Unable join domain

We had a number of computers unable to access the domain network. they had been able to access the network when working off site via UAG Direct Access. but when on the physical network. all users except apple users could not access the domain. they can access the network not the domain on the network so they can ping by ip that is it.

The local network connection icon would say internet access rather then domain.local

Im not sure what happened or why it failed. I can ping everything by IP not DNS. Computers would not connect. we had to put computers into work group, rename them and then add them to domain to get them working.

now nothing is working. not sure of issue.

any help on how I can get this resolved before users come online in 8 hours.

running workstation computers are windows 7 ent
server 2008 R2

joining computer to domain I get this
an active directory domain controller (AD DC0 for the domain could not be contacted. etc...

in drop down box I get this

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

The domain name "GCCSI" might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "GCCSI":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.GCCSI

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

- One or more of the following zones do not include delegation to its child zone:

. (the root zone)

please if you understand or know where I can go to get some help. much appreciated
Who is Participating?
ZenVenkyConnect With a Mentor ArchitectCommented:
Sometimes DNS adress doesn't get registered with adapter properly. We did some trick to fix this issue, first we added public DNS address (ex: as Preferred DNS and secondary as blank. restart workstation / server. try to join it to domain, I know it will fail but try it for atleast 3 times. Then remove public DNS and PDCs DNS as preferred DNS. perform ipconfig /flushdns & ipconfig /registerdns then try to add it to domain. If this still doesn't work then you have to reinstall NIC drivers and reboot the machine.

DNS Best Practices
Tony GiangrecoCommented:
I'm assuming your server is running DNS and DHCP. if so, setup all PC's to get a dynamic IP and DNS before trying to join the network. Before joining the network run an ipconfig /all on each pc and check to see if they have the proper IP from the server running DHCP. If they don't have the proper DNS info, add a static IP and DNS to each using an IP range that is outside your IP scope currently defined in your DHCP scope on the server. After getting them connected, you can adjust the IP's as needed.

I've used this process on other networks where I had the same problem.

One last suggestion. If nothing works, add the DHCP and DNS server IP's to the host file on each Pc.
TMekeelConnect With a Mentor Commented:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

Are the IP Addresses the DNS servers for the GCCSI domain?  Change the PCs DNS settings in NIC properties to use the DC's IP addresses if not.
Then you should be able to query the DNS and get joined to the domain.
Free tool for managing users' photos in Office 365

Easily upload multiple users’ photos to Office 365. Manage them with an intuitive GUI and use handy built-in cropping and resizing options. Link photos with users based on Azure AD attributes. Free tool!

It would appear that the machines are not pointing to your windows server for their one and ONLY DNS server.
nashim khanExchange AdministratorCommented:

Please read the below link. Might be it will solve your query.


Nashim Khan
AncientsAuthor Commented:
Have tried everything.
Entered IP within and outside of scope, and entered DNS settings, tried alone, updated HOST Files for DNS and everything on network etc..

we have entered dns in wins as it is the only way to get it going.
I would like to figure this out though.
have you recently installed any antivirus or is there was change in existing firewall rules?

1 first ping your FQDN from the server ---ping yourADDS servername.your domain.local

2 If it is working try pinging any other host FQDN.

3 If these are working something is blocking the  traffic

Have a try
When you say you have set the IP and DNS settings - what have you set them to?
Use an IP in the same subnet as the windows server
Set the DNS to point to the windows server ONLY

There should be no need to put anything in the HOSTS file or WINS
AncientsAuthor Commented:
DNS is the IP of the DNS server.

Wins did not seem to work. we had mapping and now things not accessible. can you have network issue where you can ping by IP not DNS?

Network engineer said if you can ping and some machines can access. (Apple computers work on network) but the windows 7 systems do not.

when I ping the File and print server. I get nothing back now. not sure how it just stops working...
TMekeelConnect With a Mentor Commented:
Does the NIC of the server point to or to the 10.x.x.x address?
It seems that the NIC of the server is not set properly or the PCs.  One or the other.
TMekeelConnect With a Mentor Commented:
Get all other DNS servers out of the picture other than that of the DCs.
Run this on the DCs and post the output here.

dcdiag /test:dns
Do all machines (apple and windows) connect via ethernet or are some wireless and some wired?
Perhaps there are 2 DHCP servers messing things up?
AncientsAuthor Commented:
Set IPS to static and not 127. on DC's
DNS only on the domain
There were also two DHCP servers not playing nice. so have only one DHCP SVR and all works a treat. except Direct Access is now dead. a new post  to work on that.

thanks all
Direct Access requires IPv6 make sure you keep IPv6 properties, set it to "obtain ip address automatically" and "obtain dns server address automatically" instead of disabling it.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.