none
Unable to contact DC to join a domain, yet I can ping by name & IP - ideas?

    Question

  • Guys, I'm geting this error when attempting to join my domain on new Virtual Machine running on my home network. :

     

    An Active Directory Domain Controller (AD DC) for the domain "schizo.com" could not be contacted.

    Ensure that the domain name is typed correctly. IF the name is correct, click Details for troubleshooting information.

    Note: This information is intended for a network administrator. If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

    DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "schizo.com":

    The query was for the SRV record for _ldap._tcp.dc._msdcs.schizo.com

    The following domain controllers were identified by the query:

    schizodc2.schizo.com

    russchtempdc.schizo.com

    However no domain controllers could be contacted.

    Common causes of this error include:

    - Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

    - Domain controllers registered in DNS are not connected to the network or are not running.

    As you can see, I have two DC's running (each on a different subnet). The machine I'm working with and the DC that it needs to contact (schizodc2.schizo.com) are actually virtual images running on my laptop. They run on a virtual network hosted on the laptop itself.

    schizodc2.schizo.com has two virtual network cards attached - one is part of the virtual network, the other is on the subnet where all of my "real" machines (including the other DC, russchtempdc.schizo.com) live.

    Items of interest:

    I can ping schizodc2.schizo.com from the box I need to join the domain on both by hostname and IP.

    In DNS on schizodc2.schizo.com, I did see TWO entries for the machine - one on the virtual network (which is how my host would contact it), and one on the real, physical subnet that all my machines live on. Thinking this might be an issue, I whacked that entry.

    There IS an (A) record in DSN for my DC (schizodc2), and the associated IP *is* correct. I have no AAAA records.

    Any ideas where I should look next? The Active Directory services on the schizodc2 machine are running. I haven't tried making sure that AD-related ports are all open, but I added a rule to the firewall to open EVERYTHING up just in case.

    Ideas?

     

    Monday, August 08, 2011 1:49 PM

Answers

  • Remove these IPs from the TCP\IP settings under DNS

     209.18.47.61
     209.18.47.62
     127.0.0.1

    For external DNS resolution you should be using DNS Forwarders

    On a Domain Controller you should only have one network card enabled with one IP address if you have multiple you can confuse DNS and AD.

    Make sure your primary network card is listed first in the binding order.

    http://theregime.wordpress.com/2008/03/04/how-to-setview-the-nic-bind-order-in-windows/

    Restrict DNS to listen on only the proper IP addresses

    http://technet.microsoft.com/en-us/library/cc755068.aspx

    Make sure you go into the TCP\IP properties of the none Domain network card and click Advance then DNS tab uncheck register with DNS.

    Run ipconfig /flushdns, ipconfig /registerdns and dcdiag /fix.

    Monday, August 08, 2011 2:25 PM
  • Hello,

    for the DC I can see that it using multiple IP addresses / NIC cards. Multihoming a DC is not recommended. More here: http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx

    As you are using an only one DC (That is what I concluded from your IP addressing), I recommend that your DC points to its private IP address as primary DNS server and to 127.0.0.1 as secondary one. Once done, run ipconfig /registerdns and restart netlogon on it. Please use one IP address and one NIC for the DC.

    Please set each public DNS server as a forwarder and not as a secondary DNS server.

    For the server to join, make it point to your DC as primary DNS server and delete all other DNS IP addresses.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator 

    Monday, August 08, 2011 7:25 PM
  • Hello,

    SCHIZODC2 is multi-homed more then one ip address, NIC is used which is bad configuration for DCs.

    Also the public DNS servers 209.18.47.61 and 209.18.47.62 are NOT to be used on the NIC in the internal network, this result in Name resolution problems as the external DNS servers NEVER are able to resolve the private ip range.

    You have to configure the Forwarders in the DNS management console at the DNS server properties instead with the public DNS servers.

