none
can't join my server2012 r2 to my domain ,my DC is also server 2012 r2 RRS feed

  • Question

  • An Active Directory Domain controller for the domain ''ettely.net''could not be contacted 

    here is error in the dcdiag.txt


    The following error occurred when DNS was queried for the service location (SRV) resource 

    record used to locate an Active Directory Domain Controller (AD DC) for domain 

    "ettely.net":

    The error was: "DNS name does not exist."
    (error code 0x0000232B RCODE_NAME_ERROR)

    The query was for the SRV record for _ldap._tcp.dc._msdcs.ettely.net

    Common causes of this error include the following:

    - The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. 

    These records are registered with a DNS server automatically when a AD DC is added to a 

    domain. They are updated by the AD DC at set intervals. This computer is configured to use 

    DNS servers with the following IP addresses:

    127.0.0.1
    8.8.8.8
    192.168.1.4

    - One or more of the following zones do not include delegation to its child zone:

    ettely.net
    net
    . (the root zone)

    192.168.1.4 is the ip of my DC,and I'm sure DC and my another server2012 in the same internal network,and my this server 2012 can ping the ip of the domain,and command "arp -a" in my DC computer.it show up my server 2012 ip, the 192.168.1.190 ,both them can communicate each other,and my server 2012 also put 192.168.1.4 the ip of DC to my primary DNS server in my properties. both them can access to ntranet and external,both them have only one network interface.I confused ,what am i missing ? hope someone can help me, I've dealed with it for a day.

    I'd be grateful.thanks.  


    Thursday, January 5, 2017 8:35 AM

Answers

  • Hi Chards,

    >>but can't ping ettely.com (DC).

    Could you please provide details result of this command to here for further troubleshooting?

    Have you tried to run nslookup ettely.com to check if IP address is correct?

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Chards shi Tuesday, January 10, 2017 12:31 PM
    Tuesday, January 10, 2017 8:59 AM
    1. Security Groups are whitelists, so any traffic that's not explicitly allowed is disallowed.
    2. Security Groups are attached to each EC2 instance. Think of Security Group membership like having a copy of an identical firewall in front of each node in the group. (In contrast, Network ACLs are attached to subnets. With a Network ACL you would not have to specify allowing traffic within the subnet because traffic within the subnet does not cross the Network ACL.)

    Add a rule to your Security Group which allows all traffic to flow within the subnet's CIDR block and that will fix the problem.

    I have been working on "Windows domain Controller" last couple of days. Same problem I faced in AWS. I changed the security rule as "All traffic" inbound and outbound. The problem got fixed. Thanks 

    there is nothing wrong with DNS,I browser other forums,this is exactly the answer ,but thanks,I finally feel pressure released


    issue solved

    • Marked as answer by Chards shi Thursday, January 12, 2017 5:40 AM
    Tuesday, January 10, 2017 12:31 PM

All replies

  • Hi,

    1. Try remove all DNS servers from 192.168.1.190  and add them again, then run 'ipconfig /flushdns'

    2. Use telnet to verify port 53 is open between those servers.

    3. Can you ping 'ettely.net' ?

    4. Have you more than one NIC?

    5. Please post 'ipconfig /all' for 192.168.1.190

    /\


    Best Regards,

    Jesper Vindum, Denmark

    Systems Administrator

    Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

    Thursday, January 5, 2017 9:10 AM
  • Hi Chard,

    >>. This computer is configured to use DNS servers with the following IP addresses:

    Is the DC installed on this computer?

    If yes, please try to remove public DNS address on this computer.

    Have you checked if there are SRV records exists on _msdcs.domain.com zone?

    Please try to run dcdiag /test:dns command to check if DNS server function properly.

