Avatar of bankwest
bankwestFlag for United States of America

asked on 

Unable to join domain - Windows 10 machine

I have a windows 10 machine that decided not to connect to our network this morning.  I eliminated the cable/network jack as the problem (laptop connected fine).   I unjoined the computer from the network.  When I try to rejoin the compute to the network, I get the following error:  An Active Directory Domain Controller (AC DC) for the domain "corp.ebankwest.com" could not be reached.     In the details it states that it is trying to contact srv record for_ldap._tcp.dc._msdcs.corp.ebankwest.com.  The error it is receiving is 0x000005B4 Error_Timeout.

Any help/suggestions would be greatly appreciated.
Windows 10Windows OSNetworking

Avatar of undefined
Last Comment
Shaun Vermaak
Avatar of Shaun Vermaak
Shaun Vermaak
Flag of Australia image

Does a NSLOOKUP return correct entries for corp.ebankwest.com?
Avatar of masnrock
masnrock
Flag of United States of America image

In addition to what Shaun has mentioned, are you able to ping IP addresses? And what IP is the laptop using for DNS (make sure that something static wasn't somehow configured in)?
Avatar of Scott C
Scott C
Flag of United States of America image

Turn the computer off, REMOVE the power cable, wait a few seconds, hook it back up and try again.

Sometimes a NIC keeps junk in it and only a cold boot will clear it .

If it's a laptop, remove the battery as well.
Avatar of bankwest
bankwest
Flag of United States of America image

ASKER

While I was waiting, I did a flushdns and registerdns.  The registerdns came back with an event ID 8019 in the event view.   After I flushed the dns, the was no longer able to ping.  I was able to ping earlier.    We use static IPs in our network, not DHCP.

nslookup on that computer comes back with: DNS request timed out (after 2 sec).  Default server: unknown.  Address: 10.1.1.38 (which is our AD CD ip address).

On my computer, the nslookup comes back with: Default Server: ad1.corp.ebankwest.com.  Address: 10.1.1.38.

ad1 is the name of our dc and the domain is corp.ebankwest.com.

I will try shutting down the computer and unplugging it.  I will let it sit until I come back from lunch.
Avatar of masnrock
masnrock
Flag of United States of America image

If it still doesn't work after starting back up, try resetting TCP/IP.
ASKER CERTIFIED SOLUTION
Avatar of Hello There
Hello There

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Avatar of Tom Cieslik
Tom Cieslik
Flag of United States of America image

Also make sure no other  NIC is enabled on this computer if you have more than one.
Check DNS / DC server for other NIC enabled.
I had same issue some time ago and for some reason my not connected NIC was registered in DNS and Windows 10 computers had problem to register.

I;ve disabled not used NIC on DC and all start working again
Avatar of Hello There
Hello There

Run CMD as Admin:
netsh advfirewall reset
netsh int ip reset
netsh int ipv6 reset
netsh winsock reset

Also go to Start -> Settings -> Network and Internet -> Status -> choose Network Reset option -> confirm

Also run Windows Troubleshooter that will tell you what's wrong.
Avatar of bankwest
bankwest
Flag of United States of America image

ASKER

I am now getting the message: Network path not found when I try to join to the domain.
Avatar of Tom Cieslik
Tom Cieslik
Flag of United States of America image

Can you post PING result when you try PING your DC name ?
Avatar of Rob Knight
Rob Knight
Flag of United Kingdom of Great Britain and Northern Ireland image

Hi - sounds like you have a DNS resolution issue.

Try assigning a fixed IP address in a suitable subnet with DNS set to your DC hosting DNS and try again.
Avatar of bankwest
bankwest
Flag of United States of America image

ASKER

Tom,  when I ping either 10.1.1.38 or ad1, I get valid reply messages.
Avatar of bankwest
bankwest
Flag of United States of America image

ASKER

RobMobility:  We use static IP addresses.   The IP address, gateway and DNS information is correct on the machine.
Avatar of masnrock
masnrock
Flag of United States of America image

Is the DNS information only the domain controller, or is there any system as well? If there is a second server set in there, remove it unless it's a DC.
Avatar of Tom Cieslik
Tom Cieslik
Flag of United States of America image

Can you try join to domain again and after you'll get some error message, can you check DC event log ?
Avatar of bankwest
bankwest
Flag of United States of America image

ASKER

Would it make any sense to restore the computer to its original state and start over?
Avatar of bankwest
bankwest
Flag of United States of America image

ASKER

Tom, I am not sure which DC event log to look at.   The only event I see is a system event.  It is an information event stating that the Portable Device Enumerator Service service entered the stopped state.    Is there a particular log I should be watching on the DC?
Avatar of Tom Cieslik
Tom Cieslik
Flag of United States of America image

I would check application event log.
Avatar of Hello There
Hello There

Have you tried my suggestions? What's the result?
Avatar of bankwest
bankwest
Flag of United States of America image

ASKER

To Hello There:  Yes, I have tried your suggestions.  I still get the message: Network path not found  when I attempt to join the domain.  What is so strange is that this computer was working fine Friday, was shut down for the weekend and then wouldn't connect on Monday morning.    It is a new 2017 HP desktop so age is not a factor.
Avatar of Hello There
Hello There

Before joining any computer back to the domain you have to delete old entries in AD related to that computer.
SOLUTION
Avatar of Hello There
Hello There

Blurred text
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Avatar of Hello There
Hello There

Also check DNS servers... primary and secondary. Are they correct?
nslookup on that computer comes back with: DNS request timed out (after 2 sec).  Default server: unknown.  Address: 10.1.1.38 (which is our AD CD ip address).
Can you ping 10.1.1.38, if so, telnet to port 53
Avatar of Hello There
Hello There

You need to open the below ports for domain controller communication.

LDAP TCP-in - 389
LDAP UDP in - 389
LDAP for Global Catalog TCP in - 3268
NetBIOS name Resolution UDP in - 138
SAM/LSA TCP in - 445
SAM/LSA UDP in - 445
Secure LDAP TCP in -  636
Secure LDAP for Global Catalog TCP in - 3269
W32Time NTP UDP in - 123
RPC - RPC Dynamic
RPC Endpoint Mapper
DNS - TCP and UDP 53
Kerberos V5 UDP in - 88
Netbios Datagram UDP in - 137
Avatar of Hello There
Hello There

Go to Network Connections
double click on NIC
select properties
select tcp/ip -> properties

Type the DC's IP address in the "Preferred DNS Server" box
Press "Advanced"
go to the DNS tab
Under dns suffix for this connection type fqdn for example  "mydomain.local"

apply changes
Avatar of bankwest
bankwest
Flag of United States of America image

ASKER

Thank you everyone for all of your help.  I was finally able to get the computer to connect to the network.    Someone suggested that I turn off the firewall and attempt to connect.  I thought I had done so, but apparently there was still a portion active.  We use AVG as our firewall.  I also changed the IP address and computer name to something that had not been used in the past.  I'm pretty sure it was getting the firewall completely deactivated temporarily that was the answer.   Once again, thank you!!
Why I asked for a telnet test to port 53 :) in #a42428714

Able to ping 10.1.1.38 = ICMP open
Unable to telnet to 53 = Port blocked
Windows OS
Windows OS

This topic area includes legacy versions of Windows prior to Windows 2000: Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions including Windows Mobile.

129K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews

TRUSTED BY

IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo