Adding Clients to a Server 2003 Domain

120 pts.
Tags:
Cisco Catalyst
Domain Controller
HP ProLiant DL380
HP ProLiant DL380 G3
Microsoft Windows Server 2003
Network Topology
Network troubleshooting
I have been struggling with this issue for several weeks now. We have a school network that I am trying to support. I was not there when it was installed and there was no real documentation left behind. !) Comcast is out provider and we have an ethernet cable going from the cable modem to the Linksys router. 2) we then have an ethernet cable going from the router to port # 4x on a Catalyst 1900 switch. 3) An ethernet cable then runs from port 22x on the Catalyst 1900 switch to port #24 on a Baystack 450-24T switch. 5) finally an ethernet cable runs from port #21 on the Baystack 450-24T switch to NIC #1 on the server which is a HP Proliant DL380 G3. When I try to add a client to the domain I get the message - "A domain controller for the domain huntingtoncatholic.local could not be contacted." Then further down - "The query was for the SRV record for _ldap._tcp.dc._msdcs.huntingtoncatholic.local" I have tried several things to get this fixed but continue to get the same message. Does anybody have any suggestions? Thank you!! Robert

Answer Wiki

Thanks. We'll let you know when a new response is added.

First make sure you can ping to your domain controller, and manually set your DNS IP address to the domain controller you are trying to contact. You can also try a static IP address.

As for your network, it sounds like there are too many switches in a daisy chain which may also cause machines to timeout when attempting to contact the domain controller. Try to reduce that and expand the bandwidth with trunk ports. You might want to look into stackable Cisco 3750s or Juniper EX series switches.

<b>June 2, 2009 – UPDATE</b>

For those that read about this issue we’ve been able to help Yankusbobicus resolve his issue. Here are the troubleshooting steps we took.

Reviewing Event Logs for DHCP & DNS Errors which revealed that his Server was using a Single Name for domain which is not recommended.
<b>Added DNS Suffix to resolve this error</b>

Ran dcdiag on Domain Controller which revealed the following:
<b>Testing server: Default-First-Site\HCSSERVER
Starting test: Connectivity
The host 9223748e-b7e1-40e5-9622-2282914a4da6._msdcs.HuntingtonCatholic
.local could not be resolved to an
IP address.</b>

At this point checked to see if DNS was Active Directory Integrated
<b>The answer to this was No</b>
Changed it from Primary to Active Directory Integrated and ran another dcdiag test. The result of this test was:
<b> Testing server: Default-First-Site\HCSSERVER
Starting test: Connectivity
……………………. HCSSERVER passed test Connectivity</b>

The Server DHCP, DNS and WINS services were all active and working however still had some DNS trouble therefore NO records were being generated for the clients.

Tried joining a client to the domain and received an Error that it could not find the domain.
As it stood there had been some residual information in some old events that led us to believe that 2 NICS were used at onetime therefore leading to someone changing Active Directory Integration to Primary and enabling ICS on the Server.

The Event ID was as follows:
Event ID 113
Source DNS

Type Information

Description The DNS server could not signal the service “NAT”. The error was 1168. There may be interoperability problems between the DNS service and this service.
Adrian Grigorof (Last update 4/4/2004):
From a newsgroup post: “Are you using ICS or NAT in RRAS? If it is ICS then disable ICS and use NAT in RRAS. If your are using NAT in RRAS then are you using the DNS proxy? If you have the DNS proxy enabled disable it.”

**This event has also been reported on DNS servers configured for Internet Connection Sharing (ICS). ICS installs its own DNS proxy service and that is in conflict with the DNS. ICS is not supposed to be used on servers that run DNS or DHCP

<b>Checked ICS on the Server and sure enough it was Enabled and Running. Shutdown ICS Service and configured to DISABLE. Read paragraph above.</b>

Once all the above was done DHCP, DNS and WINS was working correctly. Any client not joined to domain would receive an IP Address from the DHCP Server and register itself in WINS. Once Client was joined to the Domain it registered itself in AD and DNS.

