Solved

Server 2012 can't join clients to domain

Posted on 2014-04-25
42
1,909 Views
Last Modified: 2014-04-30
I am receiving the following error when trying to join a client to domain:  "the following error occurred attempting to join the domain: the network path was not found"

This is a brand new 2012 R2 server with freshly installed Active Directory and DNS.  I have screwed something up....there is definitely a DNS issue going on.  When I try nslookup of server name, it comes back with my ISP as server and address is ISP DNS.  If I nslookup FQDN, Non-authoritative shows proper name, but address is IP address of www. externally.  

If I run a simple query against DNS server it fails.

Any ideas are appreciated.
0
Comment
Question by:itechresults
  • 21
  • 8
  • 6
  • +2
42 Comments
 
LVL 28

Expert Comment

by:becraig
Comment Utility
Please ensure that the client is using the internal DNS server as the primary DNS.

If you have a Single DC environment then this will most probably be the ip address of the 2012 server.

Try entering that as the dns server in the ip address config of the client and try again.
0
 

Author Comment

by:itechresults
Comment Utility
Becraig:

Yes, this is a single DC environment.
Yes, I have IP of 2012 server as DNS for client

thanks
0
 
LVL 28

Expert Comment

by:becraig
Comment Utility
If this is the case you may have dns forwarding for your domain configured.
What zone is your local dns server in ?

Is it the same .com as your public site ?


I would suggest this from the client

run nslookup  hit enter   (Take note of the dns server name and IP  [if you set it up correctly it should resolve your 2012 server])

Then run set q=a  "hit enter"
Then enter the short name for the 2012 server and hit enter.

You can paste the results but redact the actual server name.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
Are the clients getting any information from a DHCP server, such as a router? Can you post an ipconfig /all from a client that is failing?
0
 

Author Comment

by:itechresults
Comment Utility
Cliff

DHCP is my router.  Here is ipconfig /all from a failing client:

Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

C:\Users\Administrator>ipconfig/all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : server2
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
   Physical Address. . . . . . . . . : 00-15-5D-14-9B-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2601:d:7000:513:85b7:8c10:1673:b5b6(Prefe
rred)
   Link-local IPv6 Address . . . . . : fe80::85b7:8c10:1673:b5b6%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 10.0.20.5(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::21d:ceff:fea2:2aaf%12
                                       10.0.20.1
   DHCPv6 IAID . . . . . . . . . . . : 301995357
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-EC-99-EB-00-15-5D-14-9B-01

   DNS Servers . . . . . . . . . . . : 2001:558:feed::1
                                       2001:558:feed::2
                                       10.0.20.4
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 11:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:10b9:16:f5ff:ebfa(Prefer
red)
   Link-local IPv6 Address . . . . . : fe80::10b9:16:f5ff:ebfa%13(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 369098752
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1A-EC-99-EB-00-15-5D-14-9B-01

   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{A0CCBD36-8108-418E-BA04-342CA95612AE}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

C:\Users\Administrator>
0
 

Author Comment

by:itechresults
Comment Utility
becraig:

My domain is corp.domain.com

Nslookup shows:

Default Server:  cdns01.isp.net
Address:  2001:558:feed::1
0
 

Author Comment

by:itechresults
Comment Utility
becraig:

Microsoft Windows [Version 6.3.9600]
(c) 2013 Microsoft Corporation. All rights reserved.

C:\Windows\system32>nslookup
Default Server:  cdns01.isp.net
Address:  2001:558:feed::1

> set q=a
> dc1
Server:  cdns01.isp.net
Address:  2001:558:feed::1

*** cdns01.isp.net can't find dc1: Non-existent domain
>
0
 
LVL 28

Assisted Solution

by:becraig
becraig earned 200 total points
Comment Utility
So there is your problem your client is resolving to the isp dns server.

Since the router is handing out IP addresses and DNS server name you will also want to configure the router to list the 2012 server as the primary dns server.

So this looks like a change you will have to make on the router.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
Looks like someone has tried to set up IPv6 on your network and it is handing out bad IPv6 DNS entries, so DNS is failing.
0
 
LVL 28

Expert Comment

by:becraig
Comment Utility
You can also reserve the ip address on the router and assign it statically on the server and configure your 2012 server as primary dns and the router / isp as secondary.
0
 

Author Comment

by:itechresults
Comment Utility
Becraig:

OK, I will set my router's primary dns as dc1.  I have the server offsite
0
 
LVL 28

Expert Comment

by:becraig
Comment Utility
Before you make that change, be sure it won't impact any current traffic.

I would say your setup needs some housekeeping, for now I would configure server2 manually with the dns info and proceed.