    So please change the ip addresses and remove the multi-homing, then run ipconfig /flushdns and ipconfig /registerdns and resart the netlogon service on the DCs. PLease be aware that it is not recommende to run SQL on DCs.

    http://msdn.microsoft.com/en-us/library/ms144228(v=SQL.90).aspx  http://support.microsoft.com/kb/910229


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Monday, August 08, 2011 8:00 PM

All replies

  • >>>my domain on new Virtual Machine running on my home network

    What do you mean by home network?  What is the connectivity between your home network and your production AD network?  Do you have any firewall between these 2 locations?  If so, are you allowing RPC ports? 

    Also, please post ipconfig/all from your machine and DC here. 


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX

    Blogs - http://blogs.sivarajan.com/
    Articles - http://www.sivarajan.com/publications.html
    Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara
    This posting is provided AS IS with no warranties,and confers no rights.
    Monday, August 08, 2011 1:53 PM
    Moderator
  • Thanks for responding. There is no production network, I'm doing this purely at home. THe Home network consists of what I would consider my PDC, and all my physical machines. This network runs on 192.168.203.X

    The virtual network which runs only on my laptop uses 192.168.241.X. As you can see from the ipconfig /all from the schizodc2.schizo.com Virtual Machine (The DC) running on my laptop, it can connect to either network:

    C:\Users\russch>ipconfig /all

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : SCHIZODC2
       Primary Dns Suffix  . . . . . . . : schizo.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : schizo.com

    Ethernet adapter External USB NIC: <-- Connects to "Home" network

       Connection-specific DNS Suffix  . : schizo.com
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter #2
       Physical Address. . . . . . . . . : 08-00-27-B1-0D-2F
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::f032:1ef2:ae50:a765%13(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.203.27(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Monday, August 08, 2011 9:18:30 AM
       Lease Expires . . . . . . . . . . : Tuesday, August 16, 2011 9:17:42 AM
       Default Gateway . . . . . . . . . : 192.168.203.1
       DHCP Server . . . . . . . . . . . : 192.168.203.15
       DHCPv6 IAID . . . . . . . . . . . : 302514215
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-B5-26-1A-08-00-27-2A-9F-

       DNS Servers . . . . . . . . . . . : ::1
                                           192.168.203.15
                                           209.18.47.61
                                           209.18.47.62
                                           127.0.0.1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Ethernet adapter Internal Only NIC:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter <-- Connects to "Virtual Network" only.
       Physical Address. . . . . . . . . : 08-00-27-C9-2C-F7
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::d9ab:89b6:887a:8c58%11(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.241.102(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . :
       DHCPv6 IAID . . . . . . . . . . . : 235405351
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-B5-26-1A-08-00-27-2A-9F-

       DNS Servers . . . . . . . . . . . : ::1
                                           127.0.0.1
                                           192.168.203.15
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.{9A195508-548E-4560-8329-5DF95272D6CB}:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter isatap.schizo.com:

       Connection-specific DNS Suffix  . : schizo.com
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::5efe:192.168.203.27%14(Preferred)
       Default Gateway . . . . . . . . . :
       DNS Servers . . . . . . . . . . . : ::1
                                           192.168.203.15
                                           209.18.47.61
                                           209.18.47.62
                                           127.0.0.1
       NetBIOS over Tcpip. . . . . . . . : Disabled

     

    Here is the ipconfig /all from the host I'm trying to join to the domain via schizodc2.schizo.com:

    Windows IP Configuration

       Host Name . . . . . . . . . . . . : SQL
       Primary Dns Suffix  . . . . . . . : schizo.com
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : schizo.com

    Ethernet adapter Internal Only NIC:

       Connection-specific DNS Suffix  . : schizo.com
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
       Physical Address. . . . . . . . . : 08-00-27-73-DC-9C
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::215e:308e:b10b:e13c%11(Preferred)
       IPv4 Address. . . . . . . . . . . : 192.168.241.131(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Monday, August 08, 2011 9:27:02 AM
       Lease Expires . . . . . . . . . . : Tuesday, August 16, 2011 9:27:03 AM
       Default Gateway . . . . . . . . . : 192.168.241.102
       DHCP Server . . . . . . . . . . . : 192.168.241.102
       DHCPv6 IAID . . . . . . . . . . . : 235405351
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-B5-26-1A-08-00-27-2A-9F-82

