Error while joining Windows XP client to windows 2000 domain

[Rajesh Shah]

Hello,

I have a Windows2000 Advance Server as a Domain Controller
with Active Directory & DNS.

When i try to join the WIN XP client to the domain i get
the following error. IP Address of the server is
148.172.135.11 & on the client side it is 10.128.184.146
onwards..

"A domain controller for the domain could not be contacted

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for
_ldap._tcp.dc._msdcs.DOMAIN NAME

Common causes of this error include the following:

- The DNS SRV record is not registered in DNS."

Can you pls. help us to resolve this problem.??

 

[Ace Fekay [MVP]]

In

Hello,

I have a Windows2000 Advance Server as a Domain Controller
with Active Directory & DNS.

When i try to join the WIN XP client to the domain i get
the following error. IP Address of the server is
148.172.135.11 & on the client side it is 10.128.184.146
onwards..

"A domain controller for the domain could not be contacted

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)

The query was for the SRV record for
_ldap._tcp.dc._msdcs.DOMAIN NAME

Common causes of this error include the following:

- The DNS SRV record is not registered in DNS."

Can you pls. help us to resolve this problem.??

Is 148.172.135.11 a public DNS server or the domain controller?

If 148.172.135.11 is the domain controller, and the client is behind a NAT,
it won't work. Kerberos, LDAP, and RPC cannot traverse a NAT.

If 148.172.135.11 is a public DNS server, then that will cause numerous
issues. For AD, all machines must ONLY use the internal DNS server that is
hosting the AD zone. It is looking for that record in your post:
_ldap._tcp.dc._msdcs.DOMAIN NAME
Which the ISP's DNS server will not have.

That _ldap record is an SRV record registered by your domain controller(s).
Do the SRV records under your zone name in DNS exist?

Also, I hope that "DOMAIN NAME" that you used is not a single label name
(should be domain.com, domain.local, etc) or that will cause numerous other
issues as well.

If you can, can you post an ipconfig /all from the client and from the DC to
better assist? That info will surely help us.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Rajesh Shah]

-----Original Message-----
In Rajesh Shah <[email protected]> made a post then I commented below

Is 148.172.135.11 a public DNS server or the domain controller?

If 148.172.135.11 is the domain controller, and the client is behind a NAT,
it won't work. Kerberos, LDAP, and RPC cannot traverse a NAT.

If 148.172.135.11 is a public DNS server, then that will cause numerous
issues. For AD, all machines must ONLY use the internal DNS server that is
hosting the AD zone. It is looking for that record in your post:
_ldap._tcp.dc._msdcs.DOMAIN NAME
Which the ISP's DNS server will not have.

That _ldap record is an SRV record registered by your domain controller(s).
Do the SRV records under your zone name in DNS exist?

Also, I hope that "DOMAIN NAME" that you used is not a single label name
(should be domain.com, domain.local, etc) or that will cause numerous other
issues as well.

If you can, can you post an ipconfig /all from the client and from the DC to
better assist? That info will surely help us.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

When i tried joining 1 win xp client this got joined &
when i tried joining 2nd winxp client it gave me the above
mentioned error.

I am using internal dns which is installed on the
148.172.135.11 domain controller & the domain name i am
using is "domainname.com"

I can see 4 types of srv records under ad zone. &
148.172.135.11 is not a public dns server.

I am surprised that my 2nd winxp client failed to join the
domain with above error. why.???

I am not at the site to provide you the ipconfig/all at
the moment because the site is 500 kms. away from where i
am ..

Hope the above information provides you to come to a
resolution.

 

[Ace Fekay [MVP]]

In

Hello Ace,

When i tried joining 1 win xp client this got joined &
when i tried joining 2nd winxp client it gave me the above
mentioned error.

I am using internal dns which is installed on the
148.172.135.11 domain controller & the domain name i am
using is "domainname.com"

I can see 4 types of srv records under ad zone. &
148.172.135.11 is not a public dns server.

I am surprised that my 2nd winxp client failed to join the
domain with above error. why.???

I am not at the site to provide you the ipconfig/all at
the moment because the site is 500 kms. away from where i
am ..

Hope the above information provides you to come to a
resolution.

HI Rajesh,

Thanks for the additonal info. Good to hear the SRV records exist. I'm just
confused about the 10.128.184.146 IP address. That appears to be a NAT
private number and the 148.172.135.11 appears to be a public IP. Hence, why
I assumed there was a NAT device between them. Normally going thru a NAT
with AD communication doesn't work. But since you already got one joined,
its somewhat confusing, so I may not be seeing the whole picture here.

The error "DNS name does not exist" means it cannot find it in DNS. Look in
your SRV records for your _ldap.DCname..domain.com record to see if it's
there. Under _msdcs.gc, does a GC exist for your forest?

I'm going to assume this is not XP Home and it's Pro. (Home can't join).
Normally to join, as long as its using the DNS that AD is using, it will
normally join. How did you supply the domain name? Did you use the Netbios
name ('domain') or the domain FQDN ('domain.com')? Whichever way you did,
try it the other way.


--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.

 

[Jonathan de Boyne Pollard]

MF> Kerberos, LDAP, and RPC cannot traverse a NAT.

LDAP has no problems traversing NAT. I've sat on a machine with a
non-public IP address and spoken LDAP to servers on Internet, via NAT,
with no problem whatever.

NAT implementations have problems with loopback. But those problems are
generally applicable to _all_ TCP services, not merely to LDAP.

 

[Deji Akomolafe]

On the XP machine, look in TCP/IP properties, uncheck the "use lmhosts"
option. Reboot and retry.

HTH

--
Sincerely,

Dèjì Akómöláfé, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - COMPLETE SPAM Protection
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon


"Ace Fekay [MVP]"