0

I can connect XP machines just fine to our new domain, however, I get the following error when I try to bind any Windows 7 box on our network to the 2011 SBS domain:

An attempt to resolve the DNS name of a DC in the domain being joined has failed. 
Please verify this client is configured to reach a DNS server that can resolve
DNS names in the target domain.

I am wondering if part of the problem might be related to the fact we still have our Win2k DC active (and running DNS) until this server is set up for good? Any help on this would be much appreciated.

codewario
  • 548
  • 3
  • 16
  • 36
  • Another thing worth noting is that it seems to know the domain is there, as it gives a different error if I put in a non-existant domain name, as well as it does prompt me for a user and password with permission to bind the PC to the domain. It gives the error a few seconds after giving the password. – codewario Mar 16 '11 at 19:04
  • 1
    Are you setting the domain suffix in your DHCP options? Which DNS server do you have listed as the first DNS server in your DHCP options? Which DNS servers are set on the client? – joeqwerty Mar 16 '11 at 19:11
  • Do you have connectivity with the DC? (ping for example) In case you do, does it resolve its name (pinging the server by its name)? – Manu Mar 16 '11 at 19:09
  • Do you have connectivity with the DC? (ping for example) In case you do, does it resolve its name (pinging the server by its name)? – Manu Mar 16 '11 at 19:09
  • Do you have a firewall which blocks the netbios traffic? – René Höhle Mar 16 '11 at 19:17
  • @Stony: Are you talking client-side or server-side? – codewario Mar 16 '11 at 19:30
  • @MetalSearGolid: you should check it on both sites. But the easiest way on Win7 site is to go to network and look if he find the server. And check the answer from Shane Madden. – René Höhle Mar 16 '11 at 19:34
  • Oh and another thing I should have mentioned, AD on the old domain didn't like not being the DNS server/DHCP server, so the SBS domain controller I am having issues with is not the DHCP server (my understanding is that SBS reeeealy likes to be DHCP or else some things might not work right) – codewario Mar 16 '11 at 19:45

3 Answers3

2

the old AD DNS and new AD DNS are not aware of each other. I recommend pointing all new clients going to the new domain to the SBS IP for DNS and if necessary adding any A/CNAME records to point back to devices on old DNS zone.

Bret Fisher
  • 3,973
  • 2
  • 21
  • 25
  • Tried that, all it did was make me unable to access the internet from the client (intranet was fine) – codewario Mar 16 '11 at 19:43
  • @MetalSearGolid Bret is exactly right; you need to point to the new devices for DNS if you want them to join the new domain. If you were unable to access the internet when pointing to them, you should troubleshoot that issue; likely just need to fix the DNS server's forwarder configuration. See my most recent comment on the other answer. – Shane Madden Mar 16 '11 at 20:05
  • What I still don't understand though is why XP clients could join, but not Windows 7 clients? – codewario Mar 16 '11 at 20:38
  • @MetalSearGolid Maybe something to do with XP still using NetBIOS and broadcasts to find the Master Browser (NT4 stuff) and Windows 7 purely relies on proper DNS config. Maybe XP fell back to NetBIOS and was able to join that way. Just a guess. – Bret Fisher Mar 17 '11 at 15:26
  • Something else worth noting for anyone else reading this (I didn't think of this because my personal pc at work already had IPV6 disabled) but I had issues with other Windows 7 clients connecting to the domain, but disabling IPV6 on the client allowed me to connect to the domain. I know it's not the "right" way to fix it, but we still use IPv4 on our network anyways. – codewario Mar 17 '11 at 20:26
1

The domain name may be resolving through netbios, but not working via DNS.

Try a simple nslookup domainname and see if it returns the IP addresses of your domain controllers.

Are you using the netbios name of the domain, or the fully-qualified name? Try with the full name, if you aren't; might be a search suffix issue.

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
  • "nslookup old_domain" returns the correct FQDN, and "nslookup new_domain" does not. I have been using the short names, I will give the long name a go. – codewario Mar 16 '11 at 19:16
  • @MetalSearGolid Try an nslookup on the fully-qualified domain name of the new domain; it should be something like `new_domain.company.com`. If that returns the IP addresses of the domain controllers, then put the same thing (the FQDN) in the domain-join dialog; it should work. – Shane Madden Mar 16 '11 at 19:20
  • old_domain and new_domain? It sounds like you're setting up a new domain rather than migrating from the old, is that the case? – joeqwerty Mar 16 '11 at 19:20
  • It doesn't even find the domain when I use the FQDN, only the short name. – codewario Mar 16 '11 at 19:22
  • I am creating a new domain, when I say migrate, I mean moving resources from the old server to the new – codewario Mar 16 '11 at 19:23
  • @Shane Madden: It returns the IP address of the old domain controller, which is still active, but it says that the new domain is non-existant. – codewario Mar 16 '11 at 19:26
  • @MetalSearGolid In that case, your DNS configuration is probably pointing at the old domain's DNS servers. The easiest solution would be to point the Windows 7 system at the new domain controllers for DNS (this may be a DHCP setting, or may be set manually in network properties). If for some reason you need to keep pointing at the old servers, then you'll need to create a DNS delegation for the new domain name, pointing to the new servers. – Shane Madden Mar 16 '11 at 19:26
-1

I fixed the problem. Somehow all of my DNS forwarding settings for our new domain (on the new DC/DNS server) were pointing to an incorrect IP address. Once I changed these settings and rebooted the server (not sure if it was necessary but I figured it did no harm), I was able to bind a Windows 7 machine successfully to the domain.

codewario
  • 548
  • 3
  • 16
  • 36
  • Won't let me accept my own answer but this is what worked for me. – codewario Mar 16 '11 at 20:02
  • So the real solution was to repoint the client at the correct DNS servers; your forwarder config was preventing internet access but wasn't preventing domain joins. Both other answers made this recommendation, I would suggest accepting the one from @Bret Fisher as it doesn't require a deep dive into comments to find. – Shane Madden Mar 16 '11 at 20:11