We have Windows Server 2012 R2 Standard as our DC. Several workstations were added to our domain successfully.
But then (I cannot determine what exactly could be a show-stopper) it stopped accepting new nodes joining the domain.
Nodes are different (OS also different: Win 10 Ent, Win 7 Pro, Debian Wheezy), but the problem is more or less the same: at some point of the procedure a workstation requests something on DC and gets "the network path was not found" error 53 (0x35).
I tried dcdiag, dnslint, PortQry for diagnostics. They do not find a problem (I can supply their reports). Switching firewalls and antivirus software off both on server and workstation does not help. The ms-DS-MachineAccountQuota parameter is extended to 255. LDAP is accessible. DNS records were checked many times (though maybe I miss something important there). I also receive the same error 53 if I try to address some shared domain resource from outside, even if I supply valid credentials.
NetworkProvider\Order key is correct. DNS and WINS server addresses are properly assigned on both server and workstations (IPv4 of the server). NetBIOS over TCP/IP enabled.
DC is not on the LAN but in a datacenter.
Any idea what happens?
Where to look further?
Below I supply excerpts from netsetup.log – first, of the workstation which successfully joined our domain some time ago. Then, an excerpt from netsetup.log of a node which fails to join it:
- success:
07/28/2015 14:08:17:791 NetpGetLsaPrimaryDomain: status: 0x0 07/28/2015 14:08:17:791 NetpMachineValidToJoin: status: 0x0 07/28/2015 14:08:17:791 NetpJoinDomain 07/28/2015 14:08:17:791 HostName: Fontanka-win81 07/28/2015 14:08:17:791 NetbiosName: FONTANKA-WIN81 07/28/2015 14:08:17:791 Domain: OUR.DNS.DOMAIN 07/28/2015 14:08:17:791 MachineAccountOU: (NULL) 07/28/2015 14:08:17:791 Account: OUR_NETBIOS_DOMAIN\account 07/28/2015 14:08:17:791 Options: 0x23 07/28/2015 14:08:17:791 NetpLoadParameters: loading registry parameters... 07/28/2015 14:08:17:791 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2 07/28/2015 14:08:17:791 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2 07/28/2015 14:08:17:791 NetpLoadParameters: status: 0x2 07/28/2015 14:08:17:791 NetpValidateName: checking to see if 'OUR.DNS.DOMAIN' is valid as type 3 name 07/28/2015 14:08:17:791 NetpValidateName: OUR.DNS.DOMAIN' is not a valid NetBIOS domain name: 0x7b 07/28/2015 14:08:18:119 NetpCheckDomainNameIsValid [ Exists ] for 'OUR.DNS.DOMAIN' returned 0x0 07/28/2015 14:08:18:119 NetpValidateName: name 'OUR.DNS.DOMAIN' is valid for type 3 07/28/2015 14:08:18:119 NetpDsGetDcName: trying to find DC in domain 'OUR.DNS.DOMAIN', flags: 0x40001010 07/28/2015 14:08:18:728 NetpDsGetDcName: failed to find a DC having account 'FONTANKA-WIN81$': 0x525, last error is 0x0 07/28/2015 14:08:18:898 NetpLoadParameters: loading registry parameters... 07/28/2015 14:08:18:898 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2 07/28/2015 14:08:18:898 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2 07/28/2015 14:08:18:898 NetpLoadParameters: status: 0x2 07/28/2015 14:08:19:030 NetpDsGetDcName: status of verifying DNS A record name resolution for 'dc.in.our.domain': 0x0 07/28/2015 14:08:19:030 NetpDsGetDcName: found DC '\\dc.in.our.domain' in the specified domain 07/28/2015 14:08:19:030 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0 07/28/2015 14:08:19:030 NetpDisableIDNEncoding: using FQDN our.dns.domain from dcinfo 07/28/2015 14:08:19:033 NetpDisableIDNEncoding: DnsDisableIdnEncoding(UNTILREBOOT) on 'our.dns.domain' succeeded 07/28/2015 14:08:19:034 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0 07/28/2015 14:08:24:013 NetpJoinDomainOnDs: status of connecting to dc '\\dc.in.our.domain': 0x0 07/28/2015 14:08:24:013 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: our.dns.domain 07/28/2015 14:08:24:201 NetpProvisionComputerAccount: 07/28/2015 14:08:24:201 lpDomain: OUR.DNS.DOMAIN 07/28/2015 14:08:24:201 lpHostName: Fontanka-win81 07/28/2015 14:08:24:201 lpMachineAccountOU: (NULL) 07/28/2015 14:08:24:201 lpDcName: dc.in.our.domain 07/28/2015 14:08:24:201 lpMachinePassword: (null) 07/28/2015 14:08:24:201 lpAccount: OUR_NETBIOS_DOMAIN\account 07/28/2015 14:08:24:201 lpPassword: (non-null) 07/28/2015 14:08:24:201 dwJoinOptions: 0x23 07/28/2015 14:08:24:201 dwOptions: 0x40000003 07/28/2015 14:08:24:904 NetpLdapBind: Verified minimum encryption strength on dc.in.our.domain: 0x0 ..........
