stwong Posted July 19, 2011 Posted July 19, 2011 Hi all, I'm newbie to Windows and sorry for the FAQ. A domain (mydom.edu.hk) is setup with 2 DCs. Clients on other vlan can't join the domain with error "The network was not found". All ports between DCs and clients are opened in firewall, while Windows firewall are disabled for testing purpose. Then on the DCs, I run dcdiag /v /c /e /d and got following error: ------------ cut here ----------- Testing server: Default-First-Site-Name\MY-DC1 Starting test: Advertising The DC MY-DC1 is advertising itself as a DC and having a DS. The DC MY-DC1 is advertising as an LDAP server The DC MY-DC1 is advertising as having a writeable directory The DC MY-DC1 is advertising as a Key Distribution Center The DC MY-DC1 is advertising as a time server The DS MY-DC1 is advertising as a GC. ......................... MY-DC1 passed test Advertising Starting test: CheckSecurityError * Dr Auth: Beginning security errors check! Found KDC MY-DC1 for domain mydom.edu.hk in site Default-First-Site-Name Checking machine account for DC MY-DC1 on DC MY-DC1. Could not open pipe with [MY-DC1]:failed with 53: The network path was not found. Could not get NetBIOSDomainName Failed can not test for HOST SPN Failed can not test for HOST SPN * SPN found :LDAP/my-dc1.mydom.edu.hk/mydom.edu.hk * SPN found :LDAP/my-dc1.mydom.edu.hk * SPN found :LDAP/MY-DC1 ----------- cut here ----------- while dcdiag gives: --------------------- cut here ------------------------ Doing primary tests Testing server: Default-First-Site-Name\MY-DC1 Starting test: Advertising ......................... MY-DC1 passed test Advertising Starting test: FrsEvent ......................... MY-DC1 passed test FrsEvent Starting test: DFSREvent ......................... MY-DC1 passed test DFSREvent Starting test: SysVolCheck [MY-DC1] An net use or LsaPolicy operation failed with error 53, The network path was not found.. ......................... MY-DC1 failed test SysVolCheck Starting test: KccEvent ......................... MY-DC1 passed test KccEvent Starting test: KnowsOfRoleHolders ......................... MY-DC1 passed test KnowsOfRoleHolders Starting test: MachineAccount Could not open pipe with [MY-DC1]:failed with 53: The network path was not found. Could not get NetBIOSDomainName Failed can not test for HOST SPN Failed can not test for HOST SPN ......................... MY-DC1 passed test MachineAccount --------------------- cut here ------------------------ DNS seems to work if I nslookup my-dc1.mydom.edu.hk on both DCs and clients. I've no idea about cause after some google search. Would anyone please help? Thanks a lot. /ST Wong Quote
ICTCity Posted July 19, 2011 Posted July 19, 2011 The problem is your DNS server, I don't know what, but you can check the event viewer for errors. Something cannot be resolved. Are you sure you've installed AD properly? Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
stwong Posted July 20, 2011 Author Posted July 20, 2011 Thanks for your advice. The domain was setup by other colleagues while I've just picked it up... I can query (forward and reverse) my-dc1.mydom.edu.hk using nslookup against the DNS on the DCs, while there is no error in DNS event log. What else shall I check? Thanks again. Regards, /ST Wong Quote
ICTCity Posted July 20, 2011 Posted July 20, 2011 Here's the problem: Checking machine account for DC MY-DC1 on DC MY-DC1. Could not open pipe with [MY-DC1]:failed with 53: The network path was not found. Could not get NetBIOSDomainName Failed can not test for HOST SPN Failed can not test for HOST SPN * SPN found :LDAP/my-dc1.mydom.edu.hk/mydom.edu.hk * SPN found :LDAP/my-dc1.mydom.edu.hk * SPN found :LDAP/MY-DC1 So, let's check some settings. Right click "COMPUTER" > Properties and select the tab COMPUTER NAME. Check if FULL COMPUTER name matches with DOMAIN. Example: full name: mycomputer.mydomain.local.private domain: mydomain.local.private. This is OK. If you have something like this: full name: mycomputer.mydomain.local.private domain: mydomain.private. This is a DNS SUFFIX MISMATCH. Anyway, once you have checked these settings, type ipconfig /all on a command prompt and check the entry "Connection-specific DNS Suffix" if this is different from the domain you found in "computer name tab", right click on your network connection, properties > TCP/IP (v4) > properties > advanced > general and modify the DNS suffix. Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
stwong Posted July 21, 2011 Author Posted July 21, 2011 Hi, the "Connection-specific DNS Suffix" is empty on the DCs. I updated and reboot them all. However, dcdiag still gets the same error while the clients still can't join the domain. What else shall I check? Thanks again. Best Regards, /ST Wong Quote
ICTCity Posted July 22, 2011 Posted July 22, 2011 After the update / reboot, the "Connection-specific DNS Suffix" is correct? Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
ICTCity Posted July 25, 2011 Posted July 25, 2011 Assuming that netbios is up & running, check your COMPUTER container, you SHOULD NOT see your domain controller, it should be only in DOMAIN CONTROLLER OU. Let me know. Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
stwong Posted July 25, 2011 Author Posted July 25, 2011 Netbios is not running. I enabled it and tried again. I see the DC computers' names appear in both COMPUTER and DOMAIN CONTROLLER in "Active Directory User and Computers" utility. Sorry that I accidentally deleted the computers from COMPUTER but can't be added back. What should I do next? Thank you very much. Quote
stwong Posted July 25, 2011 Author Posted July 25, 2011 Anyway, I'm going to setup the domain from scratch again to check if any step missed. Thanks for your help. Quote
ICTCity Posted July 25, 2011 Posted July 25, 2011 DC must not be on COMPUTER OU, but now you have the same error with netbios running? Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
stwong Posted July 26, 2011 Author Posted July 26, 2011 We didn't add DC to COMPUTER OU. Will it be added in any setup step? Let's see if the problem can be 'resolved' after re-installing the domain (by different colleague :). Anyway, seems NETBIOS is needed although not mentioned in domain setup steps? Thank you very much for your help. Quote
ICTCity Posted July 26, 2011 Posted July 26, 2011 NETBIOS should be running to avoid any problem related to name resolution. Unlucky, netbios is still used by MS, although MS says this is not true... Quote -------------------------------------------------------- Tu peux aussi crire en franais. Du kannst auch auf Deutsch schreiben. Puoi scrivere anche in italiano. --------------------------------------------------------
Recommended Posts