No domain controller can be contacted when domain joining a server

domain-name-system active-directory windows-server-2012-r2 windows-server-2012 domain-controller
5,224

If you don't see it when you open %systemroot% but you do when you open \domain.x then \domain.x is probably showing the folder from another DC. That leads me to believe you might have a problem with DFS Replication.https://social.technet.microsoft.com/Forums/en-US/58b8cdc3-a990-46c7-a70e-a51fd6965537/sysvol-and-netlogon-shares-missing-from-new-domain-controllers-using-dfrs

You can verify DFS Replication is being used by running dfsrmig.exe /getglobalstate. If it is installed on the FSMO role master but not the new domain controller, you will should install it on the new domain controller so DFS Replication can run between the two DCs. You should restart the new DC once you install DFS.https://social.technet.microsoft.com/Forums/en-US/58b8cdc3-a990-46c7-a70e-a51fd6965537/sysvol-and-netlogon-shares-missing-from-new-domain-controllers-using-dfrs

After you do that you should perform a replication between the new DC and the original DC. To do that you need to go to Active Directory Sites and Services, expand all objects in the left part of the window, find the server you want to replicate to, go to NTDS Settings, select the server you want to replicate from, and select Replicate Now.https://technet.microsoft.com/en-us/library/cc816926(v=ws.10).aspx

If you find the SYSVOL folder on the new DC but do not see anything in the SYSVOL folder on the new DC, then you can try running wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="YOURGUID" call ResumeReplication to resume replication.https://social.technet.microsoft.com/Forums/en-US/58b8cdc3-a990-46c7-a70e-a51fd6965537/sysvol-and-netlogon-shares-missing-from-new-domain-controllers-using-dfrs

Let me know if this fixes things.

Share:
5,224

Related videos on Youtube

Gijs
Author by

Gijs

Updated on September 18, 2022

Comments

  • Gijs
    Gijs over 1 year

    I know there are several posts regarding the following issue but non of them have solved the issue for me.

    Let me explain the situation:

    We have a customer that want's to migrate from an old datacenter to ours. So we created a site to site connection between them and i tried to dcpromo a server on our side today. The domain functional level is Windows server 2012 and the domain controller is a Windows server 2012 datacenter server on the old side. The servers on our side are Windows server 2012 R2 servers.

    So i preformed the dcpromo without any problems, everything (DNS, users and computers, etc) was replicated to the new domain controller. Now I try to domain join one of our new servers (also Windows 2012 R2) but I receive the following error:

    DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "domain.X":

    The query was for the SRV record for _ldap._tcp.dc._msdcs.domain.X

    The following domain controllers were identified by the query: ad.domain.X dc01.domain.X dc02.domain.X

    However no domain controllers could be contacted.

    Common causes of this error include:

    • Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

    • Domain controllers registered in DNS are not connected to the network or are not running.

    ad.domain.X is the domain controller in the old datacenter, dc01 and dc02 are new and in the new datacenter.

    In the netSetup logfile on the server that needs to be domain joined, I find the following error when I try to domain join.

    NetpValidateName: checking to see if 'domain.X' is valid as type 3 name
NetpCheckDomainNameIsValid for domain.X returned 0x54b, last error is 0x0
NetpCheckDomainNameIsValid [ Exists ] for 'domain.X' returned 0x54b

    On the domain controller I also cannot find any odd events in the eventviewer and all the DNS records seem to be there (A records, SRV, ldap).

    The server i'm trying to join to the domain is also in the same subnet as the new domain controllers so there is no firewall betweem them. Regarding the Site to site connection between the datacenters. We created an (temporary) any any rule between in both ways the domain controllers to rule out port blocking issues.

    Ping to the domain controllers and nslookup is also not a problem. Telnet to port 389 is also possible. So the domain controllers are fully reachable for the other servers.

    These are some ipconfig /all results

    One of the problematic domain controllers in the new datacenter. 172.70.0.20 is the domain controller in the old datacenter.

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : dc01    
Primary Dns Suffix  . . . . . . . : domain.X    
Node Type . . . . . . . . . . . . : Hybrid   
IP Routing Enabled. . . . . . . . : No    
WINS Proxy Enabled. . . . . . . . : No    
DNS Suffix Search List. . . . . . : domain.X

    Ethernet adapter Ethernet:

    Connection-specific DNS Suffix  . :    
DHCP Enabled. . . . . . . . . . . : No 
Autoconfiguration Enabled . . . . : Yes    
IPv4 Address. . . . . . . . . . . : 10.4.88.1(Preferred)    
Subnet Mask . . . . . . . . . . . : 255.255.255.224    
Default Gateway . . . . . . . . . : 10.4.88.30    
DNS Servers . . . . . . . . . . . : 10.4.88.1
                                    172.70.0.20
                                    127.0.0.1    
NetBIOS over Tcpip. . . . . . . . : Enabled

    The following IP config is from one of the servers that cannot join to the domain. This server is in the same vlan as the problematic domain controllers so there are no ports blocked betweem them.

