?
Solved

W 10 Workstation can't join Win 2012 domain

Posted on 2016-11-22
12
Medium Priority
?
78 Views
Last Modified: 2017-02-02
Everything was working normally till I replaced a router. Windows 2012 R2 server (AD, DNS, DHCP) local domain. I installed the new router and forgot to turn off DHCP in the router. A windows 10 workstation started having problems connecting to a server based application. I found the mistake by using ipconfig, and turned off DHCP in the router. Workstation still won't connect. All mapped drives are disconnected. The network profile changed to "Private" and was disabled. I used powershell to change it to "public" but it is still disabled. I tried dis-joining the workstation from the domain and tried to rejoin. Error message is "An Active Directory Domain Controller (AD DC) for the domain could not be contacted". I can ping from the workstation to the DC and from the DC to the workstation by IP and name. Workstation A record is in DNS. I have tried turning off the windows firewall, ipconfig /flushdns, tried a static IP on the workstation, restart netlogon, restart server and workstation, verified discovery and file sharing are enabled. no luck yet. any ideas would be welcome.
0
Comment
Question by:rettif9
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 3
12 Comments
 
LVL 40

Expert Comment

by:footech
ID: 41898399
If the adapter is still disabled, it won't be able to communicate.
Try getting a new lease from your DHCP.
ipconfig /release
ipconfig /renew


It should only be using your internal DNS, so double check the output of ipconfig /all.
0
 
LVL 7

Author Comment

by:rettif9
ID: 41898403
No I'm accessing the workstation off-site so I haven't disabled/enabled the NIC although I would like to. I already checked ipconfig.
IP was in the scope, gateway was correct and DHCP and DNS were the DC's IP.
0
 
LVL 2

Assisted Solution

by:Raul Ivan Medina Urista
Raul Ivan Medina Urista earned 600 total points
ID: 41898418
Clear router’s entire ARP cache. Delete all the IP leases  except reservations and restart the DHCP service.

Regards
Raúl Medina.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 
LVL 7

Author Comment

by:rettif9
ID: 41898436
Thanks Raúl Medina,

I tried your idea but I still get the same error when I try to join the workstation to the domain.
0
 
LVL 40

Expert Comment

by:footech
ID: 41898438
So you can ping the DC by name?
What's the result of running nltest /dsgetdc:yourdomain ?

A domain-joined workstation that is connected to the domain network should show the profile as "domain" (you can't force this).  Depending on Group Policy settings different profiles could allow different traffic, but usually all outbound traffic is allowed, but you may want to check this.
Where is the server-based application?  How do you connect to it?

Edit:  From your last comment, you did unjoin it, but just can't re-join it to the domain.  Are you using the NetBIOS name or DNS name of the domain?
0
 
LVL 7

Author Comment

by:rettif9
ID: 41898444
Thanks Footech here is the info you asked for,

Yes I know I couldn't force the profile to change to domain. Because "Private " was inactive (not blue) I changed it to "Public" just to see if it would be active. I'm logged onto the workstation currently as a local administrator account;
C:\Users\admin>nltest /dsgetdc:yourdomain
Getting DC name failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
also tried: nltest /dsgetdc:[domain_name] - same result

C:\Users\admin> ping CCSCDC1

Pinging ccscdc1.[domain_name].local [192.168.3.5] with 32 bytes of data:
Reply from 192.168.3.5: bytes=32 time=1ms TTL=128
Reply from 192.168.3.5: bytes=32 time<1ms TTL=128
Reply from 192.168.3.5: bytes=32 time<1ms TTL=128
Reply from 192.168.3.5: bytes=32 time<1ms TTL=128

The application is a hybrid cloud application. Some data is on the local app server. some is at the vendors site.
Just FYI
workstation IP is 192.168.3.103 (dhcp)
0
 
LVL 7

Author Comment

by:rettif9
ID: 41898456
I was looking up syntax on command as I'm not familiar with it and found this. Not sure if it is useful information. https://www.experts-exchange.com/questions/28579078/nslookup-dsgetdc-Getting-DC-name-failed-Status-1355-0x54b-ERROR-NO-SUCH-DOMAIN.html
 I am substituting the actual domain name with [domain_name]

C:\Users\admin>nslookup /dsgetdc:[domain_name].local
Server:  ccscdc1.[domain_name].local
Address:  192.168.3.5

*** ccscdc1.[domain_name].local can't find /dsgetdc:[domain_name].local: Non-existent domain
0
 
LVL 40

Accepted Solution

by:
footech earned 1400 total points
ID: 41898462
/dsgetdc is a switch for the nltest.exe utility, not nslookup.

Are you using the NetBIOS name or DNS name of the domain when trying to join?  Best practice is to always use the FQDN.
Here's the common causes I can think of (or heard mentioned) for problems joining a domain:
 - SRV records incorrect
 - workstation IP configuration incorrect - either DNS, subnet, etc.  If IPv6 info is incorrect, just unbinding it from the adapter seems to be the quickest fix.
 - having network profile set to Public
0
 
LVL 7

Author Comment

by:rettif9
ID: 41898469
using [domain_name].local to join domain.

Since DNS was working without any issues and hasn't been changed it seems safe to assume it is correct.

IP config is;
 IPv4 Address. . . . . . . . . . . : 192.168.3.103(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, November 22, 2016 5:44:44 PM
   Lease Expires . . . . . . . . . . : Wednesday, November 30, 2016 5:44:43 PM
   Default Gateway . . . . . . . . . : 192.168.3.254
   DHCP Server . . . . . . . . . . . : 192.168.3.5
   DHCPv6 IAID . . . . . . . . . . . : 246991418
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-19-1F-82-0F-B8-CA-3A-85-28-7C
   DNS Servers . . . . . . . . . . . : 192.168.3.5

I'll try unbinding IPV6
0
 
LVL 7

Author Comment

by:rettif9
ID: 41898491
Thanks Footech for the suggestions,

I disabled IPV6 and rebooted. Same error occurred.
0
 
LVL 7

Author Comment

by:rettif9
ID: 41898553
This problem was misleading. I had a VPN tunnel down and didn't know it. This DC couldn't contact the PDC emulator. Once that was fixed the workstation problem went away.
1
 
LVL 7

Author Closing Comment

by:rettif9
ID: 41898554
Thanks to both of you.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question