       DNS Servers . . . . . . . . . . . : 192.168.241.102
                                           192.168.203.15
                                           209.18.47.61
                                           209.18.47.62
                                           127.0.0.1
       NetBIOS over Tcpip. . . . . . . . : Enabled

    Tunnel adapter isatap.schizo.com:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : schizo.com
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter Teredo Tunneling Pseudo-Interface:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1091:f81:3f57:e7c(Prefer
    red)
       Link-local IPv6 Address . . . . . : fe80::1091:f81:3f57:e7c%15(Preferred)
       Default Gateway . . . . . . . . . : ::
       NetBIOS over Tcpip. . . . . . . . : Disabled

    C:\Users\Administrator> 

     Again, note that I can ping the DC from this box using either hostname or IP....

    Thanks much!

    Monday, August 08, 2011 2:15 PM
  • Remove these IPs from the TCP\IP settings under DNS

     209.18.47.61
     209.18.47.62
     127.0.0.1

    For external DNS resolution you should be using DNS Forwarders

    On a Domain Controller you should only have one network card enabled with one IP address if you have multiple you can confuse DNS and AD.

    Make sure your primary network card is listed first in the binding order.

    http://theregime.wordpress.com/2008/03/04/how-to-setview-the-nic-bind-order-in-windows/

    Restrict DNS to listen on only the proper IP addresses

    http://technet.microsoft.com/en-us/library/cc755068.aspx

    Make sure you go into the TCP\IP properties of the none Domain network card and click Advance then DNS tab uncheck register with DNS.

    Run ipconfig /flushdns, ipconfig /registerdns and dcdiag /fix.

    Monday, August 08, 2011 2:25 PM
  • Hello,

    for the DC I can see that it using multiple IP addresses / NIC cards. Multihoming a DC is not recommended. More here: http://msmvps.com/blogs/acefekay/archive/2009/08/17/multihomed-dcs-with-dns-rras-and-or-pppoe-adapters.aspx

    As you are using an only one DC (That is what I concluded from your IP addressing), I recommend that your DC points to its private IP address as primary DNS server and to 127.0.0.1 as secondary one. Once done, run ipconfig /registerdns and restart netlogon on it. Please use one IP address and one NIC for the DC.

    Please set each public DNS server as a forwarder and not as a secondary DNS server.

    For the server to join, make it point to your DC as primary DNS server and delete all other DNS IP addresses.

     


    This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Microsoft Student Partner 2010 / 2011
    Microsoft Certified Professional
    Microsoft Certified Systems Administrator: Security
    Microsoft Certified Systems Engineer: Security
    Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
    Microsoft Certified Technology Specialist: Windows 7, Configuring
    Microsoft Certified IT Professional: Enterprise Administrator
    Microsoft Certified IT Professional: Server Administrator 

    Monday, August 08, 2011 7:25 PM
  • Hello,

    SCHIZODC2 is multi-homed more then one ip address, NIC is used which is bad configuration for DCs.

    Also the public DNS servers 209.18.47.61 and 209.18.47.62 are NOT to be used on the NIC in the internal network, this result in Name resolution problems as the external DNS servers NEVER are able to resolve the private ip range.

    You have to configure the Forwarders in the DNS management console at the DNS server properties instead with the public DNS servers.

    So please change the ip addresses and remove the multi-homing, then run ipconfig /flushdns and ipconfig /registerdns and resart the netlogon service on the DCs. PLease be aware that it is not recommende to run SQL on DCs.

    http://msdn.microsoft.com/en-us/library/ms144228(v=SQL.90).aspx  http://support.microsoft.com/kb/910229


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Monday, August 08, 2011 8:00 PM