Link to home
Create AccountLog in
Avatar of Misty Edwards
Misty Edwards

asked on

Can't find ad - non existent domain using nslookup

My domain has been set up for years and working fine.  Today when I tried to join a new vm running Server 2012 to the domain, I got the error "The following error occurred attempting to join the domain mydomain.com. The network path was not found." I also tested a computer running Windows 10 and same issue.

I'll be honest b/c I just want the fix.  Yesterday I had set up another vm and it joined successfully, it had the Remote Desktop Services role and somehow in Server Manager I added a DNS server to manage under Manage > Add Servers > DNS.  I don't know why I did this and think i got distracted.  Then I didn't need that vm and deleted it.  Did I confuse DNS?

I've searched everywhere and feel like all of my DNS records are fine. PTR, GC, everything. I've got forward and reverse lookup zones. I have my DomainDnsZones, ForestDnsZones set up, I haven't' changed a thing. But this issue didn't happen until I added the server to manage under Server Manager. I think my Reverse Lookup Zone is right.  I have the NS record type, the SOA record type and then all the PTR for the computers on the domain.

When I do a nslookup ad on the server I'm trying to join the domain, I get this, but it sees my DC and the correct IP.

Server:  mydomaincontroller.mydomain.com
Address: 172.X.X.X
***mydomaincontroller.mydomain.com can't find ad: Non-existent domain
Avatar of Tom Cieslik
Tom Cieslik
Flag of United States of America image

Try ping -t yourdomain.com from affected computer and check if will ping internal address of your domain controller.
If it does then in same time (along with ping) try add computer to domain again.

If name will not going to be resolved it mean your computer is not getting properly DNS names from DHCP
Check DHCP setting again.

You can try to put your domain controller name with local IP to local host file in C:\Windows\System32\drivers\etc
then try add computer to domain again. If this will work then for a 100% you have problem with DHCP or DNS propagation
Avatar of Jeremy Weisinger
Jeremy Weisinger

Server:  mydomaincontroller.mydomain.com
Address: 172.X.X.X
***mydomaincontroller.mydomain.com can't find ad: Non-existent domain
So what is "ad"?

Let's say your domain name is contoso.local. Run this command:
nslookup contoso.local.

Open in new window

Note the trailing dot ( . ) in the DNS name. If that works, make sure you are using the domain DNS name and not the NETBIOS name to join the domain. If that doesn't work then we need to troubleshoot DNS.
nslookup -q=srv _ldap._tcp.dc._msdcs.mydomain.com

this should return the dcs available in the environment


you either have a bad DNS or a stale DC record..
Avatar of Misty Edwards

ASKER

@tom - I can ping but can't join, and updating host file doesn't help me to join either.

@jeremy - I think that was a typo in my cmd line and I pasted it...whoops.  Anyways, nslookup returns my domain controller computer name and IP address:

Server: mydomaincontroller.mydomain.com
Address:  172.X.X.X

Name: mydomain.com
Address: 172.X.X.X


@arnold - your exact command didn't work, I get unknown query type (but it does return my domain controller name and IP).  If I do this I get this:

C:\nslookup -q
Default server: mydomaincontroller.mydomain.com
Address: 172.X.X.X

> srv _ldap._tcp.dc._msdcs.mydomain.com
Server: mydomaincontroller.mydomain.com
Address: 172.X.X.X

***mydomaincontroller.mydomain.com can't find srv _ldap._tcp.dc._msdcs.mydomain.com: Non-existent domain
SOLUTION
Avatar of arnold
arnold
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
if you use
nslookup
set querytype=srv
_ldap._tcp.dc._msdcs.yourdomain.com.

would be the equivalent to the command line inquiry.
@Arnold, thanks for your follow up.  I'm trying to copy and paste that into a console session in a VM and I can't so I had to type it.  I missed the space after srv.  I tried again and received:

Default server: mydomaincontroller.mydomain.com
Address: 172.X.X.X

_ldap._tcp.dc._msdcs.mydomain.com                  SRV service locaton:
priority=0
weight=100
port=389
svr hostname=mydomaincontroller.mydomain.com

mydomaincontroller.mydomain.com           internet address = mydomaincontroller's IP
When you try joining the domain, do you use the netbios name or the dns name? E.g. mydoman.com
Here, I've unmasked it for you. I tried to edit the other one but didn't work.