Server was set with static IP example below of Single NIC configuration:

IP Address: 192.168.1.10
Subnet Mask: 255.255.255.0
Gateway: 192.168.1.1

Primary DNS: 192.168.1.10

DNS Forwarders were set to OpenDNS

Diabled DHCP on the Cable Router.

Discuss This Question: 26  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • JennyMack
    Hi there, Welcome to IT Knowledge Exchange! Thank you for providing specific information about your issue; this should help you get the answers you need from the community. I've changed the tags on the question to get your question more visibility -- if you get a chance, have a look and keep this in mind in the future, should you ask another question. Thanks again, and welcome to the community! Thanks, Jenny Community Manager
    4,280 pointsBadges:
    report
  • Yankusbobicus
    This network has been working fine until recently. We replaced 14 computers in one lab and I was able to get all of them on to the domain. Then suddenly, we can't access the Internet unless we use static DNS servers on the clients (we are using 208.67.222.222.and 208.67.220.220) even though the IP address of the server is 192.168.0.3. It makes me wonder if the server is even being recognized as the domain controller. If I use the server IP as the static dns on the clients I cannot access the Internet or the local network.
    120 pointsBadges:
    report
  • Fontanatech
    This sounds like an IP issue. A few things to check. 1. Check your DHCP server to see if any reservations exists and if so, are there overlapping IP's being assigned to certain machines. For example, do you have a reservation for .28 for a MAC address for a computer that is no longer on the network, however, a different computer is using .28? I've seen this happen and the symptoms are what you explain. 2. Check your DHCP lease time... if it is too short, you have some computers getting new IP's that are actually still in use by other computers who haven't released them. 3. Check your server IP and see if you can ping the workstations... sometimes you have to go from the server out to find the problem. 4. If you have to use static dns on the clients, is it because your workstations can't connect to the internal dns? From the workstation, ping the gateway IP, ping the DNS, ping the DHCP server... something isn't configured correctly and you should find the answer by seeing what you cannot ping. Hope this helps.
    265 pointsBadges:
    report
  • mshen
    The manual client DNS addresses that you are using are the addresses for OpenDNS.com. They provide a free internet DNS service that you can use as opposed to your ISP dns name servers for the internet. It sounds like your internal DNS configuration is not working. As long as your client DNS address is 208.67.222.222, you will not be able to add the client to the domain. The primary DNS server MUST be the domain controller's IP address to add it to the domain.
    27,385 pointsBadges:
    report
  • Yankusbobicus
    The only DHCP reservations are for the networked printers. All other clients are set for dynamic IP addresses. The server IP address is 192.168.0.3. It is configured to handle DHCP and DNS. The default gateway is 192.168.0.250, the IP address of the router. Our DHCP scope is 192.168.0.100 to 192.168.0.249. I selected two different workstations, one that I know is on the domain and one that I know is not. Both have static DNS servers set as 208.67.222.222 and 208.67.220220. The IP address for the workstation on the domain is 192.168.0.163. I can ping the server and the router from this workstation. The IP address for the workstation not on the domain is 192.168.0.174. I can ping the server and the router from this workstation. I then went back to the server where I can ping the server and the router but I could not ping either of these workstations. I know that the static DNS servers I am using are from OpenDNS. That was the only way we could get the clients to access the Internet. If we use the server IP address as the DNS server we can not access the network on the Internet. I know that ss long as my client DNS address is 208.67.222.222, I will not be able to add the client to the domain and that the primary DNS server MUST be the domain controller’s IP address to add it to the domain. That is the problem I am trying to solve. Why, when I set the primary DNS server as the domain controller’s IP address I completely lose connection to the server and the Internet? What am I missing? Is it possible that somehow the server is no longer the domain controller?
    120 pointsBadges:
    report
  • Dwiebesick
