Solved

AD/DNS issues - Joining workstations to Domain server 2012 R2

Posted on 2016-09-15
14
63 Views
Last Modified: 2016-09-18
Hello - I am quite frustrated I am having to post what should be a simple problem but I am stuck now. I look after a small network (8 staff with a single server) which was SBS. I have been advising they replace this server which they have ignored and now the old server is dead.

So i decided that I would start again from scratch. I built a new Windows 2012 R2 Server and configured it on the same IP range but with a different Domian name.
I initially had issues with DHCP and DNS not installing correctly and also when joining computers to the domain they were refusing to join. I decided that I would wipe the server and install it adding each feature one at a time. This was looking much better now so I took the server back, connected it to the network giving it a static IP and ensuring it was using itself for DNS resolution. I added two forwarders within DNS from my ISP and setup DHCP to issue IP's from the same range as the server and using the server as the primary DNS server.

I went to join two new laptops to this new domain and with both of them I had a number off issues trying to connect them but eventually they seemed to join - now the only variables here are using the domain name of DOMAIN or DOMAIN.local  - when using Domain.loca it would come back saying not DC found but when just using DOMAIN it would then prompt for username and password. Now it will refuse the username and password however I have managed to join two laptops and one workstation to the domain which is strange.

Just to confirm:

- There are no errors in event viewer on the server
- Clients are using the DNS server on the DC for Name resolution
- DNS is only using external forwarders provided by the ISP
- The old server was SBS 2008 and the new server is just 2012R2 on a 2012 functional level.
- Dcdiag has not shown anything other than an issue with TLS which can be ignored.
- I have disabled the firewall on the server and clients to ensure its not being blocked there. I have never seen this before but was worth a
 try
 - DNS tests all pass.

I have posted the screenshot of the errors I get when trying to join to the domain as well as the text which is displayed in the box.

Any thoughts or tips would be much appreciated.
0
Comment
Question by:cmlbaete
14 Comments
 
LVL 9

Expert Comment

by:DeBlackman
Comment Utility
quick test, when you ping the FQDN of the server from any machine, do you get a proper response? Do you have a reverse lookup zone? Can you confirm all DNS SRV records are there for active directory?
0
 
LVL 1

Author Comment

by:cmlbaete
Comment Utility
ok when I ping domain.local I get a reply but when I ping domain it doesn't resolve to an IP address.

In terms of the reverse lookups they all appear to be present. In terms of service records I have compared to my own server and they look correct.
0
 
LVL 56

Expert Comment

by:Cliff Galiher
Comment Utility
This is very likely a client issue. Log in. Release the DHCP lease. Flush DNS. Then renew a lease. Then retry (using domain.local) that will *usually* work. But when an old DC "disappears" on a client, some tattooed information from group policies get left behind in the registry and that usually wreaks havoc. If the above fails, usually a wipe and reinstall is faster than digging into the OS to find and pull out the bad data.
0
 
LVL 16

Expert Comment

by:Dirk Mare
Comment Utility
Please explain. .

ok when I ping domain.local I get a reply but when I ping domain it doesn't resolve to an IP address
It could be ipv6 make sure ipv6 is enabled on clients or set the preferred tcp to v4 on your server network adapters screen; advanced; set order.. Or untick listen on ipv6 address for DNS queries from DNS manager

DirkMare
0
 
LVL 1

Author Comment

by:cmlbaete
Comment Utility
Ok thank you both for your comments - from what I can see the one workstation which had been joined to the domain is also able to ping and get a reply when pinging domain.loca and domain however the two which are currently not working don't get a reply when you ping either and they don't even resolve to the IP address. So I do think this is a client issue as the server is not showing any config errors and dcdiag is all clear. I have made sure that IP4 is the higher priority and thats not helped. I have disabled (and now re-enabled) ip6 on the server and client but that didn't help.

What is interesting is that I have two brande new laptops which have never been joined to any domain before and they had problems as well.
0
 
LVL 16

Expert Comment

by:Dirk Mare
Comment Utility
Check firewall settings on the problematic clients..

DirkMare
0
 
LVL 1

Author Comment

by:cmlbaete
Comment Utility
Thanks Dirk - I did that and in fact I did that on both server and client to be fully sure.
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 16

Expert Comment

by:Dirk Mare
Comment Utility
Please provide ipconfig from both working and not working clients ans from server..

DirkMare
0
 
LVL 1

Author Comment

by:cmlbaete
Comment Utility
I have added the screenshots below.

Thank you.
non-working.JPG
working.JPG
0
 
LVL 16

Expert Comment

by:Dirk Mare
Comment Utility
what OS are these..

Non-working?
Working?

DirkMare
0
 
LVL 1

Author Comment

by:cmlbaete
Comment Utility
sorry - non working is Windows 10 and working is Windows 7
0
 
LVL 16

Accepted Solution

by:
Dirk Mare earned 500 total points
Comment Utility
I suspect its ipv6.. Disable ipv6 on windows 10 then reboot and try again.
Use Command prompt method at the bottom..

DirkMare
1
 
LVL 19

Expert Comment

by:compdigit44
Comment Utility
I agree with the other EE experts that IPv6 could be the issue. Have you tried to review the Provider order to is if ipv4 is listed ahead of Ipv6?
1
 
LVL 1

Author Closing Comment

by:cmlbaete
Comment Utility
Excellent - issue resolved. I had disabled this before but failed to reboot. Many thanks for your input, much appreciated.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
In this Micro Tutorial viewers will learn how they can get their files copied out from their unbootable system without need to use recovery services. As an example non-bootable Windows 2012R2 installation is used which has boot problems.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now