Can't join Windows Server 2008 to Server 2003 domain

Posted on 2013-11-22
Last Modified: 2013-11-26
I've got a new Windows Server 2008 R2 machine that I'm using to replace a Windows Server 2003 machine.  I'm at the very beginning and am trying to join the 2008 server to the 2003 domain.  When I do  so, I'm getting the following error message:

An Active Directory Domain Controller (AD DC) for the domain "domain.local" could not be contacted.  

In the details of the error message, I get this information

The error was "This operation returned because the timeout period expired"

When I look on the 2003 server, I get a DNS error 7062 below, where is the IP address of the 2003 server.

The DNS server encountered a packet addressed to itself on IP address The packet is for the DNS name "_ldap._tcp.dc._msdcs.domain.local.". The packet will be discarded. This condition usually indicates a configuration error.
Check the following areas for possible self-send configuration errors:
  1) Forwarders list. (DNS servers should not forward to themselves).
  2) Master lists of secondary zones.
  3) Notify lists of primary zones.
  4) Delegations of subzones.  Must not contain NS record for this DNS server unless subzone is also on this server.
  5) Root hints.
Example of self-delegation:
  -> This DNS server is the primary for the zone
  -> The zone contains a delegation of to,
  ( NS
  -> BUT the zone is NOT on this server.
Note, you should make this delegation check (with nslookup or DNS manager) both on this DNS server and on the server(s) you delegated the subzone to. It is possible that the delegation was done correctly, but that the primary DNS for the subzone, has any incorrect NS record pointing back at this server. If this incorrect NS record is cached at this server, then the self-send could result.  If found, the subzone DNS server admin should remove the offending NS record.
You can use the DNS server debug logging facility to track down the cause of this problem.

For more information, see Help and Support Center at

The DNS on the 2008 server is pointing toward the 2003 server.  I've tried clearing the DNS cache on the 2003 server as well as deleting and adding back the forwarders & root hints.

Any help would be appreciated.  Much thanks!
Question by:SupermanTB
  • 4
  • 2
  • 2
  • +2
LVL 22

Expert Comment

by:Nick Rhode
ID: 39670346
LVL 70

Expert Comment

ID: 39670462
You don't need to prep just to join the domain.

It sounds like the IP of the new 2008 machine is the same as the 2003 machine

Check the IP and mask of the machines

Expert Comment

ID: 39671747

This might be a very basic question,
=> Where u able to ping the Windows 2003 Server by IP Address?
=> Where u able to ping the FQDN of the Windows 2003 server?

Are you getting replies? if YES and still not working please post the system info from both Windows 2003 and the Windows 2008 Machine for further investigation.
LVL 26

Expert Comment

ID: 39672936
Does the 2003 DNS server have forward lookup zones named domain.local and _msdcs.domain.local, or does the domain.local zone contain an _msdcs folder? It sounds like this part of the DNS configuration may be screwed up in some way.

Author Comment

ID: 39674655
Thanks for everyone's help.  Here are the answers to all your questions:

NRhode:  I don't believe the prep is necessary in order to just join the domain.  I have definitely not done it yet though.

KCTS:  The IP address of the 2003 server is and the IP address of the 2008 server is being assigned dynamically.  The SM for both machines is

virastar:  I can ping the 2003 server by both IP address and FQDN name.  System Info is attached

DrDave242:  The DNS on the 2003 server only has one forward lookup zone named domain.local containing an _msdcs folder.  The _msdcs folder does appear to be grey color while the other folders are more yellow.  There are also no sub folders under _msdcs.  The only entry for _msdcs is

(same as parent folder)
Name Server (NS)
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.


Expert Comment

ID: 39675542
by: SupermanTBPosted on 2013-11-25 at 19:44:20ID: 39674655

KCTS:  The IP address of the 2003 server is and the IP address of the 2008 server is being assigned dynamically.  The SM for both machines is

May I know why the IP Address of the Windows 2008 is dynamic ?

Can you please try settings the same IP as static and try joining the domain?
Also try a different host name for Windows 2008 Server and try joining again.


Author Comment

ID: 39675639
I have tried setting the 2008 IP address as static and got the same problem.  I've also tried changing the computer name of the 2008 server as well.

No luck
LVL 26

Accepted Solution

DrDave242 earned 500 total points
ID: 39676054
DrDave242:  The DNS on the 2003 server only has one forward lookup zone named domain.local containing an _msdcs folder.  The _msdcs folder does appear to be grey color while the other folders are more yellow.  There are also no sub folders under _msdcs.
OK, this is at least part of the problem. That gray _msdcs folder is a delegation record, and it will only contain name server (NS) records for each of your DNS servers. Since the delegation is present, there should also be a separate _msdcs.domain.local zone present, but it sounds like this zone is missing in your case. Fortunately, recreating it isn't hard.

In the DNS console, right-click Forward Lookup Zones and select New Zone. Provide the following information when prompted by the New Zone wizard:

Zone type: Primary
Store the zone in Active Directory.
Replicate the zone to all DNS servers running on DCs in the forest.
Name the zone _msdcs.domain.local (substituting your domain name, of course).
Allow only secure dynamic updates.

After the zone has been created, close the DNS console, open a command prompt on the DC, and run these four commands:

ipconfig /flushdns
ipconfig /registerdns
net stop netlogon
net start netlogon
Wait a few minutes, then open the DNS console and look at the contents of the new zone. It should contain a single SOA record, NS and CNAME records for each DC, and folders named dc, domains, gc, and pdc. Each folder will contain records and/or subfolders, but if the folders themselves are all there, it's probably safe to assume everything is intact. Run ipconfig /flushdns on the 2008 R2 server and try to join it to the domain again.

Author Comment

ID: 39676102
Awesome.  I'm away from a computer, but will give this a try tomorrow.

Author Closing Comment

ID: 39678137
This solved my problem.  The new zone populated exactly as you said it would.  Thanks very much for the help!

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now