none
Active Directory domain controller could not be contacted (Windows 7 Ultimate)

    Question

  • Hello, need a little help here.

    I have a network of 5 computer plus the server. The server OS its an Windows server 2008 r2, the pc's windows 7 ultimate and Pro. Here's my issue, two of the computer are Dell's and only those two are the one giving me the error when I try to conect them to the domain (active directory domian controller could not be contacted, etc). I have everything well configured because I have 3 others pc's working just fine with the server.

    Thanks

    Maag

    Wednesday, September 12, 2012 1:19 PM

Answers

  • Hello,

    if domain machines contain public DNS servers as 200.88.127.23 and 196.3.81.5 you will always have trouble. PLease remove them on ALL domain machines and run ipconfig /flushdns and ipconfig /registerdns and reboot clients and domain member servers and restart the netlogon service on DCs instead reboot.

    For internet access please configure the FORWARDERS in the DNS server properties in the DNS management console with the public DNS servers.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Thursday, September 13, 2012 7:07 AM
  • You have not posted the complete out of ipconfig /all reports as requested earlier. By seeing the output posted earlier, you can't join a machine to the domain using public IP because it is trying to locate your domain to the public IP which has not information of the private build domain, that is the reason i requested for the ipconfig /all report information.

    Use only local IP in the clients NIC.

    DNS recommendations from Microsoft

    http://awinish.wordpress.com/2011/03/08/dns-recommendations-from-microsoft/


    Awinish Vishwakarma - MVP

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, September 13, 2012 8:43 AM
    Moderator

All replies

  • Hi,

    This issue occurs due to the DNS misconfiguration, ensure the DNS pointing is correct on DC as well as on all workstations/membser servers.

    Best practices for DNS client settings on DC and domain members
    http://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

    If issue reoccurs, post dcdiag /q and ipconfig /all result from DC and problem machine.


    Best regards,

    Abhijit Waikar.
    MCSA | MCSA:Messaging | MCITP:SA | MCC:2012
    Blog: http://abhijitw.wordpress.com
    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    Wednesday, September 12, 2012 1:33 PM
  • Hello, need a little help here.

    I have a network of 5 computer plus the server. The server OS its an Windows server 2008 r2, the pc's windows 7 ultimate and Pro. Here's my issue, two of the computer are Dell's and only those two are the one giving me the error when I try to conect them to the domain (active directory domian controller could not be contacted, etc). I have everything well configured because I have 3 others pc's working just fine with the server.

    Thanks

    Maag

    Only home edition of windows can't be joined to domain, else all other version have no problem in joining the issue. Try to disable inbuilt windows firewall service along with security software & see if that works. The error "active directory domian controller could not be contacted, etc" shows, either a connectivity issues, dns issue or firewall issue. Can you at least ping DC from the problem machine? Also, post ipconfig /all report from one of the problem machine as well as DC.

    Troubleshooting Domain Join Error Messages (en-US)

    http://social.technet.microsoft.com/wiki/contents/articles/1935.troubleshooting-domain-join-error-messages-en-us.aspx


    Awinish Vishwakarma - MVP

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Wednesday, September 12, 2012 1:36 PM
    Moderator
  • Thanks for the response, still have the error.

    Here's the details

    Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

    The domain name "copaisa" might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.

    If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

    The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "copaisa":

    The error was: "DNS name does not exist."
    (error code 0x0000232B RCODE_NAME_ERROR)

    The query was for the SRV record for _ldap._tcp.dc._msdcs.copaisa

    Common causes of this error include the following:

    - The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

    200.88.127.23
    196.3.81.5
    10.0.0.15

    - One or more of the following zones do not include delegation to its child zone:

    copaisa
    . (the root zone)

     

    Wednesday, September 12, 2012 2:02 PM
  • Post unedited IPCconfig /all reports from the DC & one of the problem machine.


    Awinish Vishwakarma - MVP

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Wednesday, September 12, 2012 2:10 PM
    Moderator
  • Hi,

    Verify the SRV Records are present on a Domain Controller. You may restart netlogon service to re-register missing records.

    How to Verify the Creation of SRV Records for a Domain Controller
    http://support.microsoft.com/kb/241515

    Also ensure the DNS pointing is correct as per above article in my blog.