    From what gather regarding your setup, you have only one server. The server is configured as a DC. Do you have a static IP set for the server? Do you have DNS installed on this server? I will make the assumption that you have DNS installed for the rest of my questions/comments. Are there any DNS errors? Do you have forwarders setup in you DNS? Do you have WINS install on your server? Pinging from the server to the workstations maybe a simple problem that the workstations firewall is enabled and is blocking the request. Try turning off the firewall or open it up to respond to ping. To resolve the problem you have temporarily resolved (bad fix) by setting the client workstations DNS to OpenDNS is to fix your server DNS issue. Active Directory, you are using that - or is that a poor assumption on my part? AD absolutley needs a functioning DNS (does not have to be Microsoft - but that is the easiest to implement at your site). Client workstations need to find resource records (SRV) and using OpenDNS will not work. OpenDNS will not have a clue regarding any resouce on your local network. So, for set 1, see if DNS is installed on your DC and that it is properly configured. There are good reference material on the net regarding how to properly configure and troubleshoot. Or send back your questions and we will respond with any support we can.
    2,235 pointsBadges:
    report
  • PCJunkie
    Yankusbobicus.... I'd like to say this is a very interesting issue. It almost sounds like something I've had to deal with in the past. However before I go trying to run a comparison on our possible like issues there are 2 questions I'd like to ask you. 1. Has any information listed in this discussion brought you to a resolve? If so, who might I ask led you to your resolution and what exactly was it that you had to do to correct it? 2. May I ask why you are using OpenDNS? From what I gather your internet provider is Comcast and you say you are using a Linksys Router. Therefore why aren't you using Comcasts DNS which should be set within the Linksys Router Configuration? Does anyone have any objections to my second question?
    870 pointsBadges:
    report
  • mshen
    PCJunkie is correct. Your router should be using either OpenDNS or your ISP's DNS name servers for DNS. That is most likely why you cannot access the internet without OpenDNS set on your clients. Your first step from here is to troubleshoot DNS from your domain controller. If your domain controller can access the internet using it's own IP address for DNS, you should have no problems setting the DNS on your client machines back to your domain controller IP.
    27,385 pointsBadges:
    report
  • Yankusbobicus
    OK, I am going to answer the questions in the last three responses to my issue - "From what gather regarding your setup, you have only one server. The server is configured as a DC" I am assuming our one and only server is the dc. I have not configured it as such but I assume it was before I arrived on the scene. "Do you have a static IP set for the server?" Yes. It is 192.168.0.3. " Do you have DNS installed on this server?" Yes, in fact I have uninstalled, reinstalled and rebuilt it three times trying to solve this problem. " Are there any DNS errors?" Would this be in Event Viewer? There are several errors there. " Do you have forwarders setup in you DNS?" No " Do you have WINS install on your server?" No "To resolve the problem you have temporarily resolved (bad fix) by setting the client workstations DNS to OpenDNS is to fix your server DNS issue. Active Directory, you are using that - or is that a poor assumption on my part?" We are using AD. "1. Has any information listed in this discussion brought you to a resolve? If so, who might I ask led you to your resolution and what exactly was it that you had to do to correct it?" Not yet. "2. May I ask why you are using OpenDNS?" I knew that those DNS servers were always available. "From what I gather your internet provider is Comcast and you say you are using a Linksys Router. Therefore why aren’t you using Comcasts DNS which should be set within the Linksys Router Configuration?" I think we had them set in the router at one time, and they may still be there (need to check) but we had the same problem. "Your first step from here is to troubleshoot DNS from your domain controller. If your domain controller can access the internet using it’s own IP address for DNS, you should have no problems setting the DNS on your client machines back to your domain controller IP." The only time I have been able to access the Internet from the server is by enabling the second NIC, giving it a static IP of 192.168.0.4 and using the OpenDNS as dns servers. I notices today that I am getting several errors on the clients that are on the domain. They are 4004, 4014, 4000.
