Cannot join domain 2012

Michael C
Michael C used Ask the Experts™
Hi Expert

We have a new Win10 PC cannot join server 2012 domain. Previously, other PC can be solved by adding "AllowSingleLabelDnsDomain" in registry HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

But this time it cannot. Below is the error message:

I have hard coded the DNS for the two domain controller and can ping. What I guess that the domain is setup many years ago (2003 version), and on that time there ".com" adding to the end. (i..e it is called abc domain, not domain). We have upgraded to the 2012 domain last year.

After the upgrade, sometimes we find the PC cannot find the domain.

Regards, Ivan

@@@@@@ Error Message @@@@

An Active Directory Domain Controller (AD DC) for the domain "XXXX" could not be contacted.

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\WINDOWS\debug\dcdiag.txt.

The domain name "XXXX" might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.

If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "XXXX":

The query was for the SRV record for _ldap._tcp.dc._msdcs.XXXX

The following domain controllers were identified by the query:

However no domain controllers could be contacted.

Common causes of this error include:

- Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are not running.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018

While I know it is clearly too late for this, your last upgrade would have been the perfect time to fix this. You could've created a totally new domain and migrated users to it. Right now, you're kicking the can down the road...

Try running dcdiag, and share the results. Have you considered a domain rename? Of course, that's assuming everything you have will work if you do a rename.
Shaun VermaakSenior Consultant
Awarded 2017
Distinguished Expert 2018

Join domain with FQDN not NETBIOS

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial