none
Cannot connect to DNS server with Windows 7 - Peculiar Problem

    问题

  • I have researched to try and find the solution to this problem, to no avail. Here is my setup... I have a desktop running Win7 Ultimate 64-bit and a laptop running Win7 Ultimate 32-bit. I also have a Win 2008 Server Standard Edition. The server is setup with AD and running as a DNS server. My laptop is connecting to the domain perfectly. Here is the IPCONFIG for  my laptop:

    IP - 192.168.1.65

    SUB - 255.255.255.0

    GATE - 192.168.1.254

    DHCP - 192.168.1.254

    DNS - 192.168.1.100, 208.67.222.222, 208.67.220.220 (The last two are OpenDNS servers which I specified as forwarding DNS servers in my Windows Server 2008 configuration.)

    NETBIOS over TCP/IP - enabled

    Here are my Windows Server 2008 settings:

    And here is the message that I am getting when I try to join the domain:

    I have tried everything that I know to connect to the domain. The funny thing is that my Windows 7 is not remembering my network settings. Also, not matter what I do, I cannot change the DNS server that my desktop is using. I hard-coded the DNS servers some time ago, but now I cannot remove them. They, also, are OpenDNS servers. I have entered 192.168.1.100 as my DNS server and it does not work. Here is the IPCONFIG for my desktop:

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Users\media_pc>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : DCP
       Primary Dns Suffix  . . . . . . . : cain.local
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : cain.local

    Wireless LAN adapter Wireless Network Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
       Physical Address. . . . . . . . . : C0-CB-38-7F-1B-90
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::8080:645d:ca6a:5c7f%11(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.1.150(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       IPv4 Address. . . . . . . . . . . : 192.168.1.201(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.1.254
       DHCPv6 IAID . . . . . . . . . . . : 230738744
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-65-FA-3B-78-2B-CB-8E-06-57

       DNS Servers . . . . . . . . . . . : 208.67.222.123
                                           208.67.220.123
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{58903B25-36D7-45E6-9BBB-53F17218C154}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:c2e:89b:9ce7:6fbf(Prefer
    red)
       Link-local IPv6 Address . . . . . : fe80::c2e:89b:9ce7:6fbf%16(Preferred)
       Default Gateway . . . . . . . . . : ::
       NetBIOS over Tcpip. . . . . . . . : Disabled



    Any help that anyone could afford would be great! Thanks!!!

    2012年9月3日 23:13

答案

  • Your DNS settings still show this:

    DNS Servers . . . . . . . . . . . : 192.168.1.100
                                           208.67.222.222
                                           208.67.220.220

    It must only show this:
    DNS Servers . . . . . . . . . . . : 192.168.1.100

    .

    .

    In addition, the Connection-specific DNS Suffix is wrong. It shows this:
    Connection-specific DNS Suffix  . : DC1

    It must only show this:
    Connection-specific DNS Suffix  . : cain.local

    .

    The external DNS addresses are coming from DHCP Option 006. Change that so it only shows 192.18.1.100.

    The Incorrect Connection-Specific Suffix is coming from DHCP Option 015. Change it from DC1 to cain.local.

    .

    .

    If you don't remove those external DNS addresses, you will continue to have problems. THis is because your machine is asking OpenDNS, where's my beer that was in the fridge. Therefore, you are getting an error because it doesn't have that answer to find your DC.

    .

    If you are not sure what I meant in my original reply above on how AD uses DNS for everything, please read the following for a full explanation.

    Active Directory's Reliance on DNS, and using an ISP's DNS address
    http://msmvps.com/blogs/acefekay/archive/2009/08/17/ad-and-its-reliance-on-dns.aspx

    .


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    2012年9月4日 16:21
  • What error are you seeng?  how was the computer created? Image or fresh built? 

