Announcement

Collapse
No announcement yet.

Can't Join Server 2008 Domain

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can't Join Server 2008 Domain

    I'm trying to join a windows 7 laptop client to a server 2008 domain and having a hell of a hard time. I also have windows 7 virtual machine that gives me the same error message.

    I've done quite a bit of research on this and I know it's dns related, but I can't find any issues with the DNS server. I'm new to this and training for certification so any help would be tremendously appreciated!

    Okay here's what I have so far:

    I have setup all ports required for a client to join a domain on my router just in case that was the problem.

    I have active directory and dns services installed. I have the client set to dhcp for ip and static dns addresses of my servers, which are 192.168.1.201 and 192.168.1.202.

    The client config is:
    ip add:192.168.1.207
    mask:255.255.255.0
    dns: 192.168.1.201
    192.168.1.202

    Here's the server config:
    Ethernet adapter Local Area Connection:

    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
    Physical Address. . . . . . . . . : 00-0C-29-32-EE-3B
    DHCP Enabled. . . . . . . . . . . : No
    Autoconfiguration Enabled . . . . : Yes
    IPv4 Address. . . . . . . . . . . : 192.168.1.201(Preferred)
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.1.1
    DNS Servers . . . . . . . . . . . : 192.168.1.201
    192.168.1.202

    I can ping both of the servers by ip and hostname. When I try to join the error message is:

    The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "globomantics.local":

    The error was: "This operation returned because the timeout period expired."
    (error code 0x000005B4 ERROR_TIMEOUT)

    The query was for the SRV record for _ldap._tcp.dc._msdcs.globomantics.local

    The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses:

    192.168.1.201
    192.168.1.202

    I also ran dcdiag /test:dns

    Directory Server Diagnosis

    Performing initial setup:
    Trying to find home server...
    Home Server = NY-DC1-2K8
    * Identified AD Forest.
    Done gathering initial info.

    Doing initial required tests

    Testing server: Default-First-Site-Name\NY-DC1-2K8
    Starting test: Connectivity
    ......................... NY-DC1-2K8 passed test Connectivity

    Doing primary tests

    Testing server: Default-First-Site-Name\NY-DC1-2K8

    Starting test: DNS

    DNS Tests are running and not hung. Please wait a few minutes...
    ......................... NY-DC1-2K8 passed test DNS

    Running partition tests on : ForestDnsZones

    Running partition tests on : DomainDnsZones

    Running partition tests on : Schema

    Running partition tests on : Configuration

    Running partition tests on : globomantics

    Running enterprise tests on : globomantics.local
    Starting test: DNS
    ......................... globomantics.local passed test DNS

    When I run nslookup from the client:

    DNS request timed out.
    timeout was 2 seconds
    Server: Unknown
    Address: 192.168.1.201

    If I do a simple or recursive query there's no issue. I'm going crazy trying to find something that could be causing this.

  • #2
    Re: Can't Join Server 2008 Domain

    I just got done setting another server 2008 virtual machine, which had no problem joining the domain so there has to be something unique about the other 2 that's preventing them from working.

    They're in the same address space. Please guys I would appreciate any ideas.
    Thanks!

    Comment


    • #3
      Re: Can't Join Server 2008 Domain

      Perhaps this info could help. I ran an nslookup globomantics.local one each machine and this is the results:

      Okay for the client:

      DNS request timed out.
      timeout was 2 seconds.
      Server: UnKnown
      Address: 192.168.1.201

      DNS request timed out.
      timeout was 2 seconds.
      DNS request timed out.
      timeout was 2 seconds.
      DNS request timed out.
      timeout was 2 seconds.
      DNS request timed out.
      timeout was 2 seconds.
      *** Request to UnKnown timed-out


      From the server:

      DNS request timed out.
      timeout was 2 seconds.
      Server: UnKnown
      Address: 192.168.1.201

      Name: globomantics.local
      Addresses: 192.168.1.202
      192.168.1.201

      Comment


      • #4
        Re: Can't Join Server 2008 Domain

        Your NSLOOKUP issue should be resolved by setting up a reverse lookup zone.

        Get that working first then we can get on to the next issue.

        Comment


        • #5
          Re: Can't Join Server 2008 Domain

          Originally posted by wullieb1 View Post
          Your NSLOOKUP issue should be resolved by setting up a reverse lookup zone.

          Get that working first then we can get on to the next issue.
          I really want to thank you for giving me something to work with!!! So here's what we have after setting up the reverse lookup zone:

          Server: ny-dc1-2k8
          Address: 192.168.1.201

          Name: globomantics.local
          Addresses: 192.168.1.201
          192.168.1.202

          Nothing changes for the client.