Out of an abundance of caution, not knowing your internal setup and what is relying on your router.
0
 

Author Comment

by:itechresults
Comment Utility
cliff:

what I do know is IPv6 is disabled on my router.  I didn't make any ipv6 changes on dc1 - 2012 server, just changed ipv4 address to static
0
 

Author Comment

by:itechresults
Comment Utility
becraig:

thanks, but i'm currently in a home environment, traffic problems will only affect me
0
 
LVL 56

Accepted Solution

by:
Cliff Galiher earned 200 total points
Comment Utility
From the ipconfig /all you posted, DHCP clearly shows as not being used. But in your DNS entries, there are two 2001:: addresses, which would never be there from an out-of-box autoconfiguration. So there is clearly something bigger going on and you can't expect DNS to work properly under those conditions. Windows will default to IPv6 first, so until you figure that out, it'll not work as expected.
0
 
LVL 28

Expert Comment

by:becraig
Comment Utility
What make/model router are you using.

Might help to be able to recommend a config.
0
 

Author Comment

by:itechresults
Comment Utility
becraig:

don't laugh, I'm using an Arris TG852
0
 

Author Comment

by:itechresults
Comment Utility
Cliff,

That makes sense.  My router is clearly interfering with my setup
0
 

Author Comment

by:itechresults
Comment Utility
becraig:

I did configure server2 Ipv4 settings manually.  Is that what you are referring to or I might be confused?
0
 

Author Comment

by:itechresults
Comment Utility
would it be easier to disable DHCP on my router and setup DHCP on DC1 - Server 2012?
0
 
LVL 28

Expert Comment

by:becraig
Comment Utility
Since your setup is so small I'd just disable ipv6 on the router and add server1 as first dns server.

Yes I was talking about manually figuring a static address on server 2
0
Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
Unlikely. Since disabling DHCP and using static didn't solve the issue. You really have to look at the IPv6 issue. *SOMETHING* on your network is advertising that stuff or it got manually configured. And that can happen independent of DHCP (or even DHCPv6) as IPv6 supports other network discovery methods.
0
 

Author Comment

by:itechresults
Comment Utility
cliff

the  two 2001:: addresses are coming from my router:

I copied this from my router:

 WAN IPv6 DNS Server: 2001:558:feed::1 2001:558:feed::2
0
 

Author Comment

by:itechresults
Comment Utility
This router I have is a piece of @#@@.  There's no option to disable DHCP.
0
 

Author Comment

by:itechresults
Comment Utility
And can't make changes to DNS on router
0
 
LVL 56

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 200 total points
Comment Utility
If this is ISP supplied equipmemt and cannot be replaced, and if you regularly work on or prep client hardware before moving it onsite, i'd put an extra barrier between you and the ISP. Something you control and that can block unwanted stuff like DHCP. Something like a Microtik or one of the SMB SonicWalls. Or repurpose an old PC and run something like Untangle.
0
 

Author Comment

by:itechresults
Comment Utility
Cliff:

Thanks for the suggestion.  You're right.  This is an ISP supplied router.  

I'm going to move this server to my office and put it behind a spare sonicwall I have.  I'll post results Saturday or Monday.  

Thank you both - Cliff and Becraig
0
 
LVL 77

Assisted Solution

by:Rob Williams
Rob Williams earned 100 total points
Comment Utility
To add.
I would disable the internet, reboot machines and see if everything works, just as a test.
I suspect the router is passing IPv6 traffic and since the ISP obviously supports it, they are providing an IPv6 address.  This is going to become a problem, and a security risk in the future if we cannot block or configure IPv6 properly.

If an ISP supports IPv6 and your router allows the traffic to pass, any device outside of your network could be providing IPv6 DHCP.  Can you disable on the router.  Do not disable on the server.

Never use an ISP as a secondary DNS server.  Only use your internal DNS servers.  Windows will often user the secondary resulting in slow logons, name resolution failures, and inability to join the domain.
Best if you can use your server for DHCP so you can configure all scope options; IP, subnet mask, gateway, domain suffix, and any others you might want.  This also allows for IP management and reservations.,
0
 
LVL 7

Expert Comment

by:Delete
Comment Utility
If you want to stop using IPv6, or even test not using it the why don't you just uncheck IPv6 in your network adapters on each server so they no longer try to use it?
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
It is not recommended you disable IPv6 on any server 2008 and newer.  If you feel you must do it let us know, unchecking the box does not properly disable it, you have to do so in the registry.


From Microsoft's perspective, IPv6 is a mandatory part of the Windows operating system and it is enabled and included in standard Windows service and application testing during the operating system development process. Because Windows was designed specifically with IPv6 present, Microsoft does not perform any testing to determine the effects of disabling IPv6. If IPv6 is disabled on Windows 7, Windows Vista, Windows Server 2008 R2, or Windows Server 2008, or later versions, some components will not function. Moreover, applications that you might not think are using IPv6—such as Remote Assistance, HomeGroup, DirectAccess, and Windows Mail—could be.
from:  http://blogs.technet.com/b/askpfeplat/archive/2013/06/17/ipv6-for-the-windows-administrator-why-you-need-to-care-about-ipv6.aspx
0
 

Author Comment

by:itechresults
Comment Utility
RobWill,

I agree.  I will not disable ipv6 on server nics.  I understand Justin mentioned this just for testing.

