none
Cannot join domain - ip address set correctly to DNS server - please help!

    Question

  • Hello, I have a big problem here. Recently I had a problem with a Domain member, so I just changed it to Worgroup, and when I tried to join the domain again, it said "Active Directory Domain Contoller could not be contacted". If I use DHCP to obtain the IP address (client machine), it receives the correct IP address and DNS, but still do not join the domain. If I set the IP and DNS manually, still the same error.

    What have I done so far? (probably forgot some)

    - restarted every service (kidding, just netlogon, dhcp, dns).

    - ping ok between dc and clients

    - flushed dns / registerdns in server / clients then restarted dns and netlogon

    - disconnected router from network and tried again

    I would highly appreciate any help you can give me.

    Wednesday, May 15, 2013 5:46 PM

All replies

  • Hi Bitco,

    Please follow the below steps.

    1. Check your prymary DNS is pointing to your site DC

    2. type nslookup on your cmd window and type your domain full name (domain FQDN) and check wthether it is showing all DC's IP address

    3. If it is showing all the IP address, while adding the machine to domain please use Domain FQDN name in Domain textbox

    


    Regards, Nidhin.CK

    Wednesday, May 15, 2013 6:07 PM
  • Hello, thanks for your reply. My primary dns is pointing to my DC, as I said in my post. Nslookup shows the DC´s IP address (it is my DNS server and DC). It cannot find an AC DC when I try to join the domain. If I use only the domain name (example MYDOMAIN), it says that the query identified a DC, but it could not be contacted. If I use the FQDN (explample SERVER01.MYDOMAIN), it says DNS name does not exist, 0x0000232B RCODE_NAME_ERROR. Thanks again for any help
    Wednesday, May 15, 2013 6:22 PM
  • Could you please read below link.. the same problem is discussed here 

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/32092a25-e454-44ef-a00d-2a5060be25cc


    Regards, Nidhin.CK

    Wednesday, May 15, 2013 6:28 PM
  • Thanks Nidihin but it is not hte same problem. My dcdiag /test:dns does not show any problems.
    Wednesday, May 15, 2013 6:41 PM
  • can you try steps mentioned in below blog

    http://geekswithblogs.net/technetbytes/archive/2011/10/09/147233.aspx


    Regards, Nidhin.CK

    Wednesday, May 15, 2013 6:46 PM
  • Thanks, but that is correctly configured. The problem is not in one machine only. I cannot join any computer to the domain, when I usually did not have any troubles. I think it is way more complicated than that (although I pray it is not).
    Wednesday, May 15, 2013 6:53 PM
  • hi.. can you check in those problematic machines KB2661254 is installed.. If remove the same and reboot the test

    Regards, Nidhin.CK

    Wednesday, May 15, 2013 7:31 PM
  • That is a different approach, I am removing it as we speak, i will let you know, thanks again!
    Wednesday, May 15, 2013 7:48 PM
  • Thanks again, but sadly it didnt solve the issue. I am still stuck :(  

    Wednesday, May 15, 2013 8:11 PM
  • Thanks again, but sadly it didnt solve the issue. I am still stuck :(  
    Wednesday, May 15, 2013 8:11 PM
  • How about you dc's.. Is this patch is installed in DC's? If yes could you please remove, reboot and test

    Regards, Nidhin.CK

    Wednesday, May 15, 2013 8:14 PM
  • It is not installed in DC. When I do a nslookup MYDOMAIN from a client, it returns the DC´s IP address, but it says NON EXISTENT DOMAIN. Ive read so many things, but I think I read that is not an issue... Do you think it is?
    Wednesday, May 15, 2013 8:21 PM
  • could u please give me the result of below command

    cmd > nslookup

    set debug

    Domain FQDN



    Regards, Nidhin.CK

    Wednesday, May 15, 2013 8:31 PM
  • This is the nslookup from the server

    > set debug
    > domain qau
    ------------
    Got answer:
        HEADER:
            opcode = QUERY, id = 2, rcode = NXDOMAIN
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
            qau.QAU, type = A, class = IN
        AUTHORITY RECORDS:
        ->  qau
            ttl = 3600 (1 hour)
            primary name server = qau-servidor01.qau
            responsible mail addr = hostmaster.qau
            serial  = 3509
            refresh = 900 (15 mins)
            retry   = 600 (10 mins)
            expire  = 86400 (1 day)
            default TTL = 3600 (1 hour)

