Re: Can't join a domain
- From: "Paul Bergson [MVP-DS]" <pbergson@xxxxxxxxxxxxxxxxx>
- Date: Wed, 18 Jul 2007 07:52:51 -0500
Are there any firewalls between the two boxes up and running? Forget about
doing a dcpromo until you figure out what why you can't join the domain.
Try running portqryui from the member server to the DC.
http://www.microsoft.com/downloads/details.aspx?familyid=8355e537-1ea6-4569-aabb-f248f4bd91d0&displaylang=en
Select the domains and trusts built in query
http://www.windowsecurity.com/articles/Mastering-PortQryexe-Part2.html
--
Paul Bergson
MVP - Directory Services
MCT, MCSE, MCSA, Security+, BS CSci
2003, 2000 (Early Achiever), NT
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Kolchak" <Kolchak@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:05703DD3-5805-4966-9E12-B74394984914@xxxxxxxxxxxxxxxx
Hi,
Been killing me all day, so begging for help :)
I have a machine I want to be a DC at a remote site, but DCPROMO is
failing
with:
An Active Directory domain controller for the domain DOM could not be
contacted.
The domain name DOM might be a NetBIOS domain name. If this is the case,
verify that the domain name is properly registered with WINS.
If you are certain that the name is not a NetBIOS domain name, then the
following information can help you troubleshoot your DNS configuration.
DNS was successfully queried for the service location (SRV) resource
record
used to locate a domain controller for domain DOM:
The query was for the SRV record for _ldap._tcp.dc._msdcs.DOM
The following domain controllers were identified by the query:
files1.DOM
files3.DOM
Common causes of this error include:
- Host (A) records that map the name of the domain controller to its IP
addresses are missing or contain incorrect addresses.
- Domain controllers registered in DNS are not connected to the network or
are not running.
This machine is using files1 and files3 as its DNS servers. Files1 and
files3 are both at HQ, I'm at the remote site. A VPN is setup and no ports
are currently being blocked. I can also do the following:
set q=srvServer: files3.DOM
_ldap._tcp.dc._msdcs.DOM
Address: 10.1.1.3
_ldap._tcp.dc._msdcs.DOM SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = files3.DOM
_ldap._tcp.dc._msdcs.DOM SRV service location:
priority = 0
weight = 100
port = 389
svr hostname = files1.DOM
files3.DOM internet address = 10.1.1.3
files1.DOM internet address = 10.1.1.1
So srv can be located. The same error happens when I try and add the
machine
to the domain. Both existing DCs can be pinged, and an nmap of them both
from
the remote site returns hundreds of open ports, with all the expected ones
marked opened. I am absolutely stumped - any ideas??? I've run DCDIAG on a
domain controller and everything is fine... please help :)
Cheers,
Karl
.
- Follow-Ups:
- Re: Can't join a domain
- From: Kolchak
- Re: Can't join a domain
- References:
- Can't join a domain
- From: Kolchak
- Can't join a domain
- Prev by Date: Re: Assigning permissions to users on a folder on a set of PC;s
- Next by Date: TCP/IP setting on a DC
- Previous by thread: Can't join a domain
- Next by thread: Re: Can't join a domain
- Index(es):
Relevant Pages
|
Loading