Default server: mydomaincontroller.mydomain.com
Address: 172.16.0.3

_ldap._tcp.dc._msdcs.mydomain.com                  SRV service locaton:
priority=0
weight=100
port=389
svr hostname=mydomaincontroller.mydomain.com

mydomaincontroller.mydomain.com           internet address = 172.16.0.3
@Jeremy I'm using the dns name.
Based on the response the system should attempt to contact the DC, 172.16.0.3 .


You need to run the query on the system you are trying to joing into the domain
run ipconfig
to display the IP the VM has, if it does not have an IP on the 172.16.0.3 related segment, it might be getting an IP elsewhere and thus unable to locate the DC.
ipcofig /all making sure name server points to 172.16.0.3.
Update, I rebooted the domain controller and the NIC card now is reading a different network as Ethernet0 (Network 2) as a Public Network.
public network, would mean the windows firewall is blocking the requests to the AD service which is commonly only available on the private/work zone.

Is the IP on the niC configured as static or dynamic?
Set it to a static IP would be a way to fix, and categorize it as a work/private network type.
@arnold, I did run it on the system trying to join the domain.  ipconfig /all was the first thing I ran and everything is right.  It even shows my domain name.  For some reason my network connection on my DC is going to a public network. Something isn't right.
the classification is based on the connection setup, it commonly prompts but on the first, one can set any new network would automatically be classified as public unless changed when using network sharing interface and configure this network as private. When you join the domain, the domain, the connection would be classified as a work network which is the same as private/home..

if the IP is not static on the server/s OS, the flactuation might be .........
The IP is static on the servers, all of my servers.  My users can't even use their mapped drives on a file server now.  The get the local device name is already in use when clicking on mapped drive. May be a hunch but all theses issues have to be related to some common issue.  The public network and mapped drive issue didn't start until I rebooted the DC.
Issue is fixed.  I unchecked IPv6 in network adapter on DC.
Since windows 2008 there are some resources rely on ipv6 protocol even if not active,
It should often be enabled and network resource categorized/classified as Private/work..
IPv6 was enabled after I did a full restore of the VM, but I remembered reading something about that so I just wanted to see what happened when I unchecked IPv6, that's when the issues resolved.  I was going to try to look further into what happened today, but I can't enable it right now or it will bring all my users down.  Can you point me in the direction on where to start? I still don't know what happened.
If it works and seemingly you do not have a role that is impacted by the disabling of the IPv6 protocol.

When IPv6 was disabled, the network type changed from public to work/private?
Yes, it was immediate the network type changed automatically.
enabling IPv6 and re-categorizing the network as work/private should resolve the issue for future while having both IPv6 and ipv4 active.
interface defined as public applies different advanced firewall settings (MS builtin firewall)

Try at your convenience.
Thanks, I will give it a try.  When "re-categorizing the network as work/private", do I just do that in the Network List Manager Policies in the local security policy (gpedit).  Looks like I can change it on Unidentified Networks and Identifying Networks.

BTW, last night I did make this exact change for Unidentified networks and changed it to Private, it changed the network adapter back to my domain, but I still had the issues until I disabled IPv6.
usually, the network categorization, applies to both. not sure what happens with your IPv6.
If it works for you, not sure why the enabling of IPV6 shifts your network interface type, are you able with the IPv6 enabled change the categorization from public to work/private?

Is there an IPv6 DHCP server within the setup?
There is no scope within DHCP for IPv6.  There is also no reverse lookup zone in DNS.  (My predecessor set this up. I have just started, so I'm getting a grip on things.)

My question was more on how do I change that categorization? Is it with the steps I mentioned or are you referring to something else?
yes, I think so.
SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
ASKER CERTIFIED SOLUTION
Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
We are a very small environment too (less than 30 computer) and I do know we are not using it at this time.  I still have yet to determine what happened, but for the sake of this case, I'm going to close it as I don't have any further information to provide.  You all have been very helpful, if not with a direct fix to the solution, but helping me to gain a better understanding of what might have happened.