none
windows 2008 AD DC can't be contact

    Question

  • I have install AD DC in a windows 2008, the AD and DNS is runnig and pass all the  verify AD DS installations step. But when I use a windows 7 to join the domain, it have error:


    DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "hcnet.haverford.edu":

    The query was for the SRV record for _ldap._tcp.dc._msdcs.hcnet.haverford.edu

    The following domain controllers were identified by the query:
    ad1.hcnet.haverford.edu


    However no domain controllers could be contacted.

    Common causes of this error include:

    - Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

    - Domain controllers registered in DNS are not connected to the network or are not running.



    Any one can help me?
    • Moved by Tim QuanModerator Monday, December 21, 2009 2:57 AM (From:Setup Deployment)
    Saturday, December 19, 2009 4:47 PM

Answers

  • Hi XiaoRF,

    According to the output error 0x54b, it tells that your domain controller either does not exist or could not be contacted.

    To narrow down the issue, please verify the following items:

    1. When you do ping -a 165.82.1.20, what do you have (FQDN or NetBIOS name)?
    2. When you type \\hcnet.haverford.edu in the prolbematic client's explorer, can you see the SYSVOL and NETLogon share folder?

    If you add a DC record in the problematic client's hosts (%systemroot%\system32\drivers\etc\)file, is it able to join the domain?

    hcnet.haverford.edu   165.82.1.20

    Regards,
    Wilson Jia


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, December 28, 2009 8:02 AM

All replies

  • Hello XiaoRF,

     

    According to your description, I understand that you can not join a Win7 client into Windows 2008 AD. This issue might be caused by Network or DNS issue. please check the following items:

     

    1.     Can you ping Windows 2008 DC NetBios name (ad1) from Windows 7 client?

    2.     Can you ping Windows 2008 DC FQDN name (ad1.hcnet.haverford.edu) from Windows 7 client?

    3.     Verify that Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

    4.     Verify that Domain controllers registered in DNS are not connected to the network or are not running.

    5.     Run the "nslookup" on Windows 7 client to query domain SRV record.

    (1) Type nslookup, and then press ENTER.

    (2) Type set type=all, and then press ENTER.

    (3) Type _ldap._tcp.dc._msdcs.hcnet.haverford.edu and then press ENTER and paste the output here.

     

    If Windows 7 client is using a static IP address, please enable NetBIOS over TCP/IP in the NIC WINS setting. Then try to join the domain again, If the problem persists, please paste a "ipconfig /all" copy of Windows 7 client and Windows 2008 DC.

     

    Best regards,

    Wilson Jia


    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Wilson Jia Thursday, December 24, 2009 2:11 AM
    • Unmarked as answer by Wilson Jia Monday, December 28, 2009 7:23 AM
    Monday, December 21, 2009 9:11 AM
  • 1. Ping request could not find host
    2. Yes, I can ping FQDN name.
    3. The ip is right.
    4. The DNS can be connect
    5. The computer name have been change to controller now, here is the output

    > _ldap._tcp.dc._msdcs.hcnet.haverford.edu
    Server:  controller.hcnet.haverford.edu
    Address:  165.82.1.20

    _ldap._tcp.dc._msdcs.hcnet.haverford.edu        SRV service location:
              priority       = 0
              weight         = 100
              port           = 389
              svr hostname   = controller.hcnet.haverford.edu
    controller.hcnet.haverford.edu  internet address = 165.82.1.20


    6. The client use dynamic IP.

     

    Friday, December 25, 2009 9:25 AM
  • Hi XiaoRF,

     

    Thank you for your response.

     

    Please review the %systemroot%\debug\Netsetup.log file and paste any related clues here for our investigation.

     

    For more information about Netsetup.log, you can refer to:

    Active Directory Diagnostic Logging

    http://technet.microsoft.com/en-us/library/cc961809.aspx

     

    Sincerely,

    Wilson Jia


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, December 28, 2009 2:04 AM
  • Hi Wilson Jia,

            Thanks for you help.The Netsetup.log is a loop as follow:

    12/26/2009 10:52:44:866 -----------------------------------------------------------------
    12/26/2009 10:52:44:867 NetpValidateName: checking to see if 'tom-PC' is valid as type 5 name
    12/26/2009 10:52:44:867 NetpValidateName: name 'tom-PC' is valid for type 5
    12/26/2009 10:52:44:881 -----------------------------------------------------------------
    12/26/2009 10:52:44:881 NetpValidateName: checking to see if 'hcnet.haverford.edu' is valid as type 3 name
    12/26/2009 10:52:44:881 NetpValidateName: 'hcnet.haverford.edu' is not a valid NetBIOS domain name: 0x7b
    12/26/2009 10:52:59:109 NetpCheckDomainNameIsValid for hcnet.haverford.edu returned 0x54b, last error is 0x0
    12/26/2009 10:52:59:109 NetpCheckDomainNameIsValid [ Exists ] for 'hcnet.haverford.edu' returned 0x54b



    And I think it should be the IP limite.