          So where to from here?

          Comment


          • #6
            Re: Can't Join Server 2008 Domain

            Originally posted by wullieb1 View Post
            Your NSLOOKUP issue should be resolved by setting up a reverse lookup zone.

            Get that working first then we can get on to the next issue.
            Maybe something's not right after I created it. I created it at the forest level since I do have one setup and I created a new ptr record for NY-DC1, which is the primary DNS server.

            Now I lost internet access and my clients that used to be able to ping the server can't do it anymore.

            Comment


            • #7
              Re: Can't Join Server 2008 Domain

              @sgee34: While it might be best practice to have a functional reverse lookup zone it has no bearing whatsoever on joining the domain or communicating with the domain controllers. The error you get when running nslookup simply means that nslookup could not find the PTR record for the ip address (of the DNS server configured in the DNS client) in the reverse lookup zone or that there is no reverse lookup zone. It's a perfectly acceptable error to get if you don't have a rDNS zone setup and as I said... it has NO bearing on domain communication. If you're chasing your rDNS zone issue then you're chasing a wild goose or a red herring.

              Comment


              • #8
                Re: Can't Join Server 2008 Domain

                Originally posted by joeqwerty View Post
                @sgee34: While it might be best practice to have a functional reverse lookup zone it has no bearing whatsoever on joining the domain or communicating with the domain controllers. The error you get when running nslookup simply means that nslookup could not find the PTR record for the ip address (of the DNS server configured in the DNS client) in the reverse lookup zone or that there is no reverse lookup zone. It's a perfectly acceptable error to get if you don't have a rDNS zone setup and as I said... it has NO bearing on domain communication. If you're chasing your rDNS zone issue then you're chasing a wild goose or a red herring.
                Thank you for the tip. Do you know of any reasons as to why it would timeout when trying to communicate with the server? I have 3 clients and 2 of them are virtual machines. Out of all of these only one was able to join the domain. If it was firewall or port issue then I wouldn't have been able to get even one of them to join. Any ideas?

                Comment


                • #9
                  Re: Can't Join Server 2008 Domain

                  What are you using for the VM hypervisor?
                  If it's a desktop based setup, such as VMWare Workstation or Virtualbox, make sure you have set your network adapter to bridged. By default they will set it to NAT, which will cause failures like this.

                  Comment


                  • #10
                    Re: Can't Join Server 2008 Domain

                    Originally posted by ConradJ View Post
                    What are you using for the VM hypervisor?
                    If it's a desktop based setup, such as VMWare Workstation or Virtualbox, make sure you have set your network adapter to bridged. By default they will set it to NAT, which will cause failures like this.

                    I'm using vmware and I do have it set to bridged, which is probably why I can ping. After getting 2 other virtual machines to join I'm convinced there is something blocking dns traffic with the other 2 machines. What that could be I have no idea..I've tried quite a few things.

                    Comment


                    • #11
                      Re: Can't Join Server 2008 Domain

                      Yeah sorry i should have said that it would have no effect on the actual domain join.

                      Are the 2 machines that you are having issues with setup different from any other machine??

                      Is the DNS suffix correct??

                      When you join the domain do you use the netbios name or the dns name and does it work if you use the dns name??

                      Are your clients using DHCP or have you set them as static??

                      Can you please post an ipconfig /all from the client and one from the server.

                      Comment


                      • #12
                        Re: Can't Join Server 2008 Domain

                        One of my students (I'm a college instructor) had the same issue repeatedly, where his machines would not pass DNS packets. He was using Virtualbox. We switched him to VMWare Workstation and it magically worked.
                        Not helpful, but you're not the only one with weird issues like this!
                        Hope you get it resolved soon, if I think of anything I'll be sure to post.

                        Comment


                        • #13
                          Re: Can't Join Server 2008 Domain

                          Originally posted by ConradJ View Post
                          One of my students (I'm a college instructor) had the same issue repeatedly, where his machines would not pass DNS packets. He was using Virtualbox. We switched him to VMWare Workstation and it magically worked.
                          Not helpful, but you're not the only one with weird issues like this!
                          Hope you get it resolved soon, if I think of anything I'll be sure to post.
                          Again thanks for your assistance. You might have a point about vm software because one of my vm machines is a Parallels so I bet that if I migrate it to VMware it'll work. However I do have a laptop as well that won't pass those packets.

                          It's really strange...I have no idea how those could be blocked in the first place.

