Adding a second tree domain to AD forest (2012 R2)
So, it turns out that my domain controller was using itself as the DNS. The domain controller was a DNS for the local network, which is why the second server was able to access it using the forest domain. The domain controller was trying to resolve the requesting host using a its own table, which didn't contain the host for the second server. Changing the DNS back to our network DNS was all I had to do.
Related videos on Youtube
AaronF
Updated on September 18, 2022Comments
-
AaronF over 1 year
I set up an AD forest with a DNS server. I tried adding a second server as a second tree domain to the forest.
First, the error I'm getting is "Could not log onto the domain with the specified credential. Supply a valid credential and try again.
The second server can ping the forest's domain without a problem. The first server can ping the second server's IP. So, it doesn't appear to be a DNS issue. I've tried every permutation of the following configuration setting when setting up the second server:
Domain type: Tree Domain
Forest Name: Fully qualified (domain.com) and root (domain)
New Domain name: domain2.com
Credential: domain\Administrator and domain.com\Administrator and firstMachineName\Administrator
(There is only one account on the first machine, which is the administrator account I used in creating the forest.)
I'm wondering if anyone has experienced similar issues and what they did to overcome them? Or any links to other places where the question has been answered.
I've seen a number of suggestions on the matter, none of which seem to work.
-
Greg Askew almost 8 years
The first server can ping the second server's IP. So, it doesn't appear to be a DNS issue
. How does pinging an IP address validate DNS? You may want to try a simpler test, such as joining the second computer to the existing domain to see if that works. -
AaronF over 7 yearsSo, the second machine can ping the active directory domain, but can't join the domain. It says the domain controller could not be contacted. It also says the DNS was successfully queried for the service resource record, and lists the domain controller as one of those identified. How can it see the domain controller, ping it, and not be able to contact it? It suggests looking into A or AAAA records...
-
Greg Askew over 7 yearsPing doesn't validate much. You need to use PortQueryUI to determine what network issues may exist. microsoft.com/en-us/download/details.aspx?id=24009
-