    I assune it's Pro, Enterprise or Ultimate, and not Home or anything else.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    2012年9月6日 14:24

全部回复

  • With DNS, AD and ALL AD communication relies on DNS, therefore you must only use your internal DNS server, that's it, no Open DNS or other outside DNS addresses. Some also try to put in the router as a DNS address. That won;t work either. It's like you're asking your next door neighbor where did all the beer go in your refridgerator. He won't have an answer. Same when your machines ask OpenDNS, "What;s the IP of my domain controller so I can join, get GPOs, login, authenticate to the printer," and many other AD tasks.

    This applies to the DCs, too. Only point to itself. If more than one, point the first to a replica, and itself (or the loopback) as the second entry.

    Then go into DNS properties, Forwarders tab, and type in the OpenDNS servers as forwarders.

    .

    .

    I see the wireless has two IPs. You should only have one. That can be a definite contributor to the problem. If you're having problems changing it, try looking at the settings in the registry under CCS, Services, TCP, Parameters, and look at each interface.

    You also have the option to reset TCP/IP on the desktop:

    How to reset Internet Protocol (TCP/IP)
    http://support.microsoft.com/kb/299357

    .

    .

    It looks like you're using your router as a DHCP server. That may be part of the problem with the OpenDNS servers. If it's a Verizon FIOS modem/router/firewall, under the WAN and LAN interface, you have to go into the advanced section to remove the OpenDNS server addresses. I recommend using WIndows DCHP. You have more control.

    .

    .

    Summary:

    • Remove the OpenDNS servers. Check the reg on the clients to see if they are hardcoded, or check your modem/firewall settings. If that doesn't help, reset TCP.
    • Make sure the DC only points to itself for DNS. Configure a forwarder to OpenDNS
    • Recommend using Windows DHCP for more finite control of DHCP lease and options

    .


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBookTwitterLinkedIn


    2012年9月4日 4:22
  • Thank you so much for the quick and great response. I had to reset TCP/IP because I was not able to change the wireless settings. I am not even sure why I had 2 IP's. However, I am still having a problem and I am unable to join the domain. Here are my current client IP settings: 

    Microsoft Windows [Version 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

    C:\Users\media_pc>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : DCP
       Primary Dns Suffix  . . . . . . . : cain.local
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : cain.local
                                           DC1

    Wireless LAN adapter Wireless Network Connection 2:

       Connection-specific DNS Suffix  . : DC1
       Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
       Physical Address. . . . . . . . . : C0-CB-38-7F-1B-90
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::51e:e088:67cb:779a%19(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.1.200(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Tuesday, September 04, 2012 6:25:57 AM
       Lease Expires . . . . . . . . . . : Wednesday, September 12, 2012 6:25:57 AM
       Default Gateway . . . . . . . . . : 192.168.1.254
       DHCP Server . . . . . . . . . . . : 192.168.1.100
       DHCPv6 IAID . . . . . . . . . . . : 381733688
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-65-FA-3B-78-2B-CB-8E-06-57

       DNS Servers . . . . . . . . . . . : 192.168.1.100
                                           208.67.222.222
                                           208.67.220.220
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.DC1:

       Connection-specific DNS Suffix  . : DC1
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::5efe:192.168.1.200%17(Preferred)
       Default Gateway . . . . . . . . . :
       DNS Servers . . . . . . . . . . . : 192.168.1.100
                                           208.67.222.222
                                           208.67.220.220
       NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:3c59:3889:9ce7:6fbf(Pref
    erred)
       Link-local IPv6 Address . . . . . : fe80::3c59:3889:9ce7:6fbf%16(Preferred)
       Default Gateway . . . . . . . . . : ::
       NetBIOS over Tcpip. . . . . . . . : Disabled

    C:\Users\media_pc>

    I have my server's DNS set to its own IP as the primary and 127.0.0.1 as the secondary, so it should be set correctly. Here is the error that I am getting now. 