- failure:
04/20/2016 20:44:37:251 NetpDoDomainJoin 04/20/2016 20:44:37:251 NetpDoDomainJoin: using current computer names 04/20/2016 20:44:37:251 NetpDoDomainJoin: NetpGetComputerNameEx(NetBios) returned 0x0 04/20/2016 20:44:37:251 NetpDoDomainJoin: NetpGetComputerNameEx(DnsHostName) returned 0x0 04/20/2016 20:44:37:311 NetpMachineValidToJoin: 'ARMIDE' 04/20/2016 20:44:37:350 NetpMachineValidToJoin: status: 0x0 04/20/2016 20:44:37:365 NetpJoinDomain 04/20/2016 20:44:37:365 HostName: ARMIDE 04/20/2016 20:44:37:365 NetbiosName: ARMIDE 04/20/2016 20:44:37:365 Domain: OUR.DNS.DOMAIN 04/20/2016 20:44:37:365 MachineAccountOU: (NULL) 04/20/2016 20:44:37:365 Account: OUR.DNS.DOMAIN\account 04/20/2016 20:44:37:365 Options: 0x23 04/20/2016 20:44:37:432 NetpValidateName: checking to see if 'OUR.DNS.DOMAIN' is valid as type 3 name 04/20/2016 20:44:37:432 NetpValidateName: 'OUR.DNS.DOMAIN' is not a valid NetBIOS domain name: 0x7b 04/20/2016 20:44:37:713 NetpCheckDomainNameIsValid [ Exists ] for 'OUR.DNS.DOMAIN' returned 0x0 04/20/2016 20:44:37:713 NetpValidateName: name 'OUR.DNS.DOMAIN' is valid for type 3 04/20/2016 20:44:37:713 NetpDsGetDcName: trying to find DC in domain 'OUR.DNS.DOMAIN', flags: 0x40001010 04/20/2016 20:44:38:313 NetpDsGetDcName: failed to find a DC having account 'ARMIDE$': 0x525, last error is 0x0 04/20/2016 20:44:38:475 NetpDsGetDcName: status of verifying DNS A record name resolution for 'dc.in.our.domain': 0x0 04/20/2016 20:44:38:475 NetpDsGetDcName: found DC '\\dc.in.our.domain' in the specified domain 04/20/2016 20:44:38:475 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0 04/20/2016 20:44:38:475 NetpDisableIDNEncoding: using FQDN our.dns.domain from dcinfo 04/20/2016 20:44:38:546 NetpDisableIDNEncoding: DnsDisableIdnEncoding(UNTILREBOOT) on 'our.dns.domain' succeeded 04/20/2016 20:44:38:546 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0 04/20/2016 20:45:43:580 NetUseAdd to \\dc.in.our.domain\IPC$ returned 53 04/20/2016 20:45:43:580 NetpJoinDomainOnDs: status of connecting to dc '\\dc.in.our.domain': 0x35 04/20/2016 20:45:43:580 NetpJoinDomainOnDs: Function exits with status of: 0x35 04/20/2016 20:45:43:582 NetpResetIDNEncoding: DnsDisableIdnEncoding(RESETALL) on 'our.dns.domain' returned 0x0 04/20/2016 20:45:43:587 NetpJoinDomainOnDs: NetpResetIDNEncoding on 'our.dns.domain': 0x0 04/20/2016 20:45:43:587 NetpDoDomainJoin: status: 0x35
Note that in the success log IPC$ was not requested at all.
Best Answer
You can also check:
Anti-Virus "End point security" which may hinder traffic to the IPC$ share (try removing this on a client machine you like to join)
Ensure your DC is not multi-homed (e.g. make sure only one NIC, and one NIC only, is connected/active/live)
HTH.