• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 180
  • Last Modified:

AD/DNS issues - Joining workstations to Domain server 2012 R2

Hello - I am quite frustrated I am having to post what should be a simple problem but I am stuck now. I look after a small network (8 staff with a single server) which was SBS. I have been advising they replace this server which they have ignored and now the old server is dead.

So i decided that I would start again from scratch. I built a new Windows 2012 R2 Server and configured it on the same IP range but with a different Domian name.
I initially had issues with DHCP and DNS not installing correctly and also when joining computers to the domain they were refusing to join. I decided that I would wipe the server and install it adding each feature one at a time. This was looking much better now so I took the server back, connected it to the network giving it a static IP and ensuring it was using itself for DNS resolution. I added two forwarders within DNS from my ISP and setup DHCP to issue IP's from the same range as the server and using the server as the primary DNS server.

I went to join two new laptops to this new domain and with both of them I had a number off issues trying to connect them but eventually they seemed to join - now the only variables here are using the domain name of DOMAIN or DOMAIN.local  - when using Domain.loca it would come back saying not DC found but when just using DOMAIN it would then prompt for username and password. Now it will refuse the username and password however I have managed to join two laptops and one workstation to the domain which is strange.

Just to confirm:

- There are no errors in event viewer on the server
- Clients are using the DNS server on the DC for Name resolution
- DNS is only using external forwarders provided by the ISP
- The old server was SBS 2008 and the new server is just 2012R2 on a 2012 functional level.
- Dcdiag has not shown anything other than an issue with TLS which can be ignored.
- I have disabled the firewall on the server and clients to ensure its not being blocked there. I have never seen this before but was worth a
 try
 - DNS tests all pass.

I have posted the screenshot of the errors I get when trying to join to the domain as well as the text which is displayed in the box.

Any thoughts or tips would be much appreciated.
0
cmlbaete
Asked:
cmlbaete
1 Solution
 
Ibrahim BennaService Delivery ManagerCommented:
quick test, when you ping the FQDN of the server from any machine, do you get a proper response? Do you have a reverse lookup zone? Can you confirm all DNS SRV records are there for active directory?
0
 
cmlbaeteAuthor Commented:
ok when I ping domain.local I get a reply but when I ping domain it doesn't resolve to an IP address.

In terms of the reverse lookups they all appear to be present. In terms of service records I have compared to my own server and they look correct.
0
 
Cliff GaliherCommented:
This is very likely a client issue. Log in. Release the DHCP lease. Flush DNS. Then renew a lease. Then retry (using domain.local) that will *usually* work. But when an old DC "disappears" on a client, some tattooed information from group policies get left behind in the registry and that usually wreaks havoc. If the above fails, usually a wipe and reinstall is faster than digging into the OS to find and pull out the bad data.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
Dirk MareSystems Engineer (Acting IT Manager)Commented:
Please explain. .

ok when I ping domain.local I get a reply but when I ping domain it doesn't resolve to an IP address
It could be ipv6 make sure ipv6 is enabled on clients or set the preferred tcp to v4 on your server network adapters screen; advanced; set order.. Or untick listen on ipv6 address for DNS queries from DNS manager

DirkMare
0
 
cmlbaeteAuthor Commented:
Ok thank you both for your comments - from what I can see the one workstation which had been joined to the domain is also able to ping and get a reply when pinging domain.loca and domain however the two which are currently not working don't get a reply when you ping either and they don't even resolve to the IP address. So I do think this is a client issue as the server is not showing any config errors and dcdiag is all clear. I have made sure that IP4 is the higher priority and thats not helped. I have disabled (and now re-enabled) ip6 on the server and client but that didn't help.

What is interesting is that I have two brande new laptops which have never been joined to any domain before and they had problems as well.
0
 
Dirk MareSystems Engineer (Acting IT Manager)Commented:
Check firewall settings on the problematic clients..

DirkMare
0
 
cmlbaeteAuthor Commented:
Thanks Dirk - I did that and in fact I did that on both server and client to be fully sure.
0
 
Dirk MareSystems Engineer (Acting IT Manager)Commented:
Please provide ipconfig from both working and not working clients ans from server..

DirkMare
0
 
cmlbaeteAuthor Commented:
I have added the screenshots below.

Thank you.
non-working.JPG
working.JPG
0
 
Dirk MareSystems Engineer (Acting IT Manager)Commented:
what OS are these..

Non-working?
Working?

DirkMare
0
 
cmlbaeteAuthor Commented:
sorry - non working is Windows 10 and working is Windows 7
0
 
Dirk MareSystems Engineer (Acting IT Manager)Commented:
I suspect its ipv6.. Disable ipv6 on windows 10 then reboot and try again.
Use Command prompt method at the bottom..

DirkMare
1
 
compdigit44Commented:
I agree with the other EE experts that IPv6 could be the issue. Have you tried to review the Provider order to is if ipv4 is listed ahead of Ipv6?
1
 
cmlbaeteAuthor Commented:
Excellent - issue resolved. I had disabled this before but failed to reboot. Many thanks for your input, much appreciated.
0

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now