Update:  I brought server to my office and booted with network cable disconnected.  I ran nslookup from dc1 and server2.  It is now returning correct internal IP.  I also ran a simple query against DNS server and it passed.  Later today, I will hook up behind a segregated managed router.  I will enable DHCP on dc1 since this is what I want anyhow when server goes into production.
0
 
LVL 28

Expert Comment

by:becraig
Comment Utility
Great to hear dude,I also think you should consider Cliff's suggestion for future home testing:

If this is ISP supplied equipmemt and cannot be replaced, and if you regularly work on or prep client hardware before moving it onsite, i'd put an extra barrier between you and the ISP. Something you control and that can block unwanted stuff like DHCP. Something like a Microtik or one of the SMB SonicWalls. Or repurpose an old PC and run something like Untangle.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
As mentioned it sounds like it may be getting an IPv6 address form somewhere on the public side of the router.

We are in the process of updating our client routers with ones that offer IPv6 compatibility, including the ability to block outgoing IPv6 traffic so that we can block for now and enable when we are ready, not when the ISP is.  There are also problems with Exchange and IPv6 which will send using IPv6 if it can, i.e. ISP supports it.  If public IPv6 DNS is not configured properly some hosts, such as GoDaddy will not accept the mail.  Internally I have seen no IPv6 issues since XP SP2.
0
 

Author Comment

by:itechresults
Comment Utility
Thanks everyone.  I was able to join a client to the domain.  Although I had to use the entire domain (corp.domain.com).  The NetBIOS name (corp) did not resolve on the client when trying to join domain.  Is that because WINS is not enabled on DC1?  After reboot of client, I was able to login with corp\username.

Also, please review nslookup of my FQDN.  Below nslookup was run on DC1:

C:\Windows\system32>NSLOOKUP
Default Server:  UnKnown
Address:  DC1 IP

> DC1.CORP.DOMAIN.COM
Server:  UnKnown
Address:  DC1 IP

Non-authoritative answer:
Name:    DC1.CORP.DOMAIN.COM.DOMAIN.COM
Address:  WWW IP OF PUBLIC WEBSITE

>
0
 

Author Comment

by:itechresults
Comment Utility
Becraig,

Thanks man.  I will definitely take Cliff's advice when testing from home.  I made a stupid mistake and it cost me many hours, plus your time and the other experts!
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
According to your earlier ipconfig  your DHCP server is not handing out the domain suffix, internaldomainname.local
That is important.  If not you have to add the suffix, but it can cause problems elsewhere so better to fix the problem.  Using the server for DHCP allows this, scope option 015.

You mentioned domain.com  Is your internal domain suffix .com?  It would normally be .local
.com can cause problems.
0
 

Author Comment

by:itechresults
Comment Utility
RobWill,

I went ahead and setup DHCP on server before I joined client.  I just checked scope option 015 and it says corp.domain.com.  Should I change this to just corp?

Also, yes I named internal domain suffix .com.  I had read that new best practice is to use a sub domain of .com.  Also Microsoft lists example as corp.contoso.com?  

Should I stop and reinstall server from scratch?
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Servers are normally .local on the internal domain, and that is the default Windows will create.
External might be acmaecorpUSA.com
Internal might be acmecorpUSA.local or can be different like ACUSA.local
Using .com internally can cause DNS issues.

http://technet.microsoft.com/en-us/library/cc626155(v=ws.10).aspx
The MAC issue mentioned in the article has been resolved.

http://technet.microsoft.com/en-us/library/cc739077(v=ws.10).aspx
0
 

Author Comment

by:itechresults
Comment Utility
Robwill,

Ok, thanks.  I know there is a lot of debate on this topic.
0
 
LVL 77

Expert Comment

by:Rob Williams
Comment Utility
Not really.  :-)
The only time I have ever seen an internal domain, since NT4 with a .com suffix is on Experts Exchange with issues.  Having said that it is possible but requires some customizations.
0
 
LVL 7

Expert Comment

by:Delete
Comment Utility
Looking at your ipconfig output, the reason you can't use a shortname is because you have no primary DNS suffix defined.

Windows IP Configuration

   Host Name . . . . . . . . . . . . : server2
  Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid

When you do a DNS query using a shortname your system will attempt to append the primary DNS suffix, since you don't have one defined it isn't appending anything and therefore failing.

The Primary DNS Suffix generally gets populated when you join a machine to the domain.  If the machine is not on the Domain and you want to use the shortname then there are a few different options.
1.  Go into your System Properties -> Computer Name tab -> click the Change... button -> in the Computer Name/Domain Changes window click the More... button -> populate the Primary DNS suffix for this computer (requires a reboot).

2. In DHCP configure option 015 DNS Domain Name with your Domain Name

3. On the NIC of the server that can't resolve the shortname, go into the IPv4 Properties and click Advanced -> go to the DNS tab -> Set DNS suffix for this connection and/or click the radio button to "Append these DNS suffixes (in order) and add your domain name in the list.


If you want to see how your DNS is resolving then do the following from a command prompt:


C:\>nslookup
>set d2
>query your shortname
0
 

Author Comment

by:itechresults
Comment Utility
Justin,

Thanks.  Primary dns suffix is now resolving full domain name (corp.domain.com) on server2 ipconfig /all
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now