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    • Edited by John Lii Monday, January 9, 2017 7:45 AM
    Friday, January 6, 2017 6:28 AM
  • thanks ,oh I've add another network interface to my another server 2012,ip 192.168.1.220,still have not connect to external network.but arp -a in DC ,also show up it's ip,obviously they are in the same internal ,I don't know what's wrong.it drives me crazy.so complicated 

    oh,my NIC is disable.I haven't enable it

    DC(server2012):
    Windows IP Configuration

       Host Name . . . . . . . . . . . . : server
       Primary Dns Suffix  . . . . . . . : ettely.net
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : ettely.net
                                           us-west-1.compute.internal
                                           ip-192-168-1-4.us-west-1.compute.internal

    Ethernet adapter Ethernet:

       Connection-specific DNS Suffix  . : ettely.net
       Description . . . . . . . . . . . : AWS PV Network Device #0
       Physical Address. . . . . . . . . : 02-B9-09-62-FA-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.1.1
       DNS Servers . . . . . . . . . . . : 192.168.1.4
                                           192.168.0.2
       NetBIOS over Tcpip. . . . . . . . : Enabled

    ping ettely.net from DC :
    Pinging ettely.net [192.168.1.4] with 32 bytes of data:
    Reply from 192.168.1.4: bytes=32 time<1ms TTL=128
    Reply from 192.168.1.4: bytes=32 time<1ms TTL=128
    Reply from 192.168.1.4: bytes=32 time<1ms TTL=128
    Reply from 192.168.1.4: bytes=32 time<1ms TTL=128



    another server 2012 :
    Windows IP Configuration

       Host Name . . . . . . . . . . . . : server2
       Primary Dns Suffix  . . . . . . . : 
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : us-west-1.compute.internal
                                           ettely.net

    Ethernet adapter Ethernet 2:

       Connection-specific DNS Suffix  . : us-west-1.compute.internal
       Description . . . . . . . . . . . : AWS PV Network Device #1
       Physical Address. . . . . . . . . : 02-3H-D0-A0-5B-18
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.1.220(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 
       DNS Servers . . . . . . . . . . . : 8.8.8.8
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Ethernet:

       Connection-specific DNS Suffix  . : ettely.net
       Description . . . . . . . . . . . : AWS PV Network Device #0
       Physical Address. . . . . . . . . : 02-50-M1-01-2B-80
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.1.190(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.1.1
       DNS Servers . . . . . . . . . . . : 192.168.1.4
                                           8.8.8.8
                                           127.0.0.1
       NetBIOS over Tcpip. . . . . . . . : Enabled




    • Edited by Chards shi Friday, January 6, 2017 7:51 AM
    Friday, January 6, 2017 7:50 AM
  • oki,

    1) Clear DNS servers on both NIC's (another server 2012) , so you only have 192.168.1.4, no 127.0.0.1 no 8.8.8.8, do ipconfig /flushdns

    2) Use your domain controller to forward un-resolvable queries-> https://technet.microsoft.com/en-us/library/cc754941%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396

    3) Where does '192.168.0.2' come from? It's on another network segment..

    4) Set NIC bindings so your primary NIC is at the top (just to be sure)-> https://blogs.technet.microsoft.com/networking/2015/08/14/adjusting-the-network-protocol-bindings-in-windows-10/

    /\


    Best Regards,

    Jesper Vindum, Denmark

    Systems Administrator

    Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

    Friday, January 6, 2017 10:35 AM
  • 192.168.02 is original modem DNS,I can access to internet.because of it,I use remote desk to connect it,and can use this server(DC)access internet which I can surf the internet in the google or youtube.of course I also can use 8.8.8.8,but i think it's nothing matter. oh, yes,the 192.168.0.2 is given by the public ip,like 53.35.56.80, assign it to me,my domain only have network interface.   does my this server(DC) needs second network interface,I mean they can do NIC teaming.

    i use my domain controller to forward un-resolvable queries: 

    i found something in my dns manager ,the forwarders of server properties, it display 

    ip address    :                      192.168.0.2  

     server FQDN :
    ip-192.168.0.2-us-west-1.compute.internal

    it's validated ,so i try to add 192.168.1.4 to it,click apply ,it show up “the server forwarders cannot be updated,the ip address is invalid

    why?what's wrong.is the reason appears here,so that my that server 2012 can't join to this DC.

    thanks 




    • Edited by Chards shi Friday, January 6, 2017 4:40 PM
    Friday, January 6, 2017 3:47 PM
  • Oki,

    It is as simple as this:

    Point the 'server 2012' DNS to your DC IP.

