# [SOLVED] Can't join a client to Active Directory domain!



## demitch256

Hi...I just completed a test deployment of a Windows 7 client in a virtualized environment using WDS. I am using Windows Server 2008 R2 as a domain controller with AD installed on it. When I try to join the client to the AD DC, I receive the following error message:

An Active Directory Domain Controller for the domain 'xyz.com' could not be found.

An error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "win2008.com".

The error was: "No records found for given DNS query."
(error code 0x0000251D DNS_INFO_NO_RECORDS)

The query was for the SRV record for _ldap._tcp.dc._msdcs.win2008.com

I have already created an account for the client computer in "Active Directory Computers and Users', and configured the delegation in Properties. I'm sure all my network settings are set properly. I know it has something to do with DNS, but can't quite figure out where to begin troubleshooting...I'm still learning about Server 2008 and AD. Anybody have any ideas or opinions about this?

Thanks,

demitch256


----------



## Noobus

demitch256 said:


> Hi...I just completed a test deployment of a Windows 7 client in a virtualized environment using WDS. I am using Windows Server 2008 R2 as a domain controller with AD installed on it. When I try to join the client to the AD DC, I receive the following error message:
> 
> An Active Directory Domain Controller for the domain 'xyz.com' could not be found.
> 
> An error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "win2008.com".
> 
> The error was: "No records found for given DNS query."
> (error code 0x0000251D DNS_INFO_NO_RECORDS)
> 
> The query was for the SRV record for _ldap._tcp.dc._msdcs.win2008.com
> 
> I have already created an account for the client computer in "Active Directory Computers and Users', and configured the delegation in Properties. I'm sure all my network settings are set properly. I know it has something to do with DNS, but can't quite figure out where to begin troubleshooting...I'm still learning about Server 2008 and AD. Anybody have any ideas or opinions about this?
> 
> Thanks,
> 
> demitch256



Hi demitch256

The issue is most likely where the error suggests, with dns. I'm assuming the workstation is getting an ip from dhcp?
Make sure the workstation is getting a valid ip address and the dns server/s are valid as well.
Also check the workstation can ping the dns servers and dc.

If you can ping the dns server, make sure the dc's are visible in the dns zone.
If you can't ping the dns server, make sure the network details are correct and there's no firewall blocking the traffic.

Also, have you had trouble adding any other machines to the domain?

L


----------



## Wand3r3r

*Re: Can't join a client to Active Directory domain!*

from the workstation do two things

check that the dns ip address is that of your AD DNS server. you do this with ipconfig
do a nslookup dnsservername and post the results for review


----------



## cluberti

*Re: Can't join a client to Active Directory domain!*

It does quite sound like you have DNS problems with the SRV records of your DCs, assuming the client is pointed at the DNS server installed on your DC (and *only* that DNS server).

On the DC, you can run dcdiag to test DNS health, amongst other things. If the above is true, you definitely need to run dcdiag on your DC.


----------



## demitch256

*Re: Can't join a client to Active Directory domain!*

Hi guys...thanks for all the responses. On my initial post, the first line in the error message should have read...."could not be contacted" instead of "could not be found". I don't know if this makes any difference, but anyway..my bad!. I 've double-checked all my network configuration settings. I have the client set up with a static IP address and the same DNS address (127.0.0.1) of the DC. I was also able to ping both the DC and the client. I then ran a dcdiag /test:dns on the dc, and received indications that many of the IPv6 tests had failed (probably because I have IPV6 disabled), but that the dns test for the DC had in fact passed. I am not sure exactly what it's telling me. Here are the results below. Maybe someone can interpret it better than I can and come up with something. 

