Solved

Server 2012 can't join clients to domain

Posted on 2014-04-25
42
1,993 Views
Last Modified: 2014-04-30
I am receiving the following error when trying to join a client to domain:  "the following error occurred attempting to join the domain: the network path was not found"

This is a brand new 2012 R2 server with freshly installed Active Directory and DNS.  I have screwed something up....there is definitely a DNS issue going on.  When I try nslookup of server name, it comes back with my ISP as server and address is ISP DNS.  If I nslookup FQDN, Non-authoritative shows proper name, but address is IP address of www. externally.  

If I run a simple query against DNS server it fails.

Any ideas are appreciated.
0
Comment
Question by:itechresults
  • 21
  • 8
  • 6
  • +2
42 Comments
 
LVL 29

Expert Comment

by:becraig
ID: 40024077
Please ensure that the client is using the internal DNS server as the primary DNS.

If you have a Single DC environment then this will most probably be the ip address of the 2012 server.

Try entering that as the dns server in the ip address config of the client and try again.
0
 

Author Comment

by:itechresults
ID: 40024078
Becraig:

Yes, this is a single DC environment.
Yes, I have IP of 2012 server as DNS for client

thanks
0
 
LVL 29

Expert Comment

by:becraig
ID: 40024080
If this is the case you may have dns forwarding for your domain configured.
What zone is your local dns server in ?

Is it the same .com as your public site ?


I would suggest this from the client

run nslookup  hit enter   (Take note of the dns server name and IP  [if you set it up correctly it should resolve your 2012 server])

Then run set q=a  "hit enter"
Then enter the short name for the 2012 server and hit enter.

You can paste the results but redact the actual server name.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40024081
Are the clients getting any information from a DHCP server, such as a router? Can you post an ipconfig /all from a client that is failing?
0
 

Author Comment

by:itechresults
ID: 40024088
Cliff

DHCP is my router.  Here is ipconfig /all from a failing client:

Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

C:\Users\Administrator>ipconfig/all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : server2
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
   Physical Address. . . . . . . . . : 00-15-5D-14-9B-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:d:7000:513:85b7:8c10:1673:b5b6(Prefe
rred)
   Link-local IPv6 Address . . . . . : fe80::85b7:8c10:1673:b5b6%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.20.5(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::21d:ceff:fea2:2aaf%12
                                       10.0.20.1
   DHCPv6 IAID . . . . . . . . . . . : 301995357
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-EC-99-EB-00-15-5D-14-9B-01

   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       10.0.20.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:10b9:16:f5ff:ebfa(Prefer
red)
   Link-local IPv6 Address . . . . . : fe80::10b9:16:f5ff:ebfa%13(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 369098752
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-EC-99-EB-00-15-5D-14-9B-01

   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{A0CCBD36-8108-418E-BA04-342CA95612AE}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Users\Administrator>
0
 

Author Comment

by:itechresults
ID: 40024090
becraig:

My domain is corp.domain.com

Nslookup shows:

Default Server:  cdns01.isp.net
Address:  2001:558:feed::1
0
 

Author Comment

by:itechresults
ID: 40024091
becraig:

Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

C:\Windows\system32>nslookup
Default Server:  cdns01.isp.net
Address:  2001:558:feed::1

> set q=a
> dc1
Server:  cdns01.isp.net
Address:  2001:558:feed::1

*** cdns01.isp.net can't find dc1: Non-existent domain
>
0
 
LVL 29

Assisted Solution

by:becraig
becraig earned 200 total points
ID: 40024093
So there is your problem your client is resolving to the isp dns server.

Since the router is handing out IP addresses and DNS server name you will also want to configure the router to list the 2012 server as the primary dns server.

So this looks like a change you will have to make on the router.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40024094
Looks like someone has tried to set up IPv6 on your network and it is handing out bad IPv6 DNS entries, so DNS is failing.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40024095
You can also reserve the ip address on the router and assign it statically on the server and configure your 2012 server as primary dns and the router / isp as secondary.
0
 

Author Comment

by:itechresults
ID: 40024096
Becraig:

OK, I will set my router's primary dns as dc1.  I have the server offsite
0
 
LVL 29

Expert Comment

by:becraig
ID: 40024098
Before you make that change, be sure it won't impact any current traffic.

I would say your setup needs some housekeeping, for now I would configure server2 manually with the dns info and proceed.

Out of an abundance of caution, not knowing your internal setup and what is relying on your router.
0
 

Author Comment

by:itechresults
ID: 40024099
cliff:

what I do know is IPv6 is disabled on my router.  I didn't make any ipv6 changes on dc1 - 2012 server, just changed ipv4 address to static
0
 

Author Comment

by:itechresults
ID: 40024100
becraig:

thanks, but i'm currently in a home environment, traffic problems will only affect me
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 200 total points
ID: 40024102
From the ipconfig /all you posted, DHCP clearly shows as not being used. But in your DNS entries, there are two 2001:: addresses, which would never be there from an out-of-box autoconfiguration. So there is clearly something bigger going on and you can't expect DNS to work properly under those conditions. Windows will default to IPv6 first, so until you figure that out, it'll not work as expected.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40024104
What make/model router are you using.