    Set DC DNS to 192.168.1.4.

    Set up the DC to forward to 192.168.0.2 or 8.8.8.8

    /\


    Best Regards,

    Jesper Vindum, Denmark

    Systems Administrator

    Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

    Saturday, January 7, 2017 4:04 AM
  • thanks for your reply,my friend,as you see my server2012 have already put my DC ip primary DNS server

    another server 2012 :

    Ethernet adapter Ethernet:

       Connection-specific DNS Suffix  . : 
       Description . . . . . . . . . . . : AWS PV Network Device #0
       Physical Address. . . . . . . . . : 02-50-M1-01-2B-80
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.1.190(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.1.1
       DNS Servers . . . . . . . . . . . : 192.168.1.4
                                           8.8.8.8
       NetBIOS over Tcpip. . . . . . . . : Enabled

    And I've already set DC DNS to 192.168.1.4. as you see bellow:

    server2012(DC)

       Host Name . . . . . . . . . . . . : server
       Primary Dns Suffix  . . . . . . . : ettely.net
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : ettely.net
                                           us-west-1.compute.internal
                                           ip-192-168-1-4.us-west-1.compute.internal

    Ethernet adapter Ethernet:

       Connection-specific DNS Suffix  . : ettely.net
       Description . . . . . . . . . . . : AWS PV Network Device #0
       Physical Address. . . . . . . . . : 02-29-09-62-FA-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred) 
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.1.1
       DNS Servers . . . . . . . . . . . : 192.168.1.4
                                           8.8.8.8
       NetBIOS over Tcpip. . . . . . . . : Enabled

    ping ettely.net from my DC,It did can ping ,

    Pinging ettely.net [192.168.1.4] with 32 bytes of data:
    Reply from 192.168.1.4: bytes=32 time<1ms TTL=128
    Reply from 192.168.1.4: bytes=32 time<1ms TTL=128
    Reply from 192.168.1.4: bytes=32 time<1ms TTL=128
    Reply from 192.168.1.4: bytes=32 time<1ms TTL=128

    but how to Set up the DC to forward to 192.168.0.2 or 8.8.8.8 ,where?could you please show me the road,specific step.in DNS server properties or ?

    I don't want to re-install domain again,hope you can show me some ways
    • Edited by Chards shi Saturday, January 7, 2017 6:10 PM
    Saturday, January 7, 2017 6:08 PM
  • Ping from the server 2012, not the dc. If that server 2012 cannot resolve ettely.net, it's not going to work.

    Just follow the suggestions as mentioned, it makes it easier to troubleshoot.

    "2) Use your domain controller to forward un-resolvable queries-> https://technet.microsoft.com/en-us/library/cc754941%28v=ws.11%29.aspx?f=255&MSPPError=-2147217396"

    /\


    Best Regards,

    Jesper Vindum, Denmark

    Systems Administrator

    Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

    Sunday, January 8, 2017 5:42 AM
  • In my DNS manager,the properties of server,the forwarders only have 192.168.0.2 ,I try to add 192.168.1.4,when I add it into the list,it can show up ettely.net under the FQDN,but the key is that I click apply it said it is invalid,I told you as I've mentioned .
    Sunday, January 8, 2017 6:17 AM
  • The DC (192.168.0.4) cannot forward queries to it self..

    Best Regards,

    Jesper Vindum, Denmark

    Systems Administrator

    Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

    Sunday, January 8, 2017 6:40 AM
  • Yes,my domain 192.168.1.4 can't be added to forwarders,I successfully add a computer into domain in the vbox,but that just vbox,not real server,so ironic,so sad
    • Edited by Chards shi Sunday, January 8, 2017 6:59 AM
    Sunday, January 8, 2017 6:59 AM
  • Fix the dns issue on that physical box. If you cannot ping the domain FROM ´'THE SERVER 2012', it's not going to work.


