network path was not found when trying to join domain
RW
this, we built new DC for new remote site, sites are connected site-to-site
vpn all routing is working ports are open between sites. New DC was built
with temp IP from HQ range location once moved to remote site new IP was
assigned, all DNS records were updated with new IP, DC was moved to its own
Site in AD topology, replication between sites works, local PCs and servers
in this remote sites are authenticating against new DC, DHCP is working, DNS
on this DC technically works as well meaning nslookup works as expected.
There are 2 visible issues which makes me believe there is a problem with DNS:
1. cannot join to domain any new workstations or server in remote site
regardless if they get IP from DHCP or static
"The following error occurred atempting to join the domain: <domain_name>:
The network path was not found"
2. if I open MMC on this particular DC in remote site and try to add other
DNS servers to MMC all works, but if I try to add this DC's DNS to MMC in our
HQ site I get this message:
"The server is unavailable. Would you like to add it anyway?" and it cannnot
be manage from remote location
same thing is I try to open Active Directory User and Computers and connect
to DC in remote site I get:
"The following domain controller could not be contacted: <DC_name> The RPC
server is unavailable"
any idea what I'm missing here?
Danny Sanders
> The network path was not found"
This is a classic sign that the computer you are trying to loin to the
domain can not find the SRV records fo the DC.
Verify that the new DC points to itself for DNS in the properties of TCP/IP,
this will allow the server to register it's SRV records in the DC's DNS
zone. Use the actual IP address not 127.0.0.1.
Verify that the client being added to the domain points to the DNS server
for your domain only. This way the client can "find" the SRV records for the
domain and join it.
hth
DDS
"RW" <R...@discussions.microsoft.com> wrote in message
news:F9C6E845-6B95-420B...@microsoft.com...
Ace Fekay [MCT]
news:uTn4b%23BKKH...@TK2MSFTNGP04.phx.gbl...
>> "The following error occurred atempting to join the domain:
>> <domain_name>:
>> The network path was not found"
>
>
> This is a classic sign that the computer you are trying to loin to the
> domain can not find the SRV records fo the DC.
>
> Verify that the new DC points to itself for DNS in the properties of
> TCP/IP, this will allow the server to register it's SRV records in the
> DC's DNS zone. Use the actual IP address not 127.0.0.1.
>
> Verify that the client being added to the domain points to the DNS server
> for your domain only. This way the client can "find" the SRV records for
> the domain and join it.
>
> hth
> DDS
Danny,
I agree. This is a classic DNS misconfig issue.
For RW, this can usually be attributed to one or more of the following
possibilities:
1. Using an ISP, router or some other external DNS server as a DNS address
in the server and workstations. All machiens must only point to the internal
DNS servers, no others. Otherwise expect major problems. COnfigure a
forwarder to your ISP's DNS in your DNS properties.
2. Single label DNS FQDN domain name ("domain" vs the minimal hierarchal
name of 'domain.com' domain.net' etc)
3. Multihomed DC (more than one NIC and/or IP and/or RRAS installed). SBS is
the only exception to this rule.
4. Disjointed namespace (the DC's Primary DNS Suffix doesn't match the AD
domain name)
5. DNS zone does not allow updates
6. DNS zone does not match the AD domain name
RW, if you can provide us an unedited ipconfig /all from the server and one
of your workstations, we can provide suggestions and recommendations to fix
this.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.
Ace Fekay, MCT, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer
For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.
RW
> > "The following error occurred atempting to join the domain: <domain_name>:
> > The network path was not found"
>
>
> This is a classic sign that the computer you are trying to loin to the
> domain can not find the SRV records fo the DC.
SRV record is there
> Verify that the new DC points to itself for DNS in the properties of TCP/IP,
> this will allow the server to register it's SRV records in the DC's DNS
> zone. Use the actual IP address not 127.0.0.1.
it does point to itself
> Verify that the client being added to the domain points to the DNS server
> for your domain only. This way the client can "find" the SRV records for the
> domain and join it.
it does regardless if it it gets this info from dhcp or static, client has
only one IP for DNS
Danny Sanders
hth
DDS
"RW" <R...@discussions.microsoft.com> wrote in message
news:F31B6898-8C18-44FB...@microsoft.com...
RW
> "Danny Sanders" <dsan...@NOSPAMbrakesplus.com> wrote in message
> news:uTn4b%23BKKH...@TK2MSFTNGP04.phx.gbl...
> >> "The following error occurred atempting to join the domain:
> >> <domain_name>:
> >> The network path was not found"
> >
> >
> > This is a classic sign that the computer you are trying to loin to the
> > domain can not find the SRV records fo the DC.
> >
> > Verify that the new DC points to itself for DNS in the properties of
> > TCP/IP, this will allow the server to register it's SRV records in the
> > DC's DNS zone. Use the actual IP address not 127.0.0.1.
> >
> > Verify that the client being added to the domain points to the DNS server
> > for your domain only. This way the client can "find" the SRV records for
> > the domain and join it.
> >
> > hth
> > DDS
>
>
> Danny,
>
> I agree. This is a classic DNS misconfig issue.
>
> For RW, this can usually be attributed to one or more of the following
> possibilities:
>
> 1. Using an ISP, router or some other external DNS server as a DNS address
> in the server and workstations. All machiens must only point to the internal
> DNS servers, no others. Otherwise expect major problems. COnfigure a
> forwarder to your ISP's DNS in your DNS properties.
