|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
09-30-2009
| #1 (permalink) |
| | Can't Join Domain I'm trying to setup a lab for MCSE studying. I have Virtual Server 2005 installed on XP Pro. I installed each Virtual server from the same CD but different Keys. Windows Firewall is turned off on both servers. When I try to add Computer2 to the Domain i get the error messages below. I am pretty familiar with this DNS stuff, but this one has me stumped. My host computer is connected to a DLink ROuter that has a built in DHCP and DNS Relay option. I disabled both and I get the same problem. Also, When I do REPLMON after setting up AD and DNS, I get a "cannot locate domain controller" error when I try to connect to domain controller. Host: XP PRO Firewall: Trend Micro NIC: Broadcom 10/100/1000 Guest1: Windows Server 2003 Name: Computer1 AD and DNS server roles installed DHCP is not installed Domain name: Beyud.local Guest2: Windows Server 2003 Name: Computer2 No Roles installed. ========================================================== Error message from Computer2 when trying to join Beyud.local domain using full FQDN. ========================================================== The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain beyud.local: The error was: "This operation returned because the timeout period expired." (error code 0x000005B4 ERROR_TIMEOUT) The query was for the SRV record for _ldap._tcp.dc._msdcs.beyud.local The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses: 151.0.1.1 Verify that this computer is connected to the network, that these are the correct DNS server IP addresses, and that at least one of the DNS servers is running. ========================================================== ========================================================== Error Message from Computer2 when trying to join domain from computer name change properties. I only typed BEYUD for domain to join. ========================================================== "The domain name beyud might be a NetBIOS domain name. If this is the case, verify that the domain name is properly registered with WINS. If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration. The following error occurred when DNS was queried for the service location (SRV) resource record used to locate a domain controller for domain beyud: The error was: "This operation returned because the timeout period expired." (error code 0x000005B4 ERROR_TIMEOUT) The query was for the SRV record for _ldap._tcp.dc._msdcs.beyud The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses: 151.0.1.1 Verify that this computer is connected to the network, that these are the correct DNS server IP addresses, and that at least one of the DNS servers is running. ========================================================== -- I''m a novice with an advance way of thinking. |
My System Specs |
|
09-30-2009
| #2 (permalink) |
| | Re: Can't Join Domain "Beyuduzz" <Beyuduzz@newsgroup> wrote in message news:93D1BE81-259D-48CE-B05D-7A0206A8EA76@newsgroup Quote: > I'm trying to setup a lab for MCSE studying. I have Virtual Server 2005 > installed on > XP Pro. I installed each Virtual server from the same CD but > different Keys. Just wouldn't matter. Quote: > Windows Firewall is turned off on both servers. > When I try to add Computer2 to the Domain i get the error messages below. > I > am pretty familiar with this DNS stuff, but this one has me stumped. > My host computer is connected to a DLink ROuter that has a built in DHCP > and > DNS Relay option. I disabled both and I get the same problem. for Workstations and Laptops. The Domain Controller needs to also run DNS and *be* the DNS Server that is used. Never ever ever you any other DNS Server and do not allow the machines to use the DLink box for DHCP, DNS or anything else. The ISP's DNS Server goes on the Forwarders List within the configuration of the DNS Service on the DC. This is the only place that any other DNS IP# should ever appear. WINS is optional, but a good idea. I recommend on the Domain Controller that it run DNS, WINS, and be the DHCP Server. The DHCP on the DLink box should be completely disabled. The fact that all of this runs as VMs within Virtual Server is pretty much meaningless. Virtual?,..Physical?,...it just doesn't matter,...it all works the same way. -- Phillip Windell The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. ----------------------------------------------------- |
