Can't join machines to domain

by Danny Beckett   Last Updated June 12, 2017 01:00 AM

I've installed Windows Server 2016 Datacenter on a physical machine called LOKI. It is allocated the static IP 192.168.1.77 by the router. It is also set manually in TCP/IPv4 on the NIC. The gateway is set to 192.168.1.1 (the router). The Primary DNS Server is set to 127.0.0.1. The Secondary DNS Server is blank. When adding the Active Directory Domain Services, and DNS roles - I chose to create a new forest: acme.com (I'm using this as the example, but it is actually set to a valid domain that I own). The NetBIOS domain name was set to ACME.

I've tried joining a physical server (BALDER) to the domain, as well as VM's running on BALDER. I have BALDER's Primary DNS Server in TCP/IPv4 set to 192.168.1.77. It has a static IP assigned by the router of 192.168.1.75. I've also tried setting it manually in TCP/IPv4 with a gateway of 192.168.1.1.

When joining the domain, I'm using the full domain, with the TLD: acme.com.

Occasionally I'm prompted for credentials. Upon entering them, I get:

---------------------------
Computer Name/Domain Changes
---------------------------
The following error occurred attempting to join the domain "acme.com":

The specified domain either does not exist or could not be contacted.
---------------------------
OK   
---------------------------

I've tried the following users:

  • acme\administrator
  • acme.com\administrator
  • acme\db
  • acme.com\db

(where db is an Enterprise Admin)

...but most of the time I immediately get this error message, before being prompted for credentials:

Note: This information is intended for a network administrator.  If you are not your network's administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.

The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "acme.com":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for _ldap._tcp.dc._msdcs.acme.com

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

192.168.1.77

- One or more of the following zones do not include delegation to its child zone:

acme.com
com
. (the root zone)

I've ran dcdiag /fix on LOKI. All tests pass.

I've ran the following:

nslookup
set type=all
_ldap._tcp.dc._msdcs.acme.com

On LOKI I get:

Server:  UnKnown
Address:  ::1

_ldap._tcp.dc._msdcs.acme.com   SRV service location:
          priority       = 0
          weight         = 100
          port           = 389
          svr hostname   = LOKI.acme.com
LOKI.acme.com   internet address = 192.168.1.77
LOKI.acme.com   AAAA IPv6 address = 2a02:c7d:894d:6d00:8dce:ebee:6510:b61c
LOKI.acme.com   AAAA IPv6 address = fdc6:f573:1ff9:0:8dce:ebee:6510:b61c

On BALDER I get:

Server:  UnKnown
Address:  fdc6:f573:1ff9:0:7250:afff:fe35:beec

*** UnKnown can't find _ldap._tcp.dc._msdcs.acme.com: Non-existent domain

I've tried running this on LOKI, which completes succesfully:

dcdiag /test:registerindns /dnsdomain:acme.com /v

I've also restarted the DNS server, and restarted the NetLogon service.

I've tried running ipconfig /flushdns on both LOKI and BALDER.

What is preventing me from joining any machines to the domain?



Related Questions






Connecting to a DC with duplicate IP addresses

Updated March 06, 2018 16:00 PM