    Server IP: 165.82.1.20   Server Gateway:165.82.1.1

    Win7 IP:10.0.2.15          Win7 Gateway:10.0.2.2


    I use the other client (ip 165.82.1.x) can join the domain. But the Win7 Client can ping the 165.82.1.20, any idea to let Win7 client join the domain?

    Monday, December 28, 2009 2:38 AM
  • Hi XiaoRF,

    According to the output error 0x54b, it tells that your domain controller either does not exist or could not be contacted.

    To narrow down the issue, please verify the following items:

    1. When you do ping -a 165.82.1.20, what do you have (FQDN or NetBIOS name)?
    2. When you type \\hcnet.haverford.edu in the prolbematic client's explorer, can you see the SYSVOL and NETLogon share folder?

    If you add a DC record in the problematic client's hosts (%systemroot%\system32\drivers\etc\)file, is it able to join the domain?

    hcnet.haverford.edu   165.82.1.20

    Regards,
    Wilson Jia


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Monday, December 28, 2009 8:02 AM
  • Make sure that this port is open. It helped me.

    Port Number: 389
    TCP / UDP: UDP
    Delivery: No
    Protocol / Name: ldap
    Port Description: Lightweight Directory Access Protocol. LDAP server's port, an adaptation of x.500 dir std. Through it, LDAP clients access central dir to retrieve, add, and modify info. Examples: Database for PKI systems. - Address book for mail & personnel progs. - Internet Directory Service that tracks users of collaborative apps (chat, video, audio, etc). Would track who is on-line, their IP, and data about user. Used by Win2000 Active Directory. SSL version at TCP 636. Security Concerns: Valuable source of user info used in attacks; excellent target for DOS attack.
    Wednesday, February 17, 2010 6:59 PM
  • I am seeing this same issue, can you help me?

    I did not see a resolution in this thread.

    Jim
    Wednesday, March 03, 2010 6:03 PM
  • Hi All,

    I also faced same issue. I have tried the above steps but seems doesn't works. Still figuring up what cause my branch failed to join to HQ domain.


    Nik
    Wednesday, July 28, 2010 5:08 AM
  • Hy Guys

     

    Had been facing the same issue and tried all proposed solution in vain, and and Finally found that I had had the type the FQDN by respecting the Case

    Hope this work for other people to !

    Tks

     

    Sunday, November 21, 2010 4:09 AM
  • Hi CodeZika

    Do you have a resolution for this ? I have been struggling with this error and tried out all proposed solutions without success.

    I can ping NetBios & FQDN from my Win 7 client

    the nslookup returns results of FQDN, Port, Priority & IP address correctly

    Domain Controller is running and all firewall is open to access but while joining still getting 0x54b

    Please assist

    - Deva

     

     

     

    Friday, December 17, 2010 3:54 PM
  • I had the same issue and it was because of sysvol and netlogon folder were not shared in the network so I had to make them shared, follow these steps: you have to edit the registry as described in http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/0832a123-f65e-4f8a-8e7a-077892989354/ short and long in http://support.microsoft.com/kb/947022
    Monday, January 28, 2013 1:56 PM
  • It had same issue and it was because of the folder SYSVOL and NETLOGON weren't shared. For making them shared you can simply change this registry record as described on http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/0832a123-f65e-4f8a-8e7a-077892989354/ And http://support.microsoft.com/kb/947022 The registry value must be changed from 0 to 1 and if it is 1 you should change it to 0 and again change it back to 1. The following registry key must be changed: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\SysvolReady
    Monday, January 28, 2013 4:04 PM
  • Hi All,

    I faced the same issue.

    Reason: it was because of the folder SYSVOL and NETLOGON weren't shared.

    may be dynamic ports are blocked 49152 to 65535 from DC to ADC or vice-versa while Promoting New ADC Server, FRS Replication Happening to create Share Folders

    Solution: Do changes in Registry of Domain Controller

    http://support.microsoft.com/kb/947022

    1. Click Start, click Run, type regedit, and then click OK.
    2. Locate the following subkey in Registry Editor:
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
    3. In the details pane, right-click the SysvolReady flag, and then click Modify.
    4. In the Value data box, type 0, and then click OK.
    5. Again in the details pane, right-click the SysvolReady flag, and then click Modify.
    6. In the Value data box, type 1, and then click OK.

    Now, i am able to join new machines in join


    Kirpal Singh


    Friday, December 27, 2013 12:25 PM