    120 pointsBadges:
    report
  • Yankusbobicus
    Sorry, those errors 4004, 4015 and 4000 were on the server. The client error is 1053.
    120 pointsBadges:
    report
  • mshen
    I left off that you need to set DNS forwarders on your domain controller as well. This can be the ISP's servers or openDNS servers.
    27,385 pointsBadges:
    report
  • PCJunkie
    Mshen is correct. You must set Forwarders on the DC DNS. You should make sure what DNS is configured on Router first. Afterall your router is your Gateway to the cloud. If you had the same problem revert back to Comcast DNS settings on the router. No need for OpenDNS. Use the Comcast DNS settings in router and on the DC DNS config. If you are using DHCP on DC make sure DHCP is disabled for clients on router. The reason behind having a forwarder setup on the DC DNS is to enable traffic from your internal network being 192.168.0.x to a PUBLIC Address. You cannot go from 192.168.0.x to 208.67.222.222 without the forwarder and you cannot have a client machine setup using a static DNS setting such as the 208.67.222.222 or Comcasts DNS IP because your clients cannot locate the Internal DNS from an OUTSIDE DNS Server. Does this make sense? If you'd like to speak on the phone about this email me directly at pcjunky@optonline.net. I will be happy to send you my contact number and or get yours and call you to discuss. I know how frustrating this stuff can be and sometimes this method of messaging can be time consuming. Anyone feel free to object to anything I've stated here
    870 pointsBadges:
    report
  • Dwiebesick
    Well, actually you do not need any DNS settings in the router unless from the router (logged in and running from the router) you need to do name resolution. In this scenario, the DC should have DNS installed. The server should have static IP address set, the Gateway is the router IP address, and the DNS setting should ONLY be the static IP of the server. Within the DNS, the Forwarders should point to some external DNS. In the DNS forwarders setting, I would recommend using OpenDNS as they have great reliability and SO much more. Register with them and take a look at the services they provide. Now, when you are on a home network or really small business network, where you do not have a server, and you use the router for DHCP, then you have to set the DNS in the router. The router’s DHCP will then issue network configurations that would work; an IP that is within scope, the proper gateway and DNS to the outside. However, if there is a server that has resources, i.e. printers, domain controller, active directory; then a router so configured will be an extremely bad idea. Active Directory must have a properly functioning DNS, one that can resolve intranet resources. Internet resources would be handled by the forwarder DNS servers.
    2,235 pointsBadges:
    report
  • Yankusbobicus
    OK, here is what I tried today. On a client that I have not been able to add to the domain - First I set the forwarders on the server to Open DNS - 208.67.222.222 and 208.67.220.220. Then I went to the client and set the DNS server to automatic. I could not access the Internet and I could not get on the domain. I then changed the DNS server to static using the sever IP address 192.168.0.3. I still could not access the Internet and I could not get on the domain. In both cases I got the same error when trying to add the client to the domain - "Domain controller for the domain huntingtoncatholic.local could not be contacted." Then I changed the forwarders to the Comcast DNS - 68.87.72.130, 68.87.77.130 and 68.87.66.196. Then I went back to the client and set the DNS server to automatic. Again, I could not access the Internet and I could not get on the domain. I then changed the DNS server to static using the sever IP address 192.168.0.3. I still could not access the Internet and I could not get on the domain. And once again, in both cases I got the same error when trying to add the client to the domain - "Domain controller for the domain huntingtoncatholic.local could not be contacted." Now, with a client already on the domain - the only thing that changed was I lost access to the Internet. With either of the configurations above I was able to access the network and all of its resources. I even tried setting the forwarders as Open DNS and using the static Open DNS servers on the client and still could not add it to the domain. So, setting the forwarders to the Open DNS or the Comcast DNS does not affect network access on clients currently on the domain but I still can not add any additional clients. I do lose Internet access, though, unless I use Open DNS as static DNS servers on the clients. Any suggestions??
