Solved

Domain joining issues with Windows 2012 Domain & Windows 7 Professional

Posted on 2014-01-28
3
283 Views
Last Modified: 2014-01-30
Hello Experts,

I am having a BIG problem joining some machines, about 10 of them into a Windows 2012 Server domain. These machines are all fitted with Windows 7 Professional.

The network is flat, both clients and server are on the single switch and they can ping each other. hey, I am even able to ping the domain...but when trying to join the machine to the domain I get the error the "AD domain could not be contacted" (SEE PICTURE ATTACHED).

What could be the problem, and how do I resove this?

Thank you.

Soames
Domain-Problems.jpg
0
Comment
Question by:TMAA
3 Comments
 
LVL 6

Assisted Solution

by:Spyder2010
Spyder2010 earned 250 total points
ID: 39815082
Are the domain controller and clients on the same vlan?  Just because they are on the same switch does not mean they do not have an ACL between them blocking specific ports.  AD needs quite a few ports open between the domain controllers and the clients to function... the article below lists all the ports AD uses for different functions, but specifically for your clients, you need at least:

ip/53
ip/88
tcp/135
udp/137
tcp/139
ip/389
up/445
tcp/636
tcp/3268
tcp/3269


You may need more of the ports in this list depending on what AD DS services you are using:
http://technet.microsoft.com/en-us/library/dd772723(v=ws.10).aspx

From your client machines, you can verify whether these ports are open or not by attempting to telnet from the client to the DC on each of the ports.

Also, by default, a normal AD user can only add 10 computers to the domain.  I don't believe this is the case for Domain Admins, but that is the default limit for non-admin users.  This doesn't appear to be your issue, but thought I would mention it since you mentioned 10 clients in your post.
0
 
LVL 11

Accepted Solution

by:
Manjunath Sullad earned 250 total points
ID: 39815089
Run ipconfig /flushdns and ipconfig /registerdns and reboot clients,

And restart the netlogon service on DCs.

Also check SRV records are registered on DC or not,

How to Verify the Creation of SRV Records for a Domain Controller

Refer : http://support.microsoft.com/kb/241515

More Info : http://social.technet.microsoft.com/Forums/windowsserver/en-US/2da7e03b-5818-4cec-a504-cc094f4b5d15/active-directory-domain-controller-could-not-be-contacted-windows-7-ultimate?forum=winserverDS
0
 

Author Closing Comment

by:TMAA
ID: 39820443
On the client machine did: ipconfig /flushdns and ipconfig /registerdns, restart the I stopped Bitdefender Firewall on the client machine and added a domain controller address on the client DNS machines. It worked on all 10 machines/clients
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Is your computer hacked? learn how to detect and delete malware in your PC
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now