| My System Specs |
|
09-30-2009
| #3 (permalink) |
| | Re: Can't Join Domain On Wed, 30 Sep 2009 14:02:56 -0500, Phillip Windell wrote: Quote: > The Domain Controller needs to also run DNS and *be* the DNS Server that is > used. Never ever ever you any other DNS Server -- Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca |
| My System Specs |
|
09-30-2009
| #4 (permalink) |
| | Re: Can't Join Domain Paul? We've been in agreement on this have been saying this for years! How in the world can you come along and say this is *completely and utterly* untrue?? Completely and utterly????? Com'on here! Is it possible to have a DC that does not have DNS on it? Yes!,...do most people do it? No. Is running the DC without DNS on the same machine considered the "norm" and the "most common practice"? No. What do most people do with it?....almost exclusively?,...they run DNS on the DC. This is just a stupid Lab with a few VMs on VirtualServer used for studying for an MCSE. Give me a break. -- Phillip Windell The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. ----------------------------------------------------- "Paul Adare" <pkadare@newsgroup> wrote in message news:dwkm9zfa7ssx.5399u54p623s$.dlg@newsgroup Quote: > On Wed, 30 Sep 2009 14:02:56 -0500, Phillip Windell wrote: > Quote: >> The Domain Controller needs to also run DNS and *be* the DNS Server that >> is >> used. Never ever ever you any other DNS Server > Sorry but this is completely and utterly untrue. > > -- > Paul Adare > MVP - Identity Lifecycle Manager > http://www.identit.ca |
| My System Specs |
|
09-30-2009
| #5 (permalink) |
| | Re: Can't Join Domain On Wed, 30 Sep 2009 14:42:28 -0500, Phillip Windell wrote: Quote: > Paul? We've been in agreement on this have been saying this for years! > How in the world can you come along and say this is *completely and utterly* > untrue?? Completely and utterly????? statement that then DC needs to be running DNS and also be the DNS server that is used is simply not true. The requirement is a DNS server that supports the SRV record. I've done a lot of AD deployments where not only is DNS not installed on the DC(s), the customer is not even using Microsoft's DNS server but are using a 3rd party DNS server (BIND for example) that supports the SRV record. Quote: > > Com'on here! incorrect. Quote: > > Is it possible to have a DC that does not have DNS on it? Yes!,...do most > people do it? No. Is running the DC without DNS on the same machine > considered the "norm" and the "most common practice"? No. What do most > people do with it?....almost exclusively?,...they run DNS on the DC. Also, the above does not jibe with the original statement you made which is what I pointed out is just simply wrong. Quote: > > This is just a stupid Lab with a few VMs on VirtualServer used for studying > for an MCSE. Give me a break. wrong and inaccurate, especially for someone who is studying? Quote: > > "Paul Adare" <pkadare@newsgroup> wrote in message > news:dwkm9zfa7ssx.5399u54p623s$.dlg@newsgroup Quote: >> On Wed, 30 Sep 2009 14:02:56 -0500, Phillip Windell wrote: >> Quote: >>> The Domain Controller needs to also run DNS and *be* the DNS Server that >>> is >>> used. Never ever ever you any other DNS Server >> Sorry but this is completely and utterly untrue. -- Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca |
| My System Specs |
|
09-30-2009
| #6 (permalink) |
| | Re: Can't Join Domain "Paul Adare" <pkadare@newsgroup> wrote in message news:exzfyjurlmc$.1mw85tkg6v762$.dlg@newsgroup Quote: > Who is "we" and what have "we" been in agreement on for years? Your there with us at the 2004 Mini Security Summit or not. I'm a bit put back by how insulting and condesending you are acting compared to what you were like in person. Having a bad day or something? You didn't even bother to continue with the post and tell the guy what you "thought" I should have told him. You just fired off that I was "completely and utterly untrue" and walked away like a drive by shooting. If you're that worried about it take over the thread and tell him whatever you want to. Quote: >Really, and how many large scale AD deployments have you done exactly? >Also, the above does not jibe with the original statement you made which is >what I pointed out is just simply wrong. Quote: > This is just a stupid Lab with a few VMs on VirtualServer used for > studying > for an MCSE. Give me a break. Quote: > What would I give a break to you for stating something that is technically > wrong and inaccurate, especially for someone who is studying? being dealt with. Because he *IS* studying let the guy work with a common simpler setup so he can learn from that before he has to ever worry about massive global corporate, over-the-top, in my opinion - rare, deployments that most IT people never get involved in. -- Phillip Windell The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. ----------------------------------------------------- |
