• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 88
  • Last Modified:

W 10 Workstation can't join Win 2012 domain

Everything was working normally till I replaced a router. Windows 2012 R2 server (AD, DNS, DHCP) local domain. I installed the new router and forgot to turn off DHCP in the router. A windows 10 workstation started having problems connecting to a server based application. I found the mistake by using ipconfig, and turned off DHCP in the router. Workstation still won't connect. All mapped drives are disconnected. The network profile changed to "Private" and was disabled. I used powershell to change it to "public" but it is still disabled. I tried dis-joining the workstation from the domain and tried to rejoin. Error message is "An Active Directory Domain Controller (AD DC) for the domain could not be contacted". I can ping from the workstation to the DC and from the DC to the workstation by IP and name. Workstation A record is in DNS. I have tried turning off the windows firewall, ipconfig /flushdns, tried a static IP on the workstation, restart netlogon, restart server and workstation, verified discovery and file sharing are enabled. no luck yet. any ideas would be welcome.
0
rettif9
Asked:
rettif9
  • 8
  • 3
2 Solutions
 
footechCommented:
If the adapter is still disabled, it won't be able to communicate.
Try getting a new lease from your DHCP.
ipconfig /release
ipconfig /renew


It should only be using your internal DNS, so double check the output of ipconfig /all.
0
 
rettif9ManagerAuthor Commented:
No I'm accessing the workstation off-site so I haven't disabled/enabled the NIC although I would like to. I already checked ipconfig.
IP was in the scope, gateway was correct and DHCP and DNS were the DC's IP.
0
 
Raul Ivan Medina UristaServer AdministratorCommented:
Clear router’s entire ARP cache. Delete all the IP leases  except reservations and restart the DHCP service.

Regards
Raúl Medina.
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 
rettif9ManagerAuthor Commented:
Thanks Raúl Medina,

I tried your idea but I still get the same error when I try to join the workstation to the domain.
0
 
footechCommented:
So you can ping the DC by name?
What's the result of running nltest /dsgetdc:yourdomain ?

A domain-joined workstation that is connected to the domain network should show the profile as "domain" (you can't force this).  Depending on Group Policy settings different profiles could allow different traffic, but usually all outbound traffic is allowed, but you may want to check this.
Where is the server-based application?  How do you connect to it?

Edit:  From your last comment, you did unjoin it, but just can't re-join it to the domain.  Are you using the NetBIOS name or DNS name of the domain?
0
 
rettif9ManagerAuthor Commented:
Thanks Footech here is the info you asked for,

Yes I know I couldn't force the profile to change to domain. Because "Private " was inactive (not blue) I changed it to "Public" just to see if it would be active. I'm logged onto the workstation currently as a local administrator account;
C:\Users\admin>nltest /dsgetdc:yourdomain
Getting DC name failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
also tried: nltest /dsgetdc:[domain_name] - same result

C:\Users\admin> ping CCSCDC1

Pinging ccscdc1.[domain_name].local [192.168.3.5] with 32 bytes of data:
Reply from 192.168.3.5: bytes=32 time=1ms TTL=128
Reply from 192.168.3.5: bytes=32 time<1ms TTL=128
Reply from 192.168.3.5: bytes=32 time<1ms TTL=128
Reply from 192.168.3.5: bytes=32 time<1ms TTL=128

The application is a hybrid cloud application. Some data is on the local app server. some is at the vendors site.
Just FYI
workstation IP is 192.168.3.103 (dhcp)
0
 
rettif9ManagerAuthor Commented:
I was looking up syntax on command as I'm not familiar with it and found this. Not sure if it is useful information. https://www.experts-exchange.com/questions/28579078/nslookup-dsgetdc-Getting-DC-name-failed-Status-1355-0x54b-ERROR-NO-SUCH-DOMAIN.html
 I am substituting the actual domain name with [domain_name]

C:\Users\admin>nslookup /dsgetdc:[domain_name].local
Server:  ccscdc1.[domain_name].local
Address:  192.168.3.5

*** ccscdc1.[domain_name].local can't find /dsgetdc:[domain_name].local: Non-existent domain
0
 
footechCommented:
/dsgetdc is a switch for the nltest.exe utility, not nslookup.

Are you using the NetBIOS name or DNS name of the domain when trying to join?  Best practice is to always use the FQDN.
Here's the common causes I can think of (or heard mentioned) for problems joining a domain:
 - SRV records incorrect
 - workstation IP configuration incorrect - either DNS, subnet, etc.  If IPv6 info is incorrect, just unbinding it from the adapter seems to be the quickest fix.
 - having network profile set to Public
0
 
rettif9ManagerAuthor Commented:
using [domain_name].local to join domain.

Since DNS was working without any issues and hasn't been changed it seems safe to assume it is correct.

IP config is;
 IPv4 Address. . . . . . . . . . . : 192.168.3.103(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, November 22, 2016 5:44:44 PM
   Lease Expires . . . . . . . . . . : Wednesday, November 30, 2016 5:44:43 PM
   Default Gateway . . . . . . . . . : 192.168.3.254
   DHCP Server . . . . . . . . . . . : 192.168.3.5
   DHCPv6 IAID . . . . . . . . . . . : 246991418
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-1F-82-0F-B8-CA-3A-85-28-7C
   DNS Servers . . . . . . . . . . . : 192.168.3.5

I'll try unbinding IPV6
0
 
rettif9ManagerAuthor Commented:
Thanks Footech for the suggestions,

I disabled IPV6 and rebooted. Same error occurred.
0
 
rettif9ManagerAuthor Commented:
This problem was misleading. I had a VPN tunnel down and didn't know it. This DC couldn't contact the PDC emulator. Once that was fixed the workstation problem went away.
1
 
rettif9ManagerAuthor Commented:
Thanks to both of you.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

  • 8
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now