Might help to be able to recommend a config.
0
 

Author Comment

by:itechresults
ID: 40024106
becraig:

don't laugh, I'm using an Arris TG852
0
 

Author Comment

by:itechresults
ID: 40024108
Cliff,

That makes sense.  My router is clearly interfering with my setup
0
 

Author Comment

by:itechresults
ID: 40024109
becraig:

I did configure server2 Ipv4 settings manually.  Is that what you are referring to or I might be confused?
0
 

Author Comment

by:itechresults
ID: 40024111
would it be easier to disable DHCP on my router and setup DHCP on DC1 - Server 2012?
0
 
LVL 29

Expert Comment

by:becraig
ID: 40024115
Since your setup is so small I'd just disable ipv6 on the router and add server1 as first dns server.

Yes I was talking about manually figuring a static address on server 2
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 56

Expert Comment

by:Cliff Galiher
ID: 40024116
Unlikely. Since disabling DHCP and using static didn't solve the issue. You really have to look at the IPv6 issue. *SOMETHING* on your network is advertising that stuff or it got manually configured. And that can happen independent of DHCP (or even DHCPv6) as IPv6 supports other network discovery methods.
0
 

Author Comment

by:itechresults
ID: 40024117
cliff

the  two 2001:: addresses are coming from my router:

I copied this from my router:

 WAN IPv6 DNS Server: 2001:558:feed::1 2001:558:feed::2
0
 

Author Comment

by:itechresults
ID: 40024118
This router I have is a piece of @#@@.  There's no option to disable DHCP.
0
 

Author Comment

by:itechresults
ID: 40024120
And can't make changes to DNS on router
0
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 200 total points
ID: 40024122
If this is ISP supplied equipmemt and cannot be replaced, and if you regularly work on or prep client hardware before moving it onsite, i'd put an extra barrier between you and the ISP. Something you control and that can block unwanted stuff like DHCP. Something like a Microtik or one of the SMB SonicWalls. Or repurpose an old PC and run something like Untangle.
0
 

Author Comment

by:itechresults
ID: 40024126
Cliff:

Thanks for the suggestion.  You're right.  This is an ISP supplied router.  

I'm going to move this server to my office and put it behind a spare sonicwall I have.  I'll post results Saturday or Monday.  

Thank you both - Cliff and Becraig
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 100 total points
ID: 40024574
To add.
I would disable the internet, reboot machines and see if everything works, just as a test.
I suspect the router is passing IPv6 traffic and since the ISP obviously supports it, they are providing an IPv6 address.  This is going to become a problem, and a security risk in the future if we cannot block or configure IPv6 properly.

If an ISP supports IPv6 and your router allows the traffic to pass, any device outside of your network could be providing IPv6 DHCP.  Can you disable on the router.  Do not disable on the server.

Never use an ISP as a secondary DNS server.  Only use your internal DNS servers.  Windows will often user the secondary resulting in slow logons, name resolution failures, and inability to join the domain.
Best if you can use your server for DHCP so you can configure all scope options; IP, subnet mask, gateway, domain suffix, and any others you might want.  This also allows for IP management and reservations.,
0
 
LVL 7

Expert Comment

by:Delete
ID: 40024629
If you want to stop using IPv6, or even test not using it the why don't you just uncheck IPv6 in your network adapters on each server so they no longer try to use it?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40024771
It is not recommended you disable IPv6 on any server 2008 and newer.  If you feel you must do it let us know, unchecking the box does not properly disable it, you have to do so in the registry.


From Microsoft's perspective, IPv6 is a mandatory part of the Windows operating system and it is enabled and included in standard Windows service and application testing during the operating system development process. Because Windows was designed specifically with IPv6 present, Microsoft does not perform any testing to determine the effects of disabling IPv6. If IPv6 is disabled on Windows 7, Windows Vista, Windows Server 2008 R2, or Windows Server 2008, or later versions, some components will not function. Moreover, applications that you might not think are using IPv6—such as Remote Assistance, HomeGroup, DirectAccess, and Windows Mail—could be.
from:  http://blogs.technet.com/b/askpfeplat/archive/2013/06/17/ipv6-for-the-windows-administrator-why-you-need-to-care-about-ipv6.aspx
0
 

Author Comment

by:itechresults
ID: 40024787
RobWill,

I agree.  I will not disable ipv6 on server nics.  I understand Justin mentioned this just for testing.