Thanks!

demitch256
_________________________________________________________________

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:\Users\Administrator.WIN-DPHJOBMKVQG.001>Ping 192.168.0.2

Pinging 192.168.0.2 with 32 bytes of data:
Reply from 192.168.0.2: bytes=32 time=1ms TTL=128
Reply from 192.168.0.2: bytes=32 time=1ms TTL=128
Reply from 192.168.0.2: bytes=32 time=1ms TTL=128
Reply from 192.168.0.2: bytes=32 time<1ms TTL=128

Ping statistics for 192.168.0.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms

C:\Users\Administrator.WIN-DPHJOBMKVQG.001>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
Trying to find home server...
Home Server = DC-1
* Identified AD Forest.
Done gathering initial info.

Doing initial required tests

Testing server: Default-First-Site-Name\DC-1
Starting test: Connectivity
......................... DC-1 passed test Connectivity

Doing primary tests

Testing server: Default-First-Site-Name\DC-1

Starting test: DNS

DNS Tests are running and not hung. Please wait a few minutes...
......................... DC-1 passed test DNS

Running partition tests on : ForestDnsZones

Running partition tests on : DomainDnsZones

Running partition tests on : Schema

Running partition tests on : Configuration

Running partition tests on : win2008

Running enterprise tests on : win2008.com
Starting test: DNS
Summary of test results for DNS servers used by the above domain
controllers:

DNS server: 2001:500:1::803f:235 (h.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:1::803f:235

DNS server: 2001:500:2d::d (d.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2d::d

DNS server: 2001:500:2f::f (f.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:2f::f

DNS server: 2001:500:3::42 (l.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:500:3::42

DNS server: 2001:503:ba3e::2:30 (a.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:503:ba3e::2:30

DNS server: 2001:7fd::1 (k.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fd::1

DNS server: 2001:7fe::53 (i.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:7fe::53

DNS server: 2001:dc3::35 (m.root-servers.net.)
1 test failure on this DNS server
PTR record query for the 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.
0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa failed on the DNS server 2001:dc3::35

......................... win2008.com passed test DNS

C:\Users\Administrator.WIN-DPHJOBMKVQG.001>


----------



## Noobus

demitch256 said:


> I have the client set up with a static IP address and the same DNS address (127.0.0.1) of the DC.
> 
> Pinging 192.168.0.2 with 32 bytes of data:
> Reply from 192.168.0.2: bytes=32 time=1ms TTL=128
> Reply from 192.168.0.2: bytes=32 time=1ms TTL=128
> Reply from 192.168.0.2: bytes=32 time=1ms TTL=128
> Reply from 192.168.0.2: bytes=32 time<1ms TTL=128


So your dns server is 127.0.0.1 or 192.168.0.2?

The 127 address is a loopback for the internal nic and will point to itself.

Rather than trying tonping the ip of the dns server, try to ping the hostname.
Ad also do 'nslookup 192.168.0.2' and make sure it resolves the correct hostname.

L


----------



## cluberti

*Re: Can't join a client to Active Directory domain!*



demitch256 said:


> I have the client set up with a static IP address and the same DNS address (127.0.0.1) of the DC.


Um........ pardon me for my frankness, by why would you tell another machine that it's domain DNS server is a loopback adapter? As Noobus mentioned, clients and other servers should be configured with the IP address of the AD DNS server running on your domain controller as their DNS server.

And, I would hope this is a test - otherwise, in a real environment, you should have two or more domain controllers, two or more DNS servers, and two or more DHCP servers, for each domain.

Also, change your domain controller to point to it's own IP address for DNS as well - change 127.0.0.1 to 192.168.0.2 (which I believe is the IP of your domain controller running DNS, from the output you posted).


----------



## demitch256

*Re: Can't join a client to Active Directory domain!*

I changed the DNS IP address to the IP address of the AD DNS as all you guys suggested and it worked!. I forget exactly were I received that instruction from about using the 127 address for DNS...I think it was on Youtube or somewhere...but anyway, thanks guys for all the help...much appreciated! Boy! I have a lot ot learn about AD DS...hopefully I 'll get there soon!

Thanks again,

demitch256


----------