>
both DC and clients point to same DNS which is DC itself
> 2. Single label DNS FQDN domain name ("domain" vs the minimal hierarchal
> name of 'domain.com' domain.net' etc)
unfortunatelly our domain is single label, but this is not preventing us to
join domin in HQ only remote site
>
> 3. Multihomed DC (more than one NIC and/or IP and/or RRAS installed). SBS is
> the only exception to this rule.
No
> 4. Disjointed namespace (the DC's Primary DNS Suffix doesn't match the AD
> domain name)
Not a case here
>
> 5. DNS zone does not allow updates
it does
>
> 6. DNS zone does not match the AD domain name
it does
>
> RW, if you can provide us an unedited ipconfig /all from the server and one
> of your workstations, we can provide suggestions and recommendations to fix
> this.
there is something more no just simple IP config we dealing here with when I
run dcdiag /e /test:dns on working DC I get:
DC: <dc_server_name I have problem with>
Domain: <our_domain>
TEST: Authentication <Auth>
Error: Authentication failed with specified credentials
TEST: Basic <Basc>
Error: Open Service Control Manager Failed
so basically DNS test fails for this DC
Ace Fekay [MCT]
>
>> 2. Single label DNS FQDN domain name ("domain" vs the minimal hierarchal
>> name of 'domain.com' domain.net' etc)
>
> unfortunatelly our domain is single label, but this is not preventing us
> to
> join domin in HQ only remote site
>
>>
>> one
>> of your workstations, we can provide suggestions and recommendations to
>> fix
>> this.
>
> there is something more no just simple IP config we dealing here with when
> I
> run dcdiag /e /test:dns on working DC I get:
>
> DC: <dc_server_name I have problem with>
> Domain: <our_domain>
>
> TEST: Authentication <Auth>
> Error: Authentication failed with specified credentials
>
> TEST: Basic <Basc>
> Error: Open Service Control Manager Failed
>
> so basically DNS test fails for this DC
The issue is the single label name. Locally at HQ, it's using NetBIOS to
join, however remotely, it's relying on DNS. DNS queries do not work
properly with single label names on Windows 2000 SP4 and all newer machines.
Period. Why? good question. It's based on the fact DNS is hierachal.
Hierarchal meaning it must have multi levels, a minimum of two levels.
The TLD (top level domain) is the root name, such as the com, net, etc
names. The client side resolver service algorithm (which is governed by the
DHCP Client service which must be running on all machines, static or not),
relies on that name for the basis to find the second level name (the name
"domain" in domain.com, etc). If the name is a single label name, it thinks
THAT name is the TLD. Therefore it then hits the Internet Root servers to
find how owns and is authorative for that TLD.Such as when looking up
microsoft.com. It queries for the COM portion, which the roots return the
nameservers responsible for the COM servers, then it queries for the servers
responsible for microsoft. If it's a single label, the query ends there, and
it won't go further. However what is funny (sic) is that even though the
single label name is being hosted locally in DNS, it will NOT query locally
first, because it believes it is a TLD, therefore goes through the normal
resolution (recursion and devolution) process, which causes excessive query
traffic to the internet Root servers.
Here's an explanation from a Microsoft engineer:
============
Single label names, from Alan Woods, MS:
"We really would preffer to use FQDN over Single label name. There are
alot of other issues that you can run into when using a Single labeled
domain name with other AD integrated products. Exchange would be a great
example. Also note that the DNR (DNS RESOLVER) was and is designed to
Devolve DNS requests to the LAST 2 names.
Example: Single Labeled domain .domainA
then, you add additional domains on the forest.
child1.domainA
Child2.child1.domainA
If a client in the domain Child2 wants to resolve a name in domainA
Example. Host.DomainA and uses the following to connect to a share
\\host then it is not going to resolve. WHY, because the resolver is
first going to query for first for Host.Child2.child1.domainA, then it
next try HOST.Child1.domainA at that point the Devolution process is
DONE. We only go to the LAST 2 Domain Names.
Also note that if you have a single labeled domain name it causes excess
DNS traffic on the ROOT HINTS servers and being all Good Internet Community
users we definitely do not want to do that. NOTE that in Windows 2003,
you get a big Pop UP Error Message when trying to create a single labeled
name telling you DON'T DO IT. It will still allow you to do it, but you
will still be required to make the registry changes, which is really not
fun.
Microsoft is seriously asking you to NOT do this. We will support you but
it the end results could be limiting as an end results depending on the
services you are using.
Thank you,
Alan Wood[MSFT]"
============
As a temporary resort, you can use the patch/bandaid registry entry to force
resolution and registration that is mentioned in the following link. This
must be applied to every machine. Unfortunately it must be done on every
machine in the domain, including the DCs, member servers, workstations and
laptops.
300684 - Information About Configuring Windows 2000 for Domains with
Single-Label DNS Names:
http://support.microsoft.com/?id=300684
More Info:
Common Mistakes When Upgrading a Windows 2000 Domain To a Windows 2003
Domain
http://support.microsoft.com/?id=555040
825036 - Best practices for DNS client settings in Windows 2000 Server and
in Windows Server 2003:
http://support.microsoft.com/?id=825036
DNS and AD (Windows 2000 & 2003) FAQ:
http://support.microsoft.com/?id=291382
Naming conventions in Active Directory for computers, domains, sites, and
OUs (Good article on DNS and other names)
http://support.microsoft.com/kb/909264
Ace