Guy Recommends

A solution to monitor, manage and archive thousands of events that are generated by devices across the entire network. 
Download FREE trial

---

---

Guy's Top 10 Free Tools

1) FreePing
2) Network Monitor
3) Xobni
4) PuTTY (UNIX)
5) IP SLA Monitor
6) BgInfo
7) Net-SNMP
8) Engineer's Toolset
9) Exchange Monitor
10) WinDiff

Persuading Vista to Join a Domain

Persuading Vista to Join a Domain

Mission: To persuade Vista to Join a Domain

Most of the time Vista machines join an Active Directory domain without any trouble, (just as they did in XP).  However, sometimes all that you get is error messages, for example:

'The following error occurred attempting to join the domain.  An attempt to resolve the DNS of a DC failed'

The mission of this page is to troubleshoot those reluctant Vista machines and persuade them to join your Windows Server 2003 domain.

Factors to Consider When Joining a Domain

• System Icon
• Troubleshooting DNS
• TCP/IP settings
• Firewall Problem
• Rumours and Red Herrings
• Summary of Persuading Vista to Join a Domain

 ♦

Introduction

The methods for joining a Vista computer to an Active Directory domain are the same as they were for XP machines.  To recap, either be organized and create a computer account in Active Directory, before you go to the Vista machine, or else create a new computer account as you join the domain from the Vista machine.

My goal is to separate the important from the irrelevant.  Here follows a troubleshooting report of what I did, and what worked for me.

System Icon

The quickest way to launch the System Icon is to hold down the Windows key and press the Pause / Break key.  Alternatively, navigate to the Control Panel, System and Maintenance and System. 

What you are seeking is to change the 'Member of' radio button from Workgroup to Domain.

Experiment with a simple domain name, for example 'CP', or choose the fully qualified domain name, 'CP.mosel'.  You may also wish to click on 'More..' and append the full dns name to the simple computer name, for example Vista.cp.mosel.

DNS - Tricky as Usual

It is vital that the Vista machine can resolve the domain name of the Active Directory that you seek to join.

Start your troubleshooting with ipconfig /all.  Check the name of the DNS server.  Follow up with by testing: ping server.domain.com.  Also plain: ping server, yields useful clues as to whether it's a firewall problem or a faulty DNS configuration at the Vista client.  The situation maybe that ping or ICMP packets are allowed through the firewall, but the ports needed to join the domain are blocked.

If the error says:

An attempt to resolve the DNS name of the DC in the domain being joined failed.

You have to respect the Vista message and research whether it's a DNS configuration error or a related problem such as the firewall settings.

TCP/IP Settings

What I recommend is start your troubleshooting at the Control Panel, navigate to the Network and Internet, Network Connections, Local area connection; now right click and select Properties, Internet Protocol Version 4 and Properties.  You should see the screen shot opposite.  Concentrate on:
 '• Use the following DNS server addresses:
    Preferred DNS server'

Remember, only you know the correct IP address for this DNS server, don't slavishly copy my IP address.

If you are using DHCP and the Scope Options are correctly configured you could leave the radio button at:
 ' • Obtain DNS server address automatically'. 

If you experiment with different values for the IP address you don't need to reboot.

Tip: ipconfig /flushdns clears the cache if you are trying to ping different TCP/IP addresses.

Firewall Problem

In my experiments to join a Vista machine to a domain, the firewall was the crucial setting.  The only way that I could succeed was to disable the firewall on the Windows Server 2003.  You find the menus via:  Control Panel, Windows Firewall.  In a more sophisticated domain, you probably other firewall settings, however the principle is the same.

Windows Server 2003: Firewall Status - Off

Vista Computer: Firewall Status - On

One sign that it was indeed a firewall problem was when I ran the command: ping server.  I got a reply from not from plain server, but from server.domain.com.  This was an indication that not only were the ICMP (ping) ports open, but also that DNS was correctly configured and resolved my request for server to the fully qualified server.domain.com. 

My conclusion was firewall was blocking the ports needed for Vista to join the domain.

Even by opening ports, 389, 135, 88 and 53 I still could not join the domain.  Since I am not a professor of firewalls and port numbers, I took the ruthless approach and just temporarily turned the Windows Firewall Off on the server side.

If I turned the Firewall On at the server, the Vista machine just would not join the domain.  When I turned the firewall Off the Vista machines joined the main without any trouble.  For me, this discovery finally sealed the message The following error occurred attempting to join the domain as a firewall problem.

Guy Recommends:  The Orion Network Performance Monitor (NPM) 9.5

Solarwinds' Orion performance monitor is designed for detecting network outages.  This NPM will guide you through troubleshooting by indicating whether the root cause is a broken link, faulty equipment or resource overload.  Because it produces network-centric views, it is intuitive to navigate, and as result you can see easily what's working and what's not.

Perhaps Orion's best feature is the way it suggests solutions.  Moreover, if problems arise out of the blue, then you can configure Orion NPM 9.5 to notify members of your team what's changed and how to fix it.

If you are interested in testing a professional performance monitor on your network, then I recommend that you take advantage of Solarwinds' offer of a download a free trial of Orion's Network Performance Monitor.

Rumours and Red Herrings

WINS
I heard rumours that the only way to solve problems such as 'The following error occurred attempting to join the domain', was to enable WINS.  All I can say is that WINS did not help in my situation.  What I say is good luck if in fact WINS is you salvation, however, I can see no reason why it should help, other than if your DNS is mis-configured.

Creating a computer account in Active Directory 
While there is no harm in creating a computer account in the name of the machine that you want to join to the domain, this is neither essential, nor is it the root cause of this error.  The only problem that creating a computer solves, is if the account that tries to join the Vista machine to the domain is NOT a Domain Admin.  Even in this situation, Vista provides a dialog box so that you can enter the name of Domain Admin and thus overcome permission problems.

Summary of Joining Vista to a Domain

In my troubleshooting experiments the key to persuading a Vista machine to join an Active Directory domain was turning off the firewall at the Windows Server 2003 end.  In my opinion The following error occurred attempting to join the domain is most likely to be a firewall problem.  The other possibility is that the TCP/IP settings for DNS are incorrect.  Fortunately it's easy to check the DNS name resolution by using ipconfig and ping.

Windows Vista Training

Train Signal have an excellent Windows Vista Training Course.  As an MCT trainer, I am a huge advocate of Train Signal’s products.  What impresses is me is that they demonstrate everything that they teach and they stay away from traditional 'lecture-style' training.  If you are looking for a complete DETAILED coverage of Windows Vista, then I highly recommend that you give this course a try.  I have reviewed their 18 hours of videos myself, and I guarantee that you will not be disappointed!

Watch a Vista Training Video Demo.

Configuring Windows Vista Topics:

 *