asked on
Can't find ad - non existent domain using nslookup
My domain has been set up for years and working fine. Today when I tried to join a new vm running Server 2012 to the domain, I got the error "The following error occurred attempting to join the domain mydomain.com. The network path was not found." I also tested a computer running Windows 10 and same issue.
I'll be honest b/c I just want the fix. Yesterday I had set up another vm and it joined successfully, it had the Remote Desktop Services role and somehow in Server Manager I added a DNS server to manage under Manage > Add Servers > DNS. I don't know why I did this and think i got distracted. Then I didn't need that vm and deleted it. Did I confuse DNS?
I've searched everywhere and feel like all of my DNS records are fine. PTR, GC, everything. I've got forward and reverse lookup zones. I have my DomainDnsZones, ForestDnsZones set up, I haven't' changed a thing. But this issue didn't happen until I added the server to manage under Server Manager. I think my Reverse Lookup Zone is right. I have the NS record type, the SOA record type and then all the PTR for the computers on the domain.
When I do a nslookup ad on the server I'm trying to join the domain, I get this, but it sees my DC and the correct IP.
Server: mydomaincontroller.mydomai
Address: 172.X.X.X
***mydomaincontroller.mydo
I'll be honest b/c I just want the fix. Yesterday I had set up another vm and it joined successfully, it had the Remote Desktop Services role and somehow in Server Manager I added a DNS server to manage under Manage > Add Servers > DNS. I don't know why I did this and think i got distracted. Then I didn't need that vm and deleted it. Did I confuse DNS?
I've searched everywhere and feel like all of my DNS records are fine. PTR, GC, everything. I've got forward and reverse lookup zones. I have my DomainDnsZones, ForestDnsZones set up, I haven't' changed a thing. But this issue didn't happen until I added the server to manage under Server Manager. I think my Reverse Lookup Zone is right. I have the NS record type, the SOA record type and then all the PTR for the computers on the domain.
When I do a nslookup ad on the server I'm trying to join the domain, I get this, but it sees my DC and the correct IP.
Server: mydomaincontroller.mydomai
Address: 172.X.X.X
***mydomaincontroller.mydo
VirtualizationWindows OSNetworkingDNSWindows Server 2012
Last Comment
Misty Edwards
Server: mydomaincontroller.mydomaiSo what is "ad"?n.com
Address: 172.X.X.X
***mydomaincontroller.mydomain.com can't find ad: Non-existent domain
Let's say your domain name is contoso.local. Run this command:
nslookup contoso.local.
nslookup -q=srv _ldap._tcp.dc._msdcs.mydom
this should return the dcs available in the environment
you either have a bad DNS or a stale DC record..
this should return the dcs available in the environment
you either have a bad DNS or a stale DC record..
ASKER
@tom - I can ping but can't join, and updating host file doesn't help me to join either.
@jeremy - I think that was a typo in my cmd line and I pasted it...whoops. Anyways, nslookup returns my domain controller computer name and IP address:
Server: mydomaincontroller.mydomai
Address: 172.X.X.X
Name: mydomain.com
Address: 172.X.X.X
@arnold - your exact command didn't work, I get unknown query type (but it does return my domain controller name and IP). If I do this I get this:
C:\nslookup -q
Default server: mydomaincontroller.mydomai
Address: 172.X.X.X
> srv _ldap._tcp.dc._msdcs.mydom
Server: mydomaincontroller.mydomai
Address: 172.X.X.X
***mydomaincontroller.mydo
@jeremy - I think that was a typo in my cmd line and I pasted it...whoops. Anyways, nslookup returns my domain controller computer name and IP address:
Server: mydomaincontroller.mydomai
Address: 172.X.X.X
Name: mydomain.com
Address: 172.X.X.X
@arnold - your exact command didn't work, I get unknown query type (but it does return my domain controller name and IP). If I do this I get this:
C:\nslookup -q
Default server: mydomaincontroller.mydomai
Address: 172.X.X.X
> srv _ldap._tcp.dc._msdcs.mydom
Server: mydomaincontroller.mydomai
Address: 172.X.X.X
***mydomaincontroller.mydo
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
if you use
nslookup
set querytype=srv
_ldap._tcp.dc._msdcs.yourd
would be the equivalent to the command line inquiry.
nslookup
set querytype=srv
_ldap._tcp.dc._msdcs.yourd
would be the equivalent to the command line inquiry.
ASKER
@Arnold, thanks for your follow up. I'm trying to copy and paste that into a console session in a VM and I can't so I had to type it. I missed the space after srv. I tried again and received:
Default server: mydomaincontroller.mydomai
Address: 172.X.X.X
_ldap._tcp.dc._msdcs.mydom
priority=0
weight=100
port=389
svr hostname=mydomaincontrolle
mydomaincontroller.mydomai
Default server: mydomaincontroller.mydomai
Address: 172.X.X.X
_ldap._tcp.dc._msdcs.mydom
priority=0
weight=100
port=389
svr hostname=mydomaincontrolle
mydomaincontroller.mydomai
When you try joining the domain, do you use the netbios name or the dns name? E.g. mydoman.com
ASKER
Here, I've unmasked it for you. I tried to edit the other one but didn't work.