    120 pointsBadges:
    report
  • Yankusbobicus
    Another thing, the router has dhcp disabled so there are no static DNS servers set. Also, not surprisingly, if I set the DNS servers on the server to Open DNS I can access the Internet but nothing else changes.
    120 pointsBadges:
    report
  • mshen
    From the information you are giving us, it sounds like it is definitely a DNS issue, but there must be more going on to cause this to not work. I suggest you call a network consultant to fix the issues in your network. There are many things to consider and an experienced consultant would probably be able to find the problem quickly after taking a look at the equipment and settings directly.
    27,385 pointsBadges:
    report
  • Dwiebesick
    What are you using for your DHCP server? Is DHCP installed on your domain controller? Do you have DHCP properly installed? Go to the a command prompt (Start Run CMD) and run ipconfig/all and give us the results. Is sounds like that not only do you have a miss configured DNS but also DHCP. When you set your clients to obtain an IP automatically and DNS automatically, you need to varify that the results are correct. The ipconfig/all will help determine the problem. Also, you should try and ensure you can ping both the server by IP and NAME, ping your gateway (router) by IP. To ensure you have connection to the out side world from a workstation, you can ping IP 4.2.2.2 and a ping to yahoo.com would check proper name resolution (DNS). Send back ipconfig/all report and we will take a look at it.
    2,235 pointsBadges:
    report
  • PCJunkie
    Yankusbobicus going back to the start you said that you have cable going from the cable modem to the Linksys router. Then you have cable going from the router to port #4x on a Catalyst 1900 switch. Next you have cable going from port 22x on the Catalyst 1900 switch to port #24 on a Baystack 450-24T switch. And finally a cable runs from port #21 on the Baystack 450-24T switch to NIC #1 on the server. You state that NIC #1 is being used on the server. Do you have a second NIC in the server being used and if so how is it tied in? Sending an IPCONFIG /ALL of the server as well as one from a client PC would be helpful. If you are relying on your Linksys Router as a firewall between you internal and external networks I would have to say to configure your server properly it would require 2 NICS. Dwiebesick what is your comment on this?
    870 pointsBadges:
    report
  • Yankusbobicus
    "You state that NIC #1 is being used on the server. Do you have a second NIC in the server being used and if so how is it tied in? " NIC #2 is disabled with nothing connected to it. Here is some additional information that I should have shared earlier but I had basically forgotten about this because I do almost all of the support in the building where the server is housed. The other building is connected via fiber optic cable and has its own stack of switches. It has two routers in different parts of the building that are used for wireless access. Is it possible that the configuration on one of both of these routers could be the problem? What should it be as far as the IP etc on them? I do not know if someone possible reset them at some point causing them to revert back to their default IP address. They are both Netgear routers. So here is what I am pretty sure is the setup - Remember, this network was installed nearly ten years ago and no one who was involved is around any more and there doesn't seem to be any information left behind to draw from. Comcast is the service provider. Their cable come into our server room in the middle school building and connects to the cable modem, which connects to the linksys router. The router is connected to a switch and then an Ethernet cable runs from the switch to the server.The linksys router is used for wireless access only. All client computers are cabled to ports in the wall in the labe and in the classrooms. There is an Actiontec router in the 6th grade classroom that is being used to extend the wireless network. Somewhere along the line fiber optic cable runs from the switch to the Primary School building. In the 2nd grade classroom you will find a netgear router that is connected to one of the ports in the wall. This is to be used mainly for wireless access in this part of the Primary Building but there is one client computer connected to it. All other client computers and printers are cabled directly to ports in the wall. In the comouter lab at the other end of the building there is another netgear router cabled to the wall with no clients connected. It is used strictly for wireless access in this part of the building. We get wireless access to the network via the linksys and Actiontec routers in the Middle Building but from neither of the netgear routers in the Primary Building. This is leading me to believe that someone, somewhere along the line has messed with these routers and possibly reset them. I know that last year when this network was fully functional the IP address of the router in the 2nd grade classroom was something like 10.0.0.1. I do not know what it was on the other netgear router.
