FREENAS 9.3 - Can't join AD

Hi everyone. I'm going crazy trying to join my FREENAS server to windows 2008 AD service. I've tried almost everything with no luck. I always get this message:

Unable to find domain controllers for innovateperu.local.

and the log shows:

FreeNAS_ActiveDirectory_Base.get_SRV_records: no SRV records for _ldap._tcp.dc._msdcs.innovateperu.local found, fail!

I have attached some screenshots of my FREENAS configuration

PS.
My local domain is: innovateperu.local
ad_conf.png
cifs_conf.png
network_conf.png
config.png
krb5.png
resolv.png
smb4.png

LVL 6

Ludwig DiehlSystems ArchitectAsked: 2016-08-26

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

Experts Exchange Solution brought to you by

Enjoy your complimentary solution view.

Get every solution instantly with Premium. Start your 7-day free trial.

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LVL 45

Adam BrownSr Solutions ArchitectCommented: 2016-08-26

Check your Active Directory DNS zones to make sure the MSDCS folder/Forward Lookup Zone is there and that there is a valid SRV record under _TCP.DC folder.

LVL 20

LearnctxEngineerCommented: 2016-08-27

Have you considered upgrading to the latest stable release (9.10.1 has probably been out for a few months now).

There are quite a few AD joining bugs in 9.3.

https://bugs.freenas.org/issues/7181
https://bugs.freenas.org/issues/10860
https://bugs.freenas.org/issues/6980

LVL 6

Ludwig DiehlSystems ArchitectAuthor Commented: 2016-08-31

Thx for your replies. I have tried host -a _ldap._tcp.dc._msdcs.innovateperu.local. I get response...
About migrating version. This server is in production environment and holds my VM so I cannot restart it. Is there any other approach?
host.png
dns.png

LVL 20

LearnctxEngineerCommented: 2016-08-31

In your first screenshot enable verbose logging. This will log under /var/logs/messages. Does anything come up with errors? What happens if you run:

host -t srv _ldap._tcp.innovateperu.local

Open in new window

Also have a look at their troubleshooting KB on not being able to join the domain.

https://doc.freenas.org/9.3/freenas_directoryservice.html#if-the-system-will-not-join-the-domain

I would also look at spinning up 2 new VM's. 1 running FreeNAS 9.3 and 1 running the latest release. Can either of these join the domain?

LVL 6

Ludwig DiehlSystems ArchitectAuthor Commented: 2016-09-01

See the attached image for results from host command.
By the way I did try what FreeNAS suggests.
srv.png

LVL 20

LearnctxEngineerCommented: 2016-09-01

Yeah, I would definitely try spin up a new VM to test joining a newer version to your AD environment. I can only assume its some sort of bug in FreeNAS 9.3.

LVL 6

Ludwig DiehlSystems ArchitectAuthor Commented: 2016-09-05

thanks anyway. I will try that.

LVL 10

ZenVenkyArchitectCommented: 2016-09-12

I would suggest you to create a computer object with "FREENAS" name in some OU and on this OU give create computer object object permissions to FREENAS computer object. I think this will work.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial

LVL 6

Ludwig DiehlSystems ArchitectAuthor Commented: 2016-09-13

freenas as a computer object exists from the beginning. That was the first thing I did when trying to join it to my domain

LVL 10

ZenVenkyArchitectCommented: 2016-09-13

However as mentioned earlier, did you add permissions on the OU where FREENAS computer object exists.

LVL 6

Ludwig DiehlSystems ArchitectAuthor Commented: 2016-09-27

Thank you all for your help. I could finally join my domain. You would laugh if I told u that the computer object "FREENAS" was disabled in my AD! lol. After enabling it again it could join the AD with no prob.