    ------------
    ------------
    Got answer:
        HEADER:
            opcode = QUERY, id = 3, rcode = NXDOMAIN
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
            qau.QAU, type = AAAA, class = IN
        AUTHORITY RECORDS:
        ->  qau
            ttl = 3600 (1 hour)
            primary name server = qau-servidor01.qau
            responsible mail addr = hostmaster.qau
            serial  = 3509
            refresh = 900 (15 mins)
            retry   = 600 (10 mins)
            expire  = 86400 (1 day)
            default TTL = 3600 (1 hour)

    ------------
    *** Can't find address for server qau: Non-existent domain
    >

    Wednesday, May 15, 2013 8:40 PM
  • you said you are able to resolve the IP address when you do nslookup. But from this log Im unable to view any ip address.

    Is this log from DC or from Client machine? Is your DNS suffix is set correctly ?

    If it is not applying the dns suffix correctly from DHCP then apply it manually. also if possible could you please provide the above logs without any editing.


    Regards, Nidhin.CK

    Wednesday, May 15, 2013 9:06 PM
  • This log is from the server side and has not been edited. Do you need to see the nslookup from the client?

    As additional information, I run a local DNS server, I do not host a domain, so my domain is qau. My server is qau-servidor01, so my DC´s qualified name is qua-servidor01.qau, and it is my AC DC and DNS server. I do not think the problem is in the client machines, since they were ok until recently. I just quit the domain from one machine and could not rejoin. Then I tried joinning the domain with a new laptop, and the same error came up, so It shouldnt be a problem with the client machine. Dont you think?


    Wednesday, May 15, 2013 9:47 PM
  • Just in case, here it is the unedited nslookup from the client machine:

    Microsoft Windows [Versión 6.1.7601]
    Copyright (c) 2009 Microsoft Corporation. Reservados todos los derechos.

    C:\Users\principal>nslookup
    Default server:  qau-servidor01.qau
    Address:  10.102.1.50

    > set debug
    > domain qau-servidor.qau
    ------------
    Got answer:
        HEADER:
            opcode = QUERY, id = 2, rcode = NXDOMAIN
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
            qau-servidor.qau.qau, type = A, class = IN
        AUTHORITY RECORDS:
        ->  qau
            ttl = 3600 (1 hour)
            primary name server = qau-servidor01.qau
            responsible mail addr = hostmaster.qau
            serial  = 3509
            refresh = 900 (15 mins)
            retry   = 600 (10 mins)
            expire  = 86400 (1 day)
            default TTL = 3600 (1 hour)

    ------------
    ------------
    Got answer:
        HEADER:
            opcode = QUERY, id = 3, rcode = NXDOMAIN
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
            qau-servidor.qau.qau, type = AAAA, class = IN
        AUTHORITY RECORDS:
        ->  qau
            ttl = 3600 (1 hour)
            primary name server = qau-servidor01.qau
            responsible mail addr = hostmaster.qau
            serial  = 3509
            refresh = 900 (15 mins)
            retry   = 600 (10 mins)
            expire  = 86400 (1 day)
            default TTL = 3600 (1 hour)

    ------------
    ------------
    Got answer:
        HEADER:
            opcode = QUERY, id = 4, rcode = NXDOMAIN
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
            qau-servidor.qau, type = A, class = IN
        AUTHORITY RECORDS:
        ->  qau
            ttl = 3600 (1 hour)
            primary name server = qau-servidor01.qau
            responsible mail addr = hostmaster.qau
            serial  = 3509
            refresh = 900 (15 mins)
            retry   = 600 (10 mins)
            expire  = 86400 (1 day)
            default TTL = 3600 (1 hour)

    ------------
    ------------
    Got answer:
        HEADER:
            opcode = QUERY, id = 5, rcode = NXDOMAIN
            header flags:  response, auth. answer, want recursion, recursion avail.
            questions = 1,  answers = 0,  authority records = 1,  additional = 0

        QUESTIONS:
            qau-servidor.qau, type = AAAA, class = IN
        AUTHORITY RECORDS:
        ->  qau
            ttl = 3600 (1 hour)
            primary name server = qau-servidor01.qau
            responsible mail addr = hostmaster.qau
            serial  = 3509
            refresh = 900 (15 mins)
            retry   = 600 (10 mins)
            expire  = 86400 (1 day)
            default TTL = 3600 (1 hour)

    ------------
    *** Can't find address for server qau-servidor.qau: Non-existent
     domain
    >

    Wednesday, May 15, 2013 10:28 PM
  • I suspect it is the DNS error. Otherwise have a look the Domain naming master is down or DNS port is blocked.