| My System Specs |
|
09-30-2009
| #7 (permalink) |
| | Re: Can't Join Domain Thanks guys for the help. I'm not sure if we are any closer to resolving the issue that I am having. Besides disabling DNS relay and DHCP on my Dlink router, what other tweks should I make. Questions I have for you (any of you) I have a trend micro firewall running on the HOST. SHould I disable this? Regarding the firewall, besides port 389, what other ports should I open to allow the VMs to talk DNS if necessary? I swapped roles and loaded AD and DSN on Computer2 and made Computer1 the member server, but still COULD NOT add it to the domain. I got the same error. So far, my studying has come to a halt because i can't do any of the labs. Thanks for the help and concern. Tom -- I'm trying to think, but nothing's happening... "Phillip Windell" wrote: Quote: > "Paul Adare" <pkadare@newsgroup> wrote in message > news:exzfyjurlmc$.1mw85tkg6v762$.dlg@newsgroup Quote: > > Who is "we" and what have "we" been in agreement on for years? Your > We = You, me,...2004, 2005, 2006 MVP Summits? I don't remember if you were > there with us at the 2004 Mini Security Summit or not. I'm a bit put back > by how insulting and condesending you are acting compared to what you were > like in person. Having a bad day or something? You didn't even bother to > continue with the post and tell the guy what you "thought" I should have > told him. You just fired off that I was "completely and utterly untrue" and > walked away like a drive by shooting. If you're that worried about it take > over the thread and tell him whatever you want to. > Quote: > >Really, and how many large scale AD deployments have you done exactly? > >Also, the above does not jibe with the original statement you made which is > >what I pointed out is just simply wrong. > This isn't a large scale deployment. It is a VM Lab with a couple machines. > Quote: > > This is just a stupid Lab with a few VMs on VirtualServer used for > > studying > > for an MCSE. Give me a break. Quote: > > What would I give a break to you for stating something that is technically > > wrong and inaccurate, especially for someone who is studying? > It is not technically wrong and inaccurate, particularly in the context > being dealt with. > Because he *IS* studying let the guy work with a common simpler setup so he > can learn from that before he has to ever worry about massive global > corporate, over-the-top, in my opinion - rare, deployments that most IT > people never get involved in. > > > -- > Phillip Windell > > The views expressed, are my own and not those of my employer, or Microsoft, > or anyone else associated with me, including my cats. > ----------------------------------------------------- > > > |
| My System Specs |
|
09-30-2009
| #8 (permalink) |
| | Re: Can't Join Domain Here is what I get when I run replmon and choose my domain. http://i32.photobucket.com/albums/d1...lmon_error.jpg |
| My System Specs |
|
10-01-2009
| #9 (permalink) |
| | Re: Can't Join Domain On Wed, 30 Sep 2009 18:56:01 -0700, Beyuduzz <Beyuduzz@newsgroup> wrote: Quote: >Here is what I get when I run replmon and choose my domain. > >http://i32.photobucket.com/albums/d1...lmon_error.jpg Any reason you're using the 151.x.x.x subnet, and not one of the standard non-routable ones? -- Cheers, Steve Jain, Virtual Machine MVP http://vpc.essjae.com/ |
| My System Specs |
|
10-01-2009
| #10 (permalink) |
| | Re: Can't Join Domain On Wed, 30 Sep 2009 17:52:02 -0700, Beyuduzz wrote: Quote: > So far, my studying has come to a halt because i can't do any of the labs. > Thanks for the help and concern. VMs? -- Paul Adare MVP - Identity Lifecycle Manager http://www.identit.ca |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| join domain | Vista General | |||
| Unable to join domain | Vista account administration | |||
| Can not join a domain | Vista General | |||
| can't join Domain | Vista installation & setup | |||
| Can't join Domain | Vista account administration | |||