Update:  I brought server to my office and booted with network cable disconnected.  I ran nslookup from dc1 and server2.  It is now returning correct internal IP.  I also ran a simple query against DNS server and it passed.  Later today, I will hook up behind a segregated managed router.  I will enable DHCP on dc1 since this is what I want anyhow when server goes into production.
0
 
LVL 29

Expert Comment

by:becraig
ID: 40024793
Great to hear dude,I also think you should consider Cliff's suggestion for future home testing:

If this is ISP supplied equipmemt and cannot be replaced, and if you regularly work on or prep client hardware before moving it onsite, i'd put an extra barrier between you and the ISP. Something you control and that can block unwanted stuff like DHCP. Something like a Microtik or one of the SMB SonicWalls. Or repurpose an old PC and run something like Untangle.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40024798
As mentioned it sounds like it may be getting an IPv6 address form somewhere on the public side of the router.

We are in the process of updating our client routers with ones that offer IPv6 compatibility, including the ability to block outgoing IPv6 traffic so that we can block for now and enable when we are ready, not when the ISP is.  There are also problems with Exchange and IPv6 which will send using IPv6 if it can, i.e. ISP supports it.  If public IPv6 DNS is not configured properly some hosts, such as GoDaddy will not accept the mail.  Internally I have seen no IPv6 issues since XP SP2.
0
 

Author Comment

by:itechresults
ID: 40024944
Thanks everyone.  I was able to join a client to the domain.  Although I had to use the entire domain (corp.domain.com).  The NetBIOS name (corp) did not resolve on the client when trying to join domain.  Is that because WINS is not enabled on DC1?  After reboot of client, I was able to login with corp\username.

Also, please review nslookup of my FQDN.  Below nslookup was run on DC1:

C:\Windows\system32>NSLOOKUP
Default Server:  UnKnown
Address:  DC1 IP

> DC1.CORP.DOMAIN.COM
Server:  UnKnown
Address:  DC1 IP

Non-authoritative answer:
Name:    DC1.CORP.DOMAIN.COM.DOMAIN.COM
Address:  WWW IP OF PUBLIC WEBSITE

>
0
 

Author Comment

by:itechresults
ID: 40024946
Becraig,

Thanks man.  I will definitely take Cliff's advice when testing from home.  I made a stupid mistake and it cost me many hours, plus your time and the other experts!
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40024989
According to your earlier ipconfig  your DHCP server is not handing out the domain suffix, internaldomainname.local
That is important.  If not you have to add the suffix, but it can cause problems elsewhere so better to fix the problem.  Using the server for DHCP allows this, scope option 015.

You mentioned domain.com  Is your internal domain suffix .com?  It would normally be .local
.com can cause problems.
0
 

Author Comment

by:itechresults
ID: 40025017
RobWill,

I went ahead and setup DHCP on server before I joined client.  I just checked scope option 015 and it says corp.domain.com.  Should I change this to just corp?

Also, yes I named internal domain suffix .com.  I had read that new best practice is to use a sub domain of .com.  Also Microsoft lists example as corp.contoso.com?  

Should I stop and reinstall server from scratch?
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40025036
Servers are normally .local on the internal domain, and that is the default Windows will create.
External might be acmaecorpUSA.com
Internal might be acmecorpUSA.local or can be different like ACUSA.local
Using .com internally can cause DNS issues.

http://technet.microsoft.com/en-us/library/cc626155(v=ws.10).aspx
The MAC issue mentioned in the article has been resolved.

http://technet.microsoft.com/en-us/library/cc739077(v=ws.10).aspx
0
 

Author Comment

by:itechresults
ID: 40025051
Robwill,

Ok, thanks.  I know there is a lot of debate on this topic.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 40025054
Not really.  :-)
The only time I have ever seen an internal domain, since NT4 with a .com suffix is on Experts Exchange with issues.  Having said that it is possible but requires some customizations.
0
 
LVL 7

Expert Comment

by:Delete
ID: 40025069
Looking at your ipconfig output, the reason you can't use a shortname is because you have no primary DNS suffix defined.

Windows IP Configuration

   Host Name . . . . . . . . . . . . : server2
  Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid

When you do a DNS query using a shortname your system will attempt to append the primary DNS suffix, since you don't have one defined it isn't appending anything and therefore failing.

The Primary DNS Suffix generally gets populated when you join a machine to the domain.  If the machine is not on the Domain and you want to use the shortname then there are a few different options.
1.  Go into your System Properties -> Computer Name tab -> click the Change... button -> in the Computer Name/Domain Changes window click the More... button -> populate the Primary DNS suffix for this computer (requires a reboot).

2. In DHCP configure option 015 DNS Domain Name with your Domain Name

3. On the NIC of the server that can't resolve the shortname, go into the IPv4 Properties and click Advanced -> go to the DNS tab -> Set DNS suffix for this connection and/or click the radio button to "Append these DNS suffixes (in order) and add your domain name in the list.


If you want to see how your DNS is resolving then do the following from a command prompt:


C:\>nslookup
>set d2
>query your shortname
0
 

Author Comment

by:itechresults
ID: 40025080
Justin,

Thanks.  Primary dns suffix is now resolving full domain name (corp.domain.com) on server2 ipconfig /all
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now