Solved

AD/DNS issues - Joining workstations to Domain server 2012 R2

Posted on 2016-09-15
14
105 Views
Last Modified: 2016-09-18
Hello - I am quite frustrated I am having to post what should be a simple problem but I am stuck now. I look after a small network (8 staff with a single server) which was SBS. I have been advising they replace this server which they have ignored and now the old server is dead.

So i decided that I would start again from scratch. I built a new Windows 2012 R2 Server and configured it on the same IP range but with a different Domian name.
I initially had issues with DHCP and DNS not installing correctly and also when joining computers to the domain they were refusing to join. I decided that I would wipe the server and install it adding each feature one at a time. This was looking much better now so I took the server back, connected it to the network giving it a static IP and ensuring it was using itself for DNS resolution. I added two forwarders within DNS from my ISP and setup DHCP to issue IP's from the same range as the server and using the server as the primary DNS server.

I went to join two new laptops to this new domain and with both of them I had a number off issues trying to connect them but eventually they seemed to join - now the only variables here are using the domain name of DOMAIN or DOMAIN.local  - when using Domain.loca it would come back saying not DC found but when just using DOMAIN it would then prompt for username and password. Now it will refuse the username and password however I have managed to join two laptops and one workstation to the domain which is strange.

Just to confirm:

- There are no errors in event viewer on the server
- Clients are using the DNS server on the DC for Name resolution
- DNS is only using external forwarders provided by the ISP
- The old server was SBS 2008 and the new server is just 2012R2 on a 2012 functional level.
- Dcdiag has not shown anything other than an issue with TLS which can be ignored.
- I have disabled the firewall on the server and clients to ensure its not being blocked there. I have never seen this before but was worth a
 try
 - DNS tests all pass.

I have posted the screenshot of the errors I get when trying to join to the domain as well as the text which is displayed in the box.

Any thoughts or tips would be much appreciated.
0
Comment
Question by:cmlbaete
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
14 Comments
 
LVL 9

Expert Comment

by:Ibrahim Benna
ID: 41799667
quick test, when you ping the FQDN of the server from any machine, do you get a proper response? Do you have a reverse lookup zone? Can you confirm all DNS SRV records are there for active directory?
0
 
LVL 1

Author Comment

by:cmlbaete
ID: 41799895
ok when I ping domain.local I get a reply but when I ping domain it doesn't resolve to an IP address.

In terms of the reverse lookups they all appear to be present. In terms of service records I have compared to my own server and they look correct.
0
 
LVL 58

Expert Comment

by:Cliff Galiher
ID: 41800266
This is very likely a client issue. Log in. Release the DHCP lease. Flush DNS. Then renew a lease. Then retry (using domain.local) that will *usually* work. But when an old DC "disappears" on a client, some tattooed information from group policies get left behind in the registry and that usually wreaks havoc. If the above fails, usually a wipe and reinstall is faster than digging into the OS to find and pull out the bad data.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 16

Expert Comment

by:Dirk Mare
ID: 41800484
Please explain. .

ok when I ping domain.local I get a reply but when I ping domain it doesn't resolve to an IP address
It could be ipv6 make sure ipv6 is enabled on clients or set the preferred tcp to v4 on your server network adapters screen; advanced; set order.. Or untick listen on ipv6 address for DNS queries from DNS manager

DirkMare
0
 
LVL 1

Author Comment

by:cmlbaete
ID: 41801408
Ok thank you both for your comments - from what I can see the one workstation which had been joined to the domain is also able to ping and get a reply when pinging domain.loca and domain however the two which are currently not working don't get a reply when you ping either and they don't even resolve to the IP address. So I do think this is a client issue as the server is not showing any config errors and dcdiag is all clear. I have made sure that IP4 is the higher priority and thats not helped. I have disabled (and now re-enabled) ip6 on the server and client but that didn't help.

What is interesting is that I have two brande new laptops which have never been joined to any domain before and they had problems as well.
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 41801410
Check firewall settings on the problematic clients..

DirkMare
0
 
LVL 1

Author Comment

by:cmlbaete
ID: 41801418
Thanks Dirk - I did that and in fact I did that on both server and client to be fully sure.
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 41801428
Please provide ipconfig from both working and not working clients ans from server..

DirkMare
0
 
LVL 1

Author Comment

by:cmlbaete
ID: 41801435
I have added the screenshots below.

Thank you.
non-working.JPG
working.JPG
0
 
LVL 16

Expert Comment

by:Dirk Mare
ID: 41801446
what OS are these..

Non-working?
Working?

DirkMare
0
 
LVL 1

Author Comment

by:cmlbaete
ID: 41801472
sorry - non working is Windows 10 and working is Windows 7
0
 
LVL 16

Accepted Solution

by:
Dirk Mare earned 500 total points
ID: 41801486
I suspect its ipv6.. Disable ipv6 on windows 10 then reboot and try again.
Use Command prompt method at the bottom..

DirkMare
1
 
LVL 20

Expert Comment

by:compdigit44
ID: 41803970
I agree with the other EE experts that IPv6 could be the issue. Have you tried to review the Provider order to is if ipv4 is listed ahead of Ipv6?
1
 
LVL 1

Author Closing Comment

by:cmlbaete
ID: 41803993
Excellent - issue resolved. I had disabled this before but failed to reboot. Many thanks for your input, much appreciated.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question