Ldap – Server 2012 stopped accepting computers joining to our domain with error 53: the network path was not found

active-directorydomain-controllerldapwindows-server-2012

We have Windows Server 2012 R2 Standard as our DC. Several workstations were added to our domain successfully.

But then (I cannot determine what exactly could be a show-stopper) it stopped accepting new nodes joining the domain.

Nodes are different (OS also different: Win 10 Ent, Win 7 Pro, Debian Wheezy), but the problem is more or less the same: at some point of the procedure a workstation requests something on DC and gets "the network path was not found" error 53 (0x35).

I tried dcdiag, dnslint, PortQry for diagnostics. They do not find a problem (I can supply their reports). Switching firewalls and antivirus software off both on server and workstation does not help. The ms-DS-MachineAccountQuota parameter is extended to 255. LDAP is accessible. DNS records were checked many times (though maybe I miss something important there). I also receive the same error 53 if I try to address some shared domain resource from outside, even if I supply valid credentials.

NetworkProvider\Order key is correct. DNS and WINS server addresses are properly assigned on both server and workstations (IPv4 of the server). NetBIOS over TCP/IP enabled.

DC is not on the LAN but in a datacenter.

Any idea what happens?
Where to look further?

Below I supply excerpts from netsetup.log – first, of the workstation which successfully joined our domain some time ago. Then, an excerpt from netsetup.log of a node which fails to join it:

  1. success:
07/28/2015 14:08:17:791 NetpGetLsaPrimaryDomain: status: 0x0  
07/28/2015 14:08:17:791 NetpMachineValidToJoin: status: 0x0  
07/28/2015 14:08:17:791 NetpJoinDomain 
07/28/2015 14:08:17:791 HostName: Fontanka-win81
07/28/2015 14:08:17:791 NetbiosName: FONTANKA-WIN81
07/28/2015 14:08:17:791 Domain: OUR.DNS.DOMAIN
07/28/2015 14:08:17:791 MachineAccountOU: (NULL)
07/28/2015 14:08:17:791 Account: OUR_NETBIOS_DOMAIN\account
07/28/2015 14:08:17:791 Options: 0x23
07/28/2015 14:08:17:791 NetpLoadParameters: loading registry parameters...
07/28/2015 14:08:17:791 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
07/28/2015 14:08:17:791 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
07/28/2015 14:08:17:791 NetpLoadParameters: status: 0x2
07/28/2015 14:08:17:791 NetpValidateName: checking to see if 'OUR.DNS.DOMAIN' is valid as type 3 name
07/28/2015 14:08:17:791 NetpValidateName: OUR.DNS.DOMAIN' is not a valid NetBIOS domain name: 0x7b
07/28/2015 14:08:18:119 NetpCheckDomainNameIsValid [ Exists ] for 'OUR.DNS.DOMAIN' returned 0x0
07/28/2015 14:08:18:119 NetpValidateName: name 'OUR.DNS.DOMAIN' is valid for type 3
07/28/2015 14:08:18:119 NetpDsGetDcName: trying to find DC in domain 'OUR.DNS.DOMAIN', flags: 0x40001010
07/28/2015 14:08:18:728 NetpDsGetDcName: failed to find a DC having account 'FONTANKA-WIN81$': 0x525, last error is 0x0
07/28/2015 14:08:18:898 NetpLoadParameters: loading registry parameters...
07/28/2015 14:08:18:898 NetpLoadParameters: DNSNameResolutionRequired not found, defaulting to '1' 0x2
07/28/2015 14:08:18:898 NetpLoadParameters: DomainCompatibilityMode not found, defaulting to '0' 0x2
07/28/2015 14:08:18:898 NetpLoadParameters: status: 0x2
07/28/2015 14:08:19:030 NetpDsGetDcName: status of verifying DNS A record name resolution for 'dc.in.our.domain': 0x0
07/28/2015 14:08:19:030 NetpDsGetDcName: found DC '\\dc.in.our.domain' in the specified domain
07/28/2015 14:08:19:030 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
07/28/2015 14:08:19:030 NetpDisableIDNEncoding: using FQDN our.dns.domain from dcinfo
07/28/2015 14:08:19:033 NetpDisableIDNEncoding: DnsDisableIdnEncoding(UNTILREBOOT) on 'our.dns.domain' succeeded
07/28/2015 14:08:19:034 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0
07/28/2015 14:08:24:013 NetpJoinDomainOnDs: status of connecting to dc '\\dc.in.our.domain': 0x0
07/28/2015 14:08:24:013 NetpGetDnsHostName: PrimaryDnsSuffix defaulted to DNS domain name: our.dns.domain
07/28/2015 14:08:24:201 NetpProvisionComputerAccount:
07/28/2015 14:08:24:201 lpDomain: OUR.DNS.DOMAIN
07/28/2015 14:08:24:201 lpHostName: Fontanka-win81
07/28/2015 14:08:24:201 lpMachineAccountOU: (NULL)
07/28/2015 14:08:24:201 lpDcName: dc.in.our.domain
07/28/2015 14:08:24:201 lpMachinePassword: (null)
07/28/2015 14:08:24:201 lpAccount: OUR_NETBIOS_DOMAIN\account
07/28/2015 14:08:24:201 lpPassword: (non-null)
07/28/2015 14:08:24:201 dwJoinOptions: 0x23
07/28/2015 14:08:24:201 dwOptions: 0x40000003
07/28/2015 14:08:24:904 NetpLdapBind: Verified minimum encryption strength on dc.in.our.domain: 0x0
..........
  1. failure:
04/20/2016 20:44:37:251 NetpDoDomainJoin
04/20/2016 20:44:37:251 NetpDoDomainJoin: using current computer names
04/20/2016 20:44:37:251 NetpDoDomainJoin: NetpGetComputerNameEx(NetBios) returned 0x0
04/20/2016 20:44:37:251 NetpDoDomainJoin: NetpGetComputerNameEx(DnsHostName) returned 0x0
04/20/2016 20:44:37:311 NetpMachineValidToJoin: 'ARMIDE'
04/20/2016 20:44:37:350 NetpMachineValidToJoin: status: 0x0
04/20/2016 20:44:37:365 NetpJoinDomain
04/20/2016 20:44:37:365 HostName: ARMIDE
04/20/2016 20:44:37:365 NetbiosName: ARMIDE
04/20/2016 20:44:37:365 Domain: OUR.DNS.DOMAIN
04/20/2016 20:44:37:365 MachineAccountOU: (NULL)
04/20/2016 20:44:37:365 Account: OUR.DNS.DOMAIN\account
04/20/2016 20:44:37:365 Options: 0x23
04/20/2016 20:44:37:432 NetpValidateName: checking to see if 'OUR.DNS.DOMAIN' is valid as type 3 name
04/20/2016 20:44:37:432 NetpValidateName: 'OUR.DNS.DOMAIN' is not a valid NetBIOS domain name: 0x7b
04/20/2016 20:44:37:713 NetpCheckDomainNameIsValid [ Exists ] for 'OUR.DNS.DOMAIN' returned 0x0
04/20/2016 20:44:37:713 NetpValidateName: name 'OUR.DNS.DOMAIN' is valid for type 3
04/20/2016 20:44:37:713 NetpDsGetDcName: trying to find DC in domain 'OUR.DNS.DOMAIN', flags: 0x40001010
04/20/2016 20:44:38:313 NetpDsGetDcName: failed to find a DC having account 'ARMIDE$': 0x525, last error is 0x0
04/20/2016 20:44:38:475 NetpDsGetDcName: status of verifying DNS A record name resolution for 'dc.in.our.domain': 0x0
04/20/2016 20:44:38:475 NetpDsGetDcName: found DC '\\dc.in.our.domain' in the specified domain
04/20/2016 20:44:38:475 NetpJoinDomainOnDs: NetpDsGetDcName returned: 0x0
04/20/2016 20:44:38:475 NetpDisableIDNEncoding: using FQDN our.dns.domain from dcinfo
04/20/2016 20:44:38:546 NetpDisableIDNEncoding: DnsDisableIdnEncoding(UNTILREBOOT) on 'our.dns.domain' succeeded
04/20/2016 20:44:38:546 NetpJoinDomainOnDs: NetpDisableIDNEncoding returned: 0x0
04/20/2016 20:45:43:580 NetUseAdd to \\dc.in.our.domain\IPC$ returned 53
04/20/2016 20:45:43:580 NetpJoinDomainOnDs: status of connecting to dc '\\dc.in.our.domain': 0x35
04/20/2016 20:45:43:580 NetpJoinDomainOnDs: Function exits with status of: 0x35
04/20/2016 20:45:43:582 NetpResetIDNEncoding: DnsDisableIdnEncoding(RESETALL) on 'our.dns.domain' returned 0x0
04/20/2016 20:45:43:587 NetpJoinDomainOnDs: NetpResetIDNEncoding on 'our.dns.domain': 0x0
04/20/2016 20:45:43:587 NetpDoDomainJoin: status: 0x35

Note that in the success log IPC$ was not requested at all.

Best Answer

You can also check:

  • Anti-Virus "End point security" which may hinder traffic to the IPC$ share (try removing this on a client machine you like to join)

  • Ensure your DC is not multi-homed (e.g. make sure only one NIC, and one NIC only, is connected/active/live)

HTH.

Related Topic