Default server: mydomaincontroller.mydomai
Address: 172.16.0.3
_ldap._tcp.dc._msdcs.mydom
priority=0
weight=100
port=389
svr hostname=mydomaincontrolle
mydomaincontroller.mydomai
Default server: mydomaincontroller.mydomai
Address: 172.16.0.3
_ldap._tcp.dc._msdcs.mydom
priority=0
weight=100
port=389
svr hostname=mydomaincontrolle
mydomaincontroller.mydomai
ASKER
@Jeremy I'm using the dns name.
Based on the response the system should attempt to contact the DC, 172.16.0.3 .
You need to run the query on the system you are trying to joing into the domain
run ipconfig
to display the IP the VM has, if it does not have an IP on the 172.16.0.3 related segment, it might be getting an IP elsewhere and thus unable to locate the DC.
ipcofig /all making sure name server points to 172.16.0.3.
You need to run the query on the system you are trying to joing into the domain
run ipconfig
to display the IP the VM has, if it does not have an IP on the 172.16.0.3 related segment, it might be getting an IP elsewhere and thus unable to locate the DC.
ipcofig /all making sure name server points to 172.16.0.3.
ASKER
Update, I rebooted the domain controller and the NIC card now is reading a different network as Ethernet0 (Network 2) as a Public Network.
public network, would mean the windows firewall is blocking the requests to the AD service which is commonly only available on the private/work zone.
Is the IP on the niC configured as static or dynamic?
Set it to a static IP would be a way to fix, and categorize it as a work/private network type.
Is the IP on the niC configured as static or dynamic?
Set it to a static IP would be a way to fix, and categorize it as a work/private network type.
ASKER
@arnold, I did run it on the system trying to join the domain. ipconfig /all was the first thing I ran and everything is right. It even shows my domain name. For some reason my network connection on my DC is going to a public network. Something isn't right.
the classification is based on the connection setup, it commonly prompts but on the first, one can set any new network would automatically be classified as public unless changed when using network sharing interface and configure this network as private. When you join the domain, the domain, the connection would be classified as a work network which is the same as private/home..
if the IP is not static on the server/s OS, the flactuation might be .........
if the IP is not static on the server/s OS, the flactuation might be .........
ASKER
The IP is static on the servers, all of my servers. My users can't even use their mapped drives on a file server now. The get the local device name is already in use when clicking on mapped drive. May be a hunch but all theses issues have to be related to some common issue. The public network and mapped drive issue didn't start until I rebooted the DC.
ASKER
Issue is fixed. I unchecked IPv6 in network adapter on DC.
Since windows 2008 there are some resources rely on ipv6 protocol even if not active,
It should often be enabled and network resource categorized/classified as Private/work..
It should often be enabled and network resource categorized/classified as Private/work..
ASKER
IPv6 was enabled after I did a full restore of the VM, but I remembered reading something about that so I just wanted to see what happened when I unchecked IPv6, that's when the issues resolved. I was going to try to look further into what happened today, but I can't enable it right now or it will bring all my users down. Can you point me in the direction on where to start? I still don't know what happened.
If it works and seemingly you do not have a role that is impacted by the disabling of the IPv6 protocol.
When IPv6 was disabled, the network type changed from public to work/private?
When IPv6 was disabled, the network type changed from public to work/private?
ASKER
Yes, it was immediate the network type changed automatically.
enabling IPv6 and re-categorizing the network as work/private should resolve the issue for future while having both IPv6 and ipv4 active.
interface defined as public applies different advanced firewall settings (MS builtin firewall)
Try at your convenience.
interface defined as public applies different advanced firewall settings (MS builtin firewall)
Try at your convenience.
ASKER
Thanks, I will give it a try. When "re-categorizing the network as work/private", do I just do that in the Network List Manager Policies in the local security policy (gpedit). Looks like I can change it on Unidentified Networks and Identifying Networks.
BTW, last night I did make this exact change for Unidentified networks and changed it to Private, it changed the network adapter back to my domain, but I still had the issues until I disabled IPv6.
BTW, last night I did make this exact change for Unidentified networks and changed it to Private, it changed the network adapter back to my domain, but I still had the issues until I disabled IPv6.
usually, the network categorization, applies to both. not sure what happens with your IPv6.
If it works for you, not sure why the enabling of IPV6 shifts your network interface type, are you able with the IPv6 enabled change the categorization from public to work/private?
Is there an IPv6 DHCP server within the setup?
If it works for you, not sure why the enabling of IPV6 shifts your network interface type, are you able with the IPv6 enabled change the categorization from public to work/private?
Is there an IPv6 DHCP server within the setup?
ASKER
There is no scope within DHCP for IPv6. There is also no reverse lookup zone in DNS. (My predecessor set this up. I have just started, so I'm getting a grip on things.)
My question was more on how do I change that categorization? Is it with the steps I mentioned or are you referring to something else?
My question was more on how do I change that categorization? Is it with the steps I mentioned or are you referring to something else?
yes, I think so.
SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
We are a very small environment too (less than 30 computer) and I do know we are not using it at this time. I still have yet to determine what happened, but for the sake of this case, I'm going to close it as I don't have any further information to provide. You all have been very helpful, if not with a direct fix to the solution, but helping me to gain a better understanding of what might have happened.
If it does then in same time (along with ping) try add computer to domain again.
If name will not going to be resolved it mean your computer is not getting properly DNS names from DHCP
Check DHCP setting again.
You can try to put your domain controller name with local IP to local host file in C:\Windows\System32\driver
then try add computer to domain again. If this will work then for a 100% you have problem with DHCP or DNS propagation