Let us find the configuration sheet on your Windows 8 machine so that it
can join
a domain; I began by
clicking on the Computer (Icon), then Properties. That took me to the Control Panel
System and Security, System. The next step, which you can see on the screen below,
is to click on 'Change
settings'.
Connecting to the Domain
From the System Properties sheet, Click on 'Change' and set the
radio button to 'Domain:' now type the name of YOUR domain in the 'Member
of' box. See screenshot below.
In my example I used the name 'BigDom'; if this did not join my Windows 8 machine to
the domain, I would have typed the fully qualified domain name, e.g.
BigDom.Local Incidentally you could use the same technique to
join a Workgroup.
Guy Recommends: A Free Trial of the Network Performance Monitor(NPM)
SolarWinds'
Orion performance monitor
will help you discover what's happening on your network. This
utility will also guide you through troubleshooting; the dashboard will
indicate whether the root cause is a broken link, faulty equipment or
resource overload.
What I like best is the way NPM suggests solutions to network
problems. Its
also has the ability to monitor the health of individual VMware
virtual machines. If you are interested in troubleshooting, and creating
network maps, then I recommend that you try NPM now.
Microsoft client operating systems have been joining Windows domains since NT
3.5; each new client employs the above technique, but for each successive
operating system Microsoft introduce
adjustments to the under-the-covers joining procedure; as a result each
Windows clients experienced different
connection problems for certain DNS and security configurations.
a) Is this a permissions problem? Make sure you have the domain
administrator's password.
b) Or more likely, is it a connectivity problem. Can your Windows 8 machine
'see' the domain controller?
Check the Basics Can you ping the Domain Controller?
Can you view the server from
the Control Panel, Network? If yes, then examine the Windows 8 client's
TCP/IP values.
Microsoft's Detailed Troubleshooting Advice
The domain name "BigDom" might be a NetBIOS domain name, which
differs from the DNS name. If this is the
case, verify that the domain name is properly registered with WINS.
If you are certain that the name is not merely a NetBIOS domain name, then
Microsoft supplied this information to help troubleshoot your DNS configuration.
The following error occurred when DNS was queried for the service
location (SRV) resource record used to locate an Active Directory Domain
Controller (AD DC) for domain "BigDom":
The error was: "DNS name does not exist." (error code 0x0000232B
RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.BigDom
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not
registered in DNS. These records are registered with a DNS server
automatically when a AD DC is added to a domain. They are updated by the AD
DC at set intervals. This computer is configured to use DNS servers with the
following IP addresses:
192.168.1.200
- One or more of the following zones do not include delegation to its
child zone:
BigDom . (the root zone)
Note: This information is intended for a network administrator. If you
are not your network's administrator, notify the administrator that you
received this information, which has been recorded in the file
C:\Windows\debug\dcdiag.txt.
SolarWinds Firewall Browser
Here is an utility where you can review firewall settings such as
access control lists (ACL), or troubleshoot problems with network
address translation (NAT).
Other reasons to download this SolarWinds Firewall Browser include
managing requests to change your firewall settings, testing firewall
rules before you go live, and querying settings with the browser's
powerful search options.
Full Computer Name - System Icon One way of
launching the System Icon is to hold down the Windows key and press the
Pause / Break key.
My first suggestion is to line-up the client's computer name with the
domain name.
Click on 'More..' and append the full dns name to the simple computer
name. For example type:
Win8.BigDom.local. After the reboot try once again to join the Windows 8
computer to the domain.
Check DNS with Ipconfig Despite your best efforts to
make your Windows 8 machine part of an Active Directory domain, you still
get error messages such as:
'The following error occurred attempting to
join the domain. An attempt to resolve the DNS of a DC failed'
It is vital that the
Windows 8 computer can resolve the domain name of the Active Directory that
you are trying to join.
Ipconfig /all always reveals interesting information, particularly the DNS
configuration.
Follow up by testing with ping: ping server.domain.com.
Plain ping server, yields useful clues as to whether it's a firewall
problem or a faulty DNS configuration at the Windows 8 client. The situation maybe that ping or ICMP packets are allowed through the firewall, but the ports needed to join the domain are blocked.
NSLookup may also help troubleshoot DNS problems.
TCP/IP Adapter Settings Visit the Network and Sharing Center
(in the Control Panel), select the adapter then check:
'Change adapter settings'. Does it have the
correct DNS server in the TCP/IPv4 property sheet?