    I logged into the server and under AD Users and Computers, I deleted the "DCP" (my desktop client's name) computer from the list and it still gave me the same error. Again, thank you so much for your help. It is very much appreciated.


    Deric Cain

    2012年9月4日 11:48
  • Hi,

    Manually create the computer record with name  "DCP" in active directory users and computers.

    And try to join the system..

    If you are getting the same error then deleted the computer record and try to join the system.


    Regards,
    Rafic

    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

    2012年9月4日 12:11
  • Your DNS settings still show this:

    DNS Servers . . . . . . . . . . . : 192.168.1.100
                                           208.67.222.222
                                           208.67.220.220

    It must only show this:
    DNS Servers . . . . . . . . . . . : 192.168.1.100

    .

    .

    In addition, the Connection-specific DNS Suffix is wrong. It shows this:
    Connection-specific DNS Suffix  . : DC1

    It must only show this:
    Connection-specific DNS Suffix  . : cain.local

    .

    The external DNS addresses are coming from DHCP Option 006. Change that so it only shows 192.18.1.100.

    The Incorrect Connection-Specific Suffix is coming from DHCP Option 015. Change it from DC1 to cain.local.

    .

    .

    If you don't remove those external DNS addresses, you will continue to have problems. THis is because your machine is asking OpenDNS, where's my beer that was in the fridge. Therefore, you are getting an error because it doesn't have that answer to find your DC.

    .

    If you are not sure what I meant in my original reply above on how AD uses DNS for everything, please read the following for a full explanation.

    Active Directory's Reliance on DNS, and using an ISP's DNS address
    http://msmvps.com/blogs/acefekay/archive/2009/08/17/ad-and-its-reliance-on-dns.aspx

    .


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    2012年9月4日 16:21
  • First, thank you so much for the helpful article. Very good read, I may add.

     I am still having a problem connecting to the domain. I have my DNS set correctly now and I am getting the error below:

    I tried to delete the computer object from AD and them add it back to no avail. I also delegated control to the computer objects, in AD, as full control to the domain admins and administrators. 


    Deric Cain

    2012年9月4日 23:33
  • Hi Deric,

    Thank you for the post.

    Please check the delegated control permission if you use the non-administrator user account to join computer to domain.
    http://support.microsoft.com/kb/932455
    http://networkadminkb.com/KB/a238/how-to-overcome-issues-related-to-specific-users-adding.aspx
    http://networkadminkb.com/KB/a75/how-to-allow-specific-users-to-add-workstations-to-domain.aspx

    Moreover, try to reboot your Windows 7 or change computer name to other name, then  join computer to domain.

    If there are more inquiries on this issue, please feel free to let us know.

    Regards


    Rick Tan

    TechNet Community Support

    2012年9月5日 8:13
  • In addition to Rick's suggestions, try using cain.local when joining.

    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    2012年9月5日 10:59
  • Thank you for the articles and information. It seems that I am still having the same problem. I opened and msc with AD users and computers and set the delegation for the computers object to full control for administrator and domain admins. I have renamed my desktop computer and tried to join that way as well. I have tried to join the domain cain and cain.local with the same results. It seems that I have worked out the DNS problem, thanks to Ace, but now I am having a different problem. Thanks in advance for any more help you can afford. 

    Deric Cain

    2012年9月6日 12:22
  • What error are you seeng?  how was the computer created? Image or fresh built? 

    I assune it's Pro, Enterprise or Ultimate, and not Home or anything else.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    2012年9月6日 14:24
  • I am getting the same error message that is above, "The join operation was not successful." If you are talking about how Windows was loaded, it came from Dell with W7 Home and I performed an anytime upgrade to Enterprise. If you are talking about how it was created in AD, then I just added the object as normal. Again, thank you for all of the helpful information.

    Deric Cain

    2012年9月9日 22:54
  • Enterprise shoul bwork. I assume the AV is fully disabled or uninstalled, including the firewall.


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    2012年9月9日 23:38