    Also post dcdiag /q and ipconfig /all result from DC and problem machine.


    Best regards,

    Abhijit Waikar.
    MCSA | MCSA:Messaging | MCITP:SA | MCC:2012
    Blog: http://abhijitw.wordpress.com
    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees and confers no rights.

    Wednesday, September 12, 2012 2:11 PM
  • Thanks for the response, still have the error.

    Here's the details

    Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

    The domain name "copaisa" might be a NetBIOS domain name.  If this is the case, verify that the domain name is properly registered with WINS.

    If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration.

    The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "copaisa":

    The error was: "DNS name does not exist."
    (error code 0x0000232B RCODE_NAME_ERROR)

    The query was for the SRV record for _ldap._tcp.dc._msdcs.copaisa

    Common causes of this error include the following:

    - The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

    200.88.127.23
    196.3.81.5
    10.0.0.15

    - One or more of the following zones do not include delegation to its child zone:

    copaisa
    . (the root zone)

    Remove public ip address(200.88.127.23 & 196.3.81.5) from dns setting of client PC.Each workstation/member server should point to local DNS server as preferred DNS and remote DNS servers as an alternate DNS server in TCP/IP property. If you have only one DC in the nework then remove the other local ip address as well if any.Once done run ipconfig /flushdns and ipconfig /regiterdns and join the PC to domain.

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.


    Thursday, September 13, 2012 4:23 AM
  • Hello,

    if domain machines contain public DNS servers as 200.88.127.23 and 196.3.81.5 you will always have trouble. PLease remove them on ALL domain machines and run ipconfig /flushdns and ipconfig /registerdns and reboot clients and domain member servers and restart the netlogon service on DCs instead reboot.

    For internet access please configure the FORWARDERS in the DNS server properties in the DNS management console with the public DNS servers.


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Thursday, September 13, 2012 7:07 AM
  • You have not posted the complete out of ipconfig /all reports as requested earlier. By seeing the output posted earlier, you can't join a machine to the domain using public IP because it is trying to locate your domain to the public IP which has not information of the private build domain, that is the reason i requested for the ipconfig /all report information.

    Use only local IP in the clients NIC.

    DNS recommendations from Microsoft

    http://awinish.wordpress.com/2011/03/08/dns-recommendations-from-microsoft/


    Awinish Vishwakarma - MVP

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, September 13, 2012 8:43 AM
    Moderator
  • Brilliant. I know this is an old post (2 years) but this was indeed the issue with my home lab also. Removing Google's public DNS servers (8.8.8.8 and 8.8.4.4 in my case) from DNS server list on all network adapters resolved this issue. Is there any explanation of why this is the case? I would assume that using public DNS servers wouldn't cause joining a domain to fail like that.

    Thanks much!


    Tuesday, December 23, 2014 6:03 AM
  • When you're client wants to contact the domain controller, it will resolve the IP address of your DC using the DNS. In you're case since you used the public DNS the IP address your DC was not getting resolved.

    Reg,


    Darshan

    Tuesday, December 23, 2014 6:59 AM
  • It is purely DNS issue. The system from where you are trying to communicate with the PDC/DC needs to have the preferred DNS IP updated with the IP of PDC in the network adapter settings. This will fix the issue.
    • Proposed as answer by Vishal De Thursday, August 18, 2016 11:31 PM
    Thursday, August 18, 2016 11:31 PM
  • Hi, 

    I am having simular problem, I have DC01 and DC02 working fine and both ping each other.

    However, i have a windows 7 Proffesional but it wont join the domain , at first i thought the issue was with the IP address, so i generated an IP addressing scheme which should allow network devices to use the ip addresses 192.268.2.10 - 192.168.2.254

    I have used the ip address 192.168.2.10 on PC01 when i tried to join the domain it did not work with an error message saying 

    An Active Directory Domain Controller (AD DC) for the domain "xxx" could not be contacted.

    Ensure that the domain name is typed correctly.

    If the name is correct , click details for troubleshooting information"

    I then tried to ping DC01, it did ping however the results said destination unreachable.

    i have also switched the firewall off... still no luck.

    What could the problem be? 

    thanks guys


    Monday, April 10, 2017 11:16 PM