Unable join domain

We had a number of computers unable to access the domain network. they had been able to access the network when working off site via UAG Direct Access. but when on the physical network. all users except apple users could not access the domain. they can access the network not the domain on the network so they can ping by ip that is it.

The local network connection icon would say internet access rather then domain.local

Im not sure what happened or why it failed. I can ping everything by IP not DNS. Computers would not connect. we had to put computers into work group, rename them and then add them to domain to get them working.

now nothing is working. not sure of issue.

any help on how I can get this resolved before users come online in 8 hours.

running workstation computers are windows 7 ent
server 2008 R2

joining computer to domain I get this
an active directory domain controller (AD DC0 for the domain could not be contacted. etc...

in drop down box I get this

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

The domain name "GCCSI" might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "GCCSI":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.GCCSI

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

- One or more of the following zones do not include delegation to its child zone:

. (the root zone)

please if you understand or know where I can go to get some help. much appreciated
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Tony GiangrecoCommented:
I'm assuming your server is running DNS and DHCP. if so, setup all PC's to get a dynamic IP and DNS before trying to join the network. Before joining the network run an ipconfig /all on each pc and check to see if they have the proper IP from the server running DHCP. If they don't have the proper DNS info, add a static IP and DNS to each using an IP range that is outside your IP scope currently defined in your DHCP scope on the server. After getting them connected, you can adjust the IP's as needed.

I've used this process on other networks where I had the same problem.

One last suggestion. If nothing works, add the DHCP and DNS server IP's to the host file on each Pc.
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

Are the IP Addresses the DNS servers for the GCCSI domain?  Change the PCs DNS settings in NIC properties to use the DC's IP addresses if not.
Then you should be able to query the DNS and get joined to the domain.
Brian PiercePhotographerCommented:
It would appear that the machines are not pointing to your windows server for their one and ONLY DNS server.
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

nashim khanExchange AdministratorCommented:

Please read the below link. Might be it will solve your query.


Nashim Khan
AncientsAuthor Commented:
Have tried everything.
Entered IP within and outside of scope, and entered DNS settings, tried alone, updated HOST Files for DNS and everything on network etc..

we have entered dns in wins as it is the only way to get it going.
I would like to figure this out though.
have you recently installed any antivirus or is there was change in existing firewall rules?

1 first ping your FQDN from the server ---ping yourADDS servername.your domain.local

2 If it is working try pinging any other host FQDN.

3 If these are working something is blocking the  traffic

Have a try
Brian PiercePhotographerCommented:
When you say you have set the IP and DNS settings - what have you set them to?
Use an IP in the same subnet as the windows server
Set the DNS to point to the windows server ONLY

There should be no need to put anything in the HOSTS file or WINS
AncientsAuthor Commented:
DNS is the IP of the DNS server.

Wins did not seem to work. we had mapping and now things not accessible. can you have network issue where you can ping by IP not DNS?

Network engineer said if you can ping and some machines can access. (Apple computers work on network) but the windows 7 systems do not.

when I ping the File and print server. I get nothing back now. not sure how it just stops working...
Does the NIC of the server point to or to the 10.x.x.x address?
It seems that the NIC of the server is not set properly or the PCs.  One or the other.
Get all other DNS servers out of the picture other than that of the DCs.
Run this on the DCs and post the output here.

dcdiag /test:dns
Do all machines (apple and windows) connect via ethernet or are some wireless and some wired?
Perhaps there are 2 DHCP servers messing things up?
Sometimes DNS adress doesn't get registered with adapter properly. We did some trick to fix this issue, first we added public DNS address (ex: as Preferred DNS and secondary as blank. restart workstation / server. try to join it to domain, I know it will fail but try it for atleast 3 times. Then remove public DNS and PDCs DNS as preferred DNS. perform ipconfig /flushdns & ipconfig /registerdns then try to add it to domain. If this still doesn't work then you have to reinstall NIC drivers and reboot the machine.

DNS Best Practices

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AncientsAuthor Commented:
Set IPS to static and not 127. on DC's
DNS only on the domain
There were also two DHCP servers not playing nice. so have only one DHCP SVR and all works a treat. except Direct Access is now dead. a new post  to work on that.

thanks all
Direct Access requires IPv6 make sure you keep IPv6 properties, set it to "obtain ip address automatically" and "obtain dns server address automatically" instead of disabling it.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2008

From novice to tech pro — start learning today.