    120 pointsBadges:
    report
  • PCJunkie
    Are you located in Indiana? Here is my email address.
    pcjunky@optonline.net
    Send me your work email address and we can try to work through this faster.
    870 pointsBadges:
    report
  • PCJunkie
    I just built a test domain using Windows SBS 2003 SP2 using one Network Interface. I set the Static IP of the Server to 192.168.1.10 I turned off DHCP on my Netgear Broadband Router. The Router is using my ISP (Optimum Online) Dynamic DNS. The Routers IP Address is 192.168.1.1 therefore the Default Gateway Statically set on my server is 192.168.1.1 I initially set a Static Primary DNS on my server to 192.168.1.1 so that my server could go on the internet. So the final setings on my Server looked like this. IP Address: 192.168.1.10 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.1.1 Preferred DNS Server: 192.168.1.1 Alternate DNS Server: left blank At this point Windows SBS 2003 has a wizard to connect to e-mail and internet. Running the wizard I made sure that default gateway was set for 192.168.1.1 which was already prefilled during the processing and that primary DNS for clients would be 192.168.1.10 which is the DHCP Server address. When the wizard was completed it automatically reassigned the Server's Primary DNS to 192.168.1.10 and added a FORWARDER in the DNS database which points to my router which is 192.168.1.1 So now the final configuration of the Server using only one NIC is IP Address: 192.168.1.10 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.1.1 Preferred DNS Server: 192.168.1.10 Alternate DNS Server: left blank with a FORWARDER in DNS to send any requests via port 80 to the router 192.168.1.1 I was able to add clients to the domain and see the computers registered in AD, DHCP, DNS, and WINS on the server. With all said and done it works the way it should. I would at this point say you have some sort of DNS corruption and if you are willing to talk on the phone I would be happy to work with you on this.
    870 pointsBadges:
    report
  • Dwiebesick
    IP Address: 192.168.1.10 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.1.1 Preferred DNS Server: 192.168.1.1 Alternate DNS Server: left blank When the wizard was completed it automatically reassigned the Server’s Primary DNS to 192.168.1.10 and added a FORWARDER in the DNS database which points to my router which is 192.168.1.1 --- NO YOU misconfigured the wizard. ----- The wizard, if properly ran will enter the FORWARDER to a DNS server and NOT YOUR ROUTER - this would be OpenDNS or your ISP DNS. II would at this point say you have some sort of DNS corruption and if you are willing to talk on the phone I would be happy to work with you on this. I will answer your question by phone if you would like, email me direct at dwiebesick at netrixit dot com and i will walk you through the steps or if you want, setup a remote session and show you what you need to do. Then you can post back to this site what we did so others can understand the solution.
    2,235 pointsBadges:
    report
  • PCJunkie
    Hello Dwiebesick I do believe you misinterpreted my last posting. I sent you an email to the address you listed. My number is in the email feel free to call me. If you want me to call you just reply to my email I sent with your number. I look forward to talking to you.
    870 pointsBadges:
    report
  • Dwiebesick
    When you run the CEICW, there is a page where you enter the DNS settings. SBS CEICW or Microsoft KB SBS CEICW
    2,235 pointsBadges:
    report
  • Yankusbobicus
    Does it matter that this is Windows Server 2003 Enterprise edition and not the SBS Edition?
    120 pointsBadges:
    report
  • PCJunkie
    SBS was designed for the small business and comes packaged with Exchange and Outlook. It uses CEICW which stands for Configure Email and Internet Connection Wizard whereas I believe Enterprise Edition uses the ICW or Internet Connection Wizard for helping with configuring your server when you do not have alot of experience. However DHCP and DNS works the same with either OS.
    870 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following