 17:05:53:516 NetpJoinDomain: status of connecting to dc '\\*****.local': 0x35
01/18/2013 17:05:53:516 NetpJoinDomainOnDs: Function exits with status of: 0x35
01/18/2013 17:05:53:516 NetpDoDomainJoin: status: 0x35
01/18/2013 17:05:53:516 -----------------------------------------------------------------
01/18/2013 17:05:53:516 NetpDoDomainJoin
01/18/2013 17:05:53:516 NetpMachineValidToJoin: 'TDRW2K8R2'
01/18/2013 17:05:53:516 	OS Version: 6.1
01/18/2013 17:05:53:516 	Build number: 7600 (7600.win7_gdr.120830-0334)
01/18/2013 17:05:53:516 	SKU: Windows Server 2008 R2 Datacenter
01/18/2013 17:05:53:516 NetpDomainJoinLicensingCheck: ulLicenseValue=1, Status: 0x0
01/18/2013 17:05:53:516 NetpGetLsaPrimaryDomain: status: 0x0
01/18/2013 17:05:53:516 NetpMachineValidToJoin: status: 0x0
01/18/2013 17:05:53:516 NetpJoinDomain
01/18/2013 17:05:53:516 	Machine: TDRW2K8R2
01/18/2013 17:05:53:516 	Domain: 
01/18/2013 17:05:53:516 	MachineAccountOU: (NULL)
01/18/2013 17:05:53:516 	Account: 
01/18/2013 17:05:53:516 	Options: 0x27
01/18/2013 17:05:53:516 NetpLoadParameters: loading registry parameters...
01/18/2013 17:05:53:516 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/18/2013 17:05:53:516 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/18/2013 17:05:53:516 NetpLoadParameters: status: 0x2
01/18/2013 17:05:53:516 NetpValidateName: checking to see if '*****.local' is valid as type 3 name
01/18/2013 17:05:53:625 NetpCheckDomainNameIsValid [ Exists ] for '*****.local' returned 0x0
01/18/2013 17:05:53:625 NetpValidateName: name '*****.local' is valid for type 3
01/18/2013 17:05:53:625 NetpDsGetDcName: trying to find DC in domain '*****.local', flags: 0x40001010
01/18/2013 17:05:56:854 NetpDsGetDcName: failed to find a DC having account 'TDRW2K8R2$': 0x525, last error is 0x0
01/18/2013 17:05:56:854 NetpLoadParameters: loading registry parameters...
01/18/2013 17:05:56:854 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
01/18/2013 17:05:56:854 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
01/18/2013 17:05:56:854 NetpLoadParameters: status: 0x2
01/18/2013 17:05:56:854 NetpDsGetDcName: status of verifying DNS A record name resolution for '*****.local': 0x0
01/18/2013 17:05:56:854 NetpDsGetDcName: found DC '\\*****.local' in the specified domain
01/18/2013 17:05:56:854 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
01/18/2013 17:06:19:006 NetUseAdd to \\*****.local\IPC$ returned 53
01/18/2013 17:06:19:006 NetpJoinDomain: status of connecting to dc '\\*****.local': 0x35
01/18/2013 17:06:19:006 NetpJoinDomainOnDs: Function exits with status of: 0x35
01/18/2013 17:06:19:006 NetpDoDomainJoin: status: 0x35

Open in new window

0
 

Author Comment

by:Will_3rd
ID: 38839007
My colleague found the solution, a Cisco device was interfering with communication on port 389 & 445.

Some old settings on re-used hardware was blocking the above ports on just one of the network interfaces!
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now