• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 96
  • Last Modified:

W 10 Workstation can't join Win 2012 domain

Everything was working normally till I replaced a router. Windows 2012 R2 server (AD, DNS, DHCP) local domain. I installed the new router and forgot to turn off DHCP in the router. A windows 10 workstation started having problems connecting to a server based application. I found the mistake by using ipconfig, and turned off DHCP in the router. Workstation still won't connect. All mapped drives are disconnected. The network profile changed to "Private" and was disabled. I used powershell to change it to "public" but it is still disabled. I tried dis-joining the workstation from the domain and tried to rejoin. Error message is "An Active Directory Domain Controller (AD DC) for the domain could not be contacted". I can ping from the workstation to the DC and from the DC to the workstation by IP and name. Workstation A record is in DNS. I have tried turning off the windows firewall, ipconfig /flushdns, tried a static IP on the workstation, restart netlogon, restart server and workstation, verified discovery and file sharing are enabled. no luck yet. any ideas would be welcome.
  • 8
  • 3
2 Solutions
If the adapter is still disabled, it won't be able to communicate.
Try getting a new lease from your DHCP.
ipconfig /release
ipconfig /renew

It should only be using your internal DNS, so double check the output of ipconfig /all.
rettif9ManagerAuthor Commented:
No I'm accessing the workstation off-site so I haven't disabled/enabled the NIC although I would like to. I already checked ipconfig.
IP was in the scope, gateway was correct and DHCP and DNS were the DC's IP.
Raul Ivan Medina UristaServer AdministratorCommented:
Clear router’s entire ARP cache. Delete all the IP leases  except reservations and restart the DHCP service.

Raúl Medina.
Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

rettif9ManagerAuthor Commented:
Thanks Raúl Medina,

I tried your idea but I still get the same error when I try to join the workstation to the domain.
So you can ping the DC by name?
What's the result of running nltest /dsgetdc:yourdomain ?

A domain-joined workstation that is connected to the domain network should show the profile as "domain" (you can't force this).  Depending on Group Policy settings different profiles could allow different traffic, but usually all outbound traffic is allowed, but you may want to check this.
Where is the server-based application?  How do you connect to it?

Edit:  From your last comment, you did unjoin it, but just can't re-join it to the domain.  Are you using the NetBIOS name or DNS name of the domain?
rettif9ManagerAuthor Commented:
Thanks Footech here is the info you asked for,

Yes I know I couldn't force the profile to change to domain. Because "Private " was inactive (not blue) I changed it to "Public" just to see if it would be active. I'm logged onto the workstation currently as a local administrator account;
C:\Users\admin>nltest /dsgetdc:yourdomain
Getting DC name failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
also tried: nltest /dsgetdc:[domain_name] - same result

C:\Users\admin> ping CCSCDC1

Pinging ccscdc1.[domain_name].local [] with 32 bytes of data:
Reply from bytes=32 time=1ms TTL=128
Reply from bytes=32 time<1ms TTL=128
Reply from bytes=32 time<1ms TTL=128
Reply from bytes=32 time<1ms TTL=128

The application is a hybrid cloud application. Some data is on the local app server. some is at the vendors site.
Just FYI
workstation IP is (dhcp)
rettif9ManagerAuthor Commented:
I was looking up syntax on command as I'm not familiar with it and found this. Not sure if it is useful information. https://www.experts-exchange.com/questions/28579078/nslookup-dsgetdc-Getting-DC-name-failed-Status-1355-0x54b-ERROR-NO-SUCH-DOMAIN.html
 I am substituting the actual domain name with [domain_name]

C:\Users\admin>nslookup /dsgetdc:[domain_name].local
Server:  ccscdc1.[domain_name].local

*** ccscdc1.[domain_name].local can't find /dsgetdc:[domain_name].local: Non-existent domain
/dsgetdc is a switch for the nltest.exe utility, not nslookup.

Are you using the NetBIOS name or DNS name of the domain when trying to join?  Best practice is to always use the FQDN.
Here's the common causes I can think of (or heard mentioned) for problems joining a domain:
 - SRV records incorrect
 - workstation IP configuration incorrect - either DNS, subnet, etc.  If IPv6 info is incorrect, just unbinding it from the adapter seems to be the quickest fix.
 - having network profile set to Public
rettif9ManagerAuthor Commented:
using [domain_name].local to join domain.

Since DNS was working without any issues and hasn't been changed it seems safe to assume it is correct.

IP config is;
 IPv4 Address. . . . . . . . . . . :
   Subnet Mask . . . . . . . . . . . :
   Lease Obtained. . . . . . . . . . : Tuesday, November 22, 2016 5:44:44 PM
   Lease Expires . . . . . . . . . . : Wednesday, November 30, 2016 5:44:43 PM
   Default Gateway . . . . . . . . . :
   DHCP Server . . . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 246991418
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-1F-82-0F-B8-CA-3A-85-28-7C
   DNS Servers . . . . . . . . . . . :

I'll try unbinding IPV6
rettif9ManagerAuthor Commented:
Thanks Footech for the suggestions,

I disabled IPV6 and rebooted. Same error occurred.
rettif9ManagerAuthor Commented:
This problem was misleading. I had a VPN tunnel down and didn't know it. This DC couldn't contact the PDC emulator. Once that was fixed the workstation problem went away.
rettif9ManagerAuthor Commented:
Thanks to both of you.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

  • 8
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now