If it already receives an IP Address and a DNS server address via DHCP then this
less likely to be the root problem, nevertheless you could manually edit the
DNS IP address:
'Use the following DNS server addresses: Preferred DNS server'
Another
idea is to specifically set the DNS address to the Windows Server, normally this is one
and the same machine, but if DNS has its own server, this may enable
you to join Windows 8 to the domain. If you experiment with different values for the IP address you don't need to reboot
Some people prefer to disable IPv6, then try again to change from
a member of a Workgroup to member of a Domain.
Tip 1: Ipconfig /flushdns clears the cache if you are
trying to ping different TCP/IP addresses.
Client for Microsoft Networks Only once have I seen a
machine where the Client for Microsoft was missing, as this is required for
joining a Windows domain make sure its box is ticked. (See right)
I have also heard of problems where a disabled Netlogon service was the root cause
of a Windows 8 machine failing to join a domain. Check this and
dependent services by launching services.msc.
Tip 2: It's always worth comparing the setting with a second machine,
preferably one which has already joined the domain.
Bridged Ethernet for Virtual Machines I have not tried
it myself, but I read that changing the networking setting under Virtual
Machine to Bridged Ethernet allowed Windows 8 to connect to domain.
Tip 3: When things go wrong, and I eventually find a
solution in the logs, I always vow that next time I will start
troubleshooting in system Event Log!
Guy Recommends: SolarWinds Network Topology Mapper (NTM)
NTM will produce a neat diagram of your network topology. But that's
just the start;
Network Topology Mapper can
create an inventory of the hardware and software
of your machines and network devices. Other neat features include dynamic
update for when you add new devices to your network. I also love the ability to export
the diagrams
to Microsoft Visio.
Finally, Guy bets that if you test drive the Network Topology
Mapper then you will
find a device on your network that you had forgotten about, or someone else
installed without you realizing!
This is Guy's most contentious
advice; almost nobody else recommends this albeit temporary security breach. There are two reason that I disable the firewall
when I am troubleshooting; firstly, it has been to know to suddenly
enable the Windows 8 computer to join the domain. Secondly, if I don't
disable the firewall my brain cannot seem to move on, and it fixates on
firewall, when I really want to try another troubleshooting tactic.
I found the firewall settings thus: Control Panel, Windows Firewall. In a more sophisticated domain, you
will
probably have other firewall settings, however the principle is the same.
Windows Server 2008: Firewall Status - Off
Windows 8 Computer: Firewall Status - On
As a compromise, you could keep the firewall turned on for the public
network, and try turning off for the work or private location.
One sign that it was indeed a firewall problem was when I ran the command: ping server. I got a reply from not from plain server, but from server.domain.com. This was an indication that not only were the
ICMP (ping) ports open, but also that DNS was correctly configured and resolved my request for server to the fully qualified server.domain.com.
As I only got this response after disabling the firewall, my conclusion was firewall was blocking the ports needed
for Windows 8 to join the domain.
Even by opening
ports, 389, 135, 88 and 53 I still could not join the domain. This is why I took the ruthless approach and just temporarily turned the Windows Firewall Off on the server
side.
»
Rumours and Red Herrings About Joining a Domain
WINS
I heard a rumour that the only way to solve problems such as 'The following
error occurred attempting to join the domain', was to enable WINS. All
I can say is that WINS did not help in my situation.
Upgrading from Windows 7 If you upgrade a computer
that is already in a domain, to Windows 8 this has no effect on the domain
membership. In other words, it's perfectly safe to upgrade a Windows 7
domain member to Windows 8 and retain your domain membership.
Creating a
Computer Account in Active Directory
While there is no harm in creating a computer account in the name of the machine that you want to join to the domain, this is neither essential, nor is it the root cause of this error. The only
problem that creating a computer solves is if the account that is trying to join the
Windows 8 machine to the domain, is NOT a Domain Admin. Even in this situation,
Windows 8 provides a dialog box so that
you can enter the name of Domain Admin and thus overcome permission problems.
Window 8 either joins the Active Directory domain easily, or else requires a
deal of troubleshooting involving DNS name resolution.
In my troubleshooting experiments one way of persuading a
Windows 8 machine to join an Active Directory domain was turning off the
firewall at the Windows Server 2008 end. In my opinion 'The following error occurred attempting to join the domain' is most likely to be a firewall problem. The other possibility is that the
TCP/IP settings for DNS are incorrect. Fortunately it's easy to check the DNS name resolution by using ipconfig and ping.
If you like this page then please share it with your friends
Guy Recommends:
SolarWinds' NPM - Network Performance Monitor
SolarWinds' performance monitor is designed for detecting network outages,
making it easy to see what's working, and what needs your attention.
This utility guides you through creating network maps; it also helps
identifying whether the
root cause is faulty equipment, or resource overload. Give NPM a try.
