Can not join Windows domain because of some kind of DNS problem

active-directorywindows-server-2008

I've tried adding the domain controller to the host file, and I've also tried basically every trick I know of to make this work, but I get nothing.

Why do I get this error message? And what is the underlying issue here?

More details

I've noticed than nslookup sometimes does fail when I enter the domain controllers name, typically I try…

nslookup [SERVER]
nslookup [SERVER].
nslookup [SERVER].[DOMAIN]
nslookup [SERVER].[DOMAIN].

…and typically only nslookup [SERVER].[DOMAIN]. returns a response, but sometimes not even that. I've tried configuring the DHCP server diffrently, eventually only supply a single DNS server to the client, which is the DC itself. That usually fixes the nslookup issue but it doesn't explain why I can't join the domain.

If I disable NetBIOS over TCP/IP I get security problems related to the domain controller not being found by it's WINS name, or something like that. Apparently this also relates to the way our domain controller is set up.

Our domain name in Windows Server is just a single "name", a colleague of mine says that it could be part of the problem. According to some docs he read it should be something like [DOMAIN].local, but it isn't, care to comment?

[DOMAIN] and [SERVER] are placeholders for domain name and domain controller name.

The domain name [DOMAIN] might be a
NetBIOS domain name. If this is the
case, verify that the domain name is
properly registered with WINS.

If you are certain that the name is
not a NetBIOS domain name, then the
following information can help you
troubleshoot your DNS configuration.

DNS was successfully queried for the
service location (SRV) resource record
used to locate a domain controller for
domain [DOMAIN]:

The query was for the SRV record for
_ldap._tcp.dc._msdcs.[DOMAIN]

The following domain controllers were
identified by the query:

[SERVER].[DOMAIN]

Common causes of this error include:

  • Host (A) records that map the name of the domain controller to its IP
    addresses are missing or contain
    incorrect addresses.

  • Domain controllers registered in DNS are not connected to the network or
    are not running.

For information about correcting this
problem, click Help.

Best Answer

Editing your Hosts file is a Bad Idea.

Your Domain Controller(s) are not registering with a DNS server correctly.

  1. Check the Domain Controllers IP settings, and ensure it's pointing at INTERNAL DNS servers (I guess in your case it'll be itself)

  2. Check the IP settings of the machine you are trying to join. If it's static, ensure it's pointing at INTERNAL DNS servers that the Domain Controller is pointed at

  3. Ensure that your DNS server is enabled and configured correctly

If all this fails, something more sinister is wrong. A dirty fix would be to manually add the A record to your DNS server for the relevant zone. It would be something like:

A
SERVER.DOMAIN.loc
10.0.0.5

Furthermore - have you used netdiag or dcdiag?

Related Topic