    Regards

    Sajoor

    Thursday, May 16, 2013 1:27 PM
  • Hello Sajoor, thanks but the Domain naming master is the DC and it is up and running. Dns port 53 is not blocked. No firewall installed or blocks through the router. Where else could it be blocked?
    Thursday, May 16, 2013 3:45 PM
  • Hello Nidhin, did you see anything useful in the nslookup from the client machine? I could not find so much information about "Can't find address for server xxx:Non-existent domain". Looks like it is common to find "Can´t find server for address xxxx" but this is not my case. 
    Thursday, May 16, 2013 5:04 PM
  • Domain Name: qau
    Domain Controller name: qau-servidor01
    Primary DNS/DC server IP Address: 10.102.1.50
    Primary DNS/DC FQDN: qau-servidor01.qau

    ----------------------------------------------------------------

    Bit confused. Are you using AD integrated DNS?

    Could you please check whether you are getting any error from your DC (qau-servidor01.qau) when you execute DCDIAG command?

    What about the replication between your DC's.  Please check any replication error in "repadmin/ showrepl" command

    Please check SRV records are present in "_ldap._tcp.<SITE>._sites.dc._msdcs.<DOMAIN>.<TLD>" location

    and in _ldap._tcp.dc._msdcs. <DOMAIN>.<TLD> location

    Please check your client IP address is mapped to the current site where your DC is located.

    Do you have any child domain? If yes are you able to add this machine in those child domains?


    Regards, Nidhin.CK

    Thursday, May 16, 2013 6:17 PM
  • Domain Name: qau
    Domain Controller name: qau-servidor01
    Primary DNS/DC server IP Address: 10.102.1.50
    Primary DNS/DC FQDN: qau-servidor01.qau

    ----------------------------------------------------------------

    Bit confused. Are you using AD integrated DNS?

    Could you please check whether you are getting any error from your DC (qau-servidor01.qau) when you execute DCDIAG command?

    What about the replication between your DC's.  Please check any replication error in "repadmin/ showrepl" command

    Please check SRV records are present in "_ldap._tcp.<SITE>._sites.dc._msdcs.<DOMAIN>.<TLD>" location

    and in _ldap._tcp.dc._msdcs. <DOMAIN>.<TLD> location

    Please check your client IP address is mapped to the current site where your DC is located.

    Do you have any child domain? If yes are you able to add this machine in those child domains?


    Regards, Nidhin.CK

    This is a Single Domain controller network. It is part of another forest, but at the moment they are not connected, so I think that is not an issue. That said, it means that the DNS server is also the AD DC. No other domain controllers involved. I am not sure if that respond your question. I am using the windows 2008 standard DNS server. 

    When I execute DCDIAG every test is passed, except SystemLog, that says EvtFormatMessage Failed. Doesnt seem a problem to me.

    When I execute DCDIAG /TEST:DNS, the only problem I found is "Warning: The AAAA record for this DC was not found", but I am not using IPv6. I have tried both IPv6 installed and not installed. I am only using IPv4.

    I do not have any replication goin on (like I said, only one server being DC and DNS).

    When I use _ldap._tcp.dc._msdcs.qau (using nskooup q=srv) this is what it shows:
    _ldap._tcp.dc._msdcs.qau SRV service location:
    priority = 0
    weight = 100
    port = 389
    srv_hostname = qau-servidor01.qau
    qau-servidor01.qau internet address = 10.102.1.50

    --------------------------------
    10.102.1.50 is the local server´s address.

    About the other _ldap._tcp.<site> i dont know how to get it, but is it necesary? I mean, i do not host a site in my server. No child domains or anything. That is why it should be easier. Never had this problem with another server, although I only manage small networks. 


    Additional information:
    - if I ping another DNS name from this computer, it resolves ok. Ex: ping computer02.qau (qau is my domain)
    - if I ping the DNS server (which is also the Domain controller), it resolves ok.

    Thanks a lot again, I hope I gave you all the information you requested.

    Thursday, May 16, 2013 7:04 PM

  • Whether you are using imaged OS for your clients?

    Please reinstall the TCP/IP  V4 from LAN connection properties and try.

    Regards

    Sajoor

    Friday, May 17, 2013 6:34 AM
  • No, I am not using imaged OS. I have tried with one previous domain member, and two new laptops (never conected to the domain), so obviously the TPC/IP reinstall will not do any good in this case.
    Friday, May 17, 2013 8:41 PM