    Best Regards,

    Jesper Vindum, Denmark

    Systems Administrator

    Help the forum: Monitor(alert) your threads and vote helpful replies or mark them as answer, if it helps solving your problem.

    Sunday, January 8, 2017 7:25 AM
  • i gotta re-install domain again,i use aws,and my vpc is 192.168.0.0/16,i set a few subnet 192.168.0.0/24 and 192.168.1.0/24 and 192.168.2.0/24,I always use this 192.168.1.0/24 network segment to assign ip to my instance.and my dns is always 192.168.0.2, right now,i want to try to use 192.168.0.0/24 network segment,hope can fix it.i manually assign 192.168.0.220 to my this aws instance,and promoted it as my domain ip,this is my plan. so any idea you can suggest me,i should install dhcp server in DC before I add my another server into my this DC? thanks
    • Edited by Chards shi Sunday, January 8, 2017 8:40 AM
    Sunday, January 8, 2017 8:40 AM
  • Hi,

    No offensive to you, but I suppose a little more supplement might give you some tips:

    For your original issue:"can't join my server2012 r2 to my domain ", I suppose we need to confirm 3 things at least:

    1> your new machine could contact the DC;<DNS resolution,SRV record,subnet,adsite,netlogon service enabled>

    2>your PDC roles should hand on the DC which also holds DNS server<netdom query fsmo>

    3>related AD service has been started<ADDS,Netlogon,etc>

    Best regards,

    Andy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    • Edited by Hello_2018 Monday, January 9, 2017 7:02 AM
    • Proposed as answer by John Lii Monday, January 9, 2017 7:46 AM
    Monday, January 9, 2017 7:00 AM
  • I re-install DC in my server2012 again,this time,i use "ettely.com"domain name and only install AD DS and DNS in this machine,install completed,nslookup command in DC,it show up :

    default server:  ip-192-168-0-220.us-west-1.compute.internal

    address : 192.168.0.220  

     why not ettely.com,I can ping ettely.com in DC and show up its ip is 192.168.0.220,

    and my another server 2012 put first dns is 192.168.0.220, my this server ip is 192.168.0.225,it  can ping www.google.com etc,also can ping ip-192-168-0-220.us-west-1.compute.internal,but can't ping ettely.com (DC).

    have someone can explain this?



    issue solved

    Tuesday, January 10, 2017 2:29 AM
  • Hi Chards,

    >>but can't ping ettely.com (DC).

    Could you please provide details result of this command to here for further troubleshooting?

    Have you tried to run nslookup ettely.com to check if IP address is correct?

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by Chards shi Tuesday, January 10, 2017 12:31 PM
    Tuesday, January 10, 2017 8:59 AM
    1. Security Groups are whitelists, so any traffic that's not explicitly allowed is disallowed.
    2. Security Groups are attached to each EC2 instance. Think of Security Group membership like having a copy of an identical firewall in front of each node in the group. (In contrast, Network ACLs are attached to subnets. With a Network ACL you would not have to specify allowing traffic within the subnet because traffic within the subnet does not cross the Network ACL.)

    Add a rule to your Security Group which allows all traffic to flow within the subnet's CIDR block and that will fix the problem.

    I have been working on "Windows domain Controller" last couple of days. Same problem I faced in AWS. I changed the security rule as "All traffic" inbound and outbound. The problem got fixed. Thanks 

    there is nothing wrong with DNS,I browser other forums,this is exactly the answer ,but thanks,I finally feel pressure released


    issue solved

    • Marked as answer by Chards shi Thursday, January 12, 2017 5:40 AM
    Tuesday, January 10, 2017 12:31 PM
  • Hi Chards,

    Thanks for your sharing and glad to hear issue has been resolved.

    Best Regards

    John


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, January 11, 2017 8:36 AM