    Windows IP Configuration

    Host Name . . . . . . . . . . . . : server1
Primary Dns Suffix  . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

    Ethernet adapter Ethernet:

    Connection-specific DNS Suffix  . :
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.4.88.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.224
Default Gateway . . . . . . . . . : 10.4.88.30
DNS Servers . . . . . . . . . . . : 10.4.88.1
                                      10.4.88.2 
NetBIOS over Tcpip. . . . . . . . : Enabled

    Does anyone have an idea what we're doing wrong here?

    Kind regards,

    Gijs

    • Admin
      Admin over 6 years
      Hi, well wrote question. Can I ask what is 10.4.88.2 that the server1 point to in its DNS ?
    • Admin
      Admin over 6 years
      @yagmoth555, 10.4.88.2 is dc02, another new domain controller in the new datacenter. With the same issues as 10.4.88.1.
    • Admin
      Admin over 6 years
      can you validate that the netlogon share exist on your new DCs and is replicated ? (with the sysvol)
    • Admin
      Admin over 6 years
      @yagmoth555, on the following location the SYSVOL and SCRIPTS folders are present and accessible \\domain.X\sysvol\domain.X But on the domain controller itself the following folder is not present: %systemroot%\SYSVOL\sysvol\domain.X\SCRIPTS. Also on the domain controller, the following folder is present: %systemroot%\SYSVOL\sysvol\ but the domain.X folder is empty.
    • Admin
      Admin over 6 years
      @yagmoth555, I also performed the following test 'dcdiag /test:netlogons ', this gave the following error: Doing initial required tests Testing server: New-DC\DC01 Starting test: Connectivity ......................... DC01 passed test Connectivity Doing primary tests Testing server: New-DC\DC01 Starting test: NetLogons Unable to connect to the NETLOGON share! (\\DC01\netlogon) [DC01] An net use or LsaPolicy operation failed with error 67, The network name cannot be found.. .................. DC01 failed test NetLogons
    • Admin
      Admin over 6 years
      @Appleoddity, I did a dcpromo on DC01 and DC02 by connecting them to the old AD.domain.x in the old datacenter. This worked for both because we opened the firewall between the 2 datacenter for those 2 IP's. When I try to domain join server1, whith DC01 as (only) DNS or DC02 as (only) DNS server, I have the same problem. The dcdiag was ran from dc01
    • Admin
      Admin over 6 years
      On the server you cannot join to the domain if you open nslookup what is the IP address it connects to? I ask because a had a similar issue and the answer will tell me if it might be the same thing or not.
    • Admin
      Admin over 6 years
      @user5870571, When I perform a nslookup on server1 to my domain i receive the following info: C:\Windows\system32>nslookup domain.X Server: UnKnown Address: 10.4.88.1 Name: domain.X Addresses: 2002:ac46:14::ac46:14 10.4.88.2 10.4.88.1 172.70.0.20
    • Admin
      Admin over 6 years
      On the server you cannot join to the domain try disabling IPv6, running 'ipconfig /flushdns', then run 'ipconfig /registerdns', then join the server to the domain.
    • Admin
      Admin over 6 years
      @user5870571, still the same error. I think we're on to something when we found that the sysvol and netlog folder weren't present in the %systemroot%sysvol\domain.x. The domain.X folder is empty while it should be populated with Scripts and Policies. When I browse to \\domain.X\sysvol\domain.X, the scripts and policies folder is present. Also, when I run the 'net share' command on the 2 problematic domain controllers, i cannot find my sysvol and netlogon folder in the list of shared folders.
    • Admin
      Admin over 6 years
      Yeah if you don't see it when you open %systemroot% but you do when you open \\domain.x then \\domain.x is probably showing the folder from another DC.
    • Admin
      Admin over 6 years
      @user5870571, correct. Then i'll open the folder from the primary domain controller ad.domain.X. Shouldn't the share be available on every domain controller?
    • Admin
      Admin over 6 years
      Yes it should. Have looked at this social.technet.microsoft.com/Forums/en-US/… ?
    • Admin
      Admin over 6 years
      @user5870571, I ran the wmi command on dc01 'wmic /namespace:\\root\microsoftdfs path dfsrVolumeConfig where volumeGuid="guid" call ResumeReplication' buth this didn't start the replication. My DFS replication health report states the following 'This member is waiting for initial replication for replicated folder SYSVOL Share.' so there's definitely something wrong with the replication. I'm looking at the 1206 event that's showing frequent. It says 'The DFS Replication service successfully contacted dc dc01.domain.X to access configuration information.' Shouldn't this be ad.domain.x?
    • Admin
      Admin over 6 years
      @user5870571, I restarted the dfs replication service on the primary domain controller and saw the 2213 events comming in again. So i ran the command on the primary dc, i forgot this before. The solution you provided worked so i'll be happy to accept it as the correct answer

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to have your DNS servers forward queries for internet names
Adding client computers to an active directory domain controller
Must the root domain name be registered when creating a new forest in Active Directory?
Server 2012 R2 Active Directory Domain SRV dns records suddenly disappeared
Secondary domain controller not functioning when primary domain controller is not reachable
Windows Server 2012 AD DC/DNS/DHCP in single server
Can't connect to domain controller
Cannot connect Windows 7 machine to windows 2003 domain
AD FS and DC on same Server
What's the upgrade path for ADFS 2.1 to 3.0 (Server 2012 to 2012 R2)