                          Comment


                          • #14
                            Re: Can't Join Server 2008 Domain

                            Originally posted by wullieb1 View Post
                            Yeah sorry i should have said that it would have no effect on the actual domain join.

                            Are the 2 machines that you are having issues with setup different from any other machine??

                            The only difference is they use dhcp, but I tried it with static. It didn't make any difference.

                            Is the DNS suffix correct??

                            When you join the domain do you use the netbios name or the dns name and does it work if you use the dns name??

                            Are your clients using DHCP or have you set them as static??

                            Can you please post an ipconfig /all from the client and one from the server.

                            From the server:

                            Windows IP Configuration

                            Host Name . . . . . . . . . . . . : NY-DC1-2K8
                            Primary Dns Suffix . . . . . . . : globomantics.local
                            Node Type . . . . . . . . . . . . : Hybrid
                            IP Routing Enabled. . . . . . . . : No
                            WINS Proxy Enabled. . . . . . . . : No
                            DNS Suffix Search List. . . . . . : globomantics.local

                            Ethernet adapter Local Area Connection:

                            Connection-specific DNS Suffix . :
                            Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
                            Physical Address. . . . . . . . . : 00-0C-29-C4-20-97
                            DHCP Enabled. . . . . . . . . . . : No
                            Autoconfiguration Enabled . . . . : Yes
                            IPv4 Address. . . . . . . . . . . : 192.168.1.201(Preferred)
                            Subnet Mask . . . . . . . . . . . : 255.255.255.0
                            Default Gateway . . . . . . . . . : 192.168.1.1
                            DNS Servers . . . . . . . . . . . : 192.168.1.201
                            NetBIOS over Tcpip. . . . . . . . : Enabled

                            Tunnel adapter isatap.{EDF43A0F-BB8B-4B94-8C02-0CC28A3739BC}:

                            Media State . . . . . . . . . . . : Media disconnected
                            Connection-specific DNS Suffix . :
                            Description . . . . . . . . . . . : Microsoft ISATAP Adapter
                            Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
                            DHCP Enabled. . . . . . . . . . . : No
                            Autoconfiguration Enabled . . . . : Yes

                            Tunnel adapter Local Area Connection* 11:

                            Media State . . . . . . . . . . . : Media disconnected
                            Connection-specific DNS Suffix . :
                            Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
                            Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
                            DHCP Enabled. . . . . . . . . . . : No
                            Autoconfiguration Enabled . . . . : Yes


                            From the client:

                            Windows IP Configuration

                            Host Name . . . . . . . . . . . . : NY-CLI1-Win7
                            Primary Dns Suffix . . . . . . . :
                            Node Type . . . . . . . . . . . . : Hybrid
                            IP Routing Enabled. . . . . . . . : No
                            WINS Proxy Enabled. . . . . . . . : No

                            Ethernet adapter Local Area Connection:

                            Connection-specific DNS Suffix . :
                            Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection
                            Physical Address. . . . . . . . . : 00-1C-42-56-13-CE
                            DHCP Enabled. . . . . . . . . . . : No
                            Autoconfiguration Enabled . . . . : Yes
                            IPv4 Address. . . . . . . . . . . : 192.168.1.204(Preferred)
                            Subnet Mask . . . . . . . . . . . : 255.255.255.0
                            Default Gateway . . . . . . . . . : 192.168.1.1
                            DNS Servers . . . . . . . . . . . : 192.168.1.201
                            192.168.1.202
                            NetBIOS over Tcpip. . . . . . . . : Enabled

                            Tunnel adapter isatap.{45AAFA78-8C28-4980-8E82-9E99952BD48A}:

                            Media State . . . . . . . . . . . : Media disconnected
                            Connection-specific DNS Suffix . :
                            Description . . . . . . . . . . . : Microsoft ISATAP Adapter
                            Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
                            DHCP Enabled. . . . . . . . . . . : No
                            Autoconfiguration Enabled . . . . : Yes

                            Tunnel adapter Local Area Connection* 9:

                            Media State . . . . . . . . . . . : Media disconnected
                            Connection-specific DNS Suffix . :
                            Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
                            Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
                            DHCP Enabled. . . . . . . . . . . : No
                            Autoconfiguration Enabled . . . . : Yes

                            Comment


                            • #15
                              Re: Can't Join Server 2008 Domain

                              On your client try adding your DNS suffix to the NIC.

                              Again does it work as expected when you try and join the domain with the FQDN rather than the NetBIOS name??

                              Comment

                              Working...
                              X