Sign in with
Sign up | Sign in
Your question

An attempt to resolve the DNS name of a domain controller in the domai

Last response: in Business Computing
Share
December 16, 2012 8:29:45 PM

"An attempt to resolve the DNS name of a domain controller in the domain being joined has failed."

This is the error message I get whenever I try to connect to my servers domain which I just set up earlier today. I have read through a bunch of other threads on the same error message but each of them has had different solutions and none of them have helped me.

The one thing that I suspect is related to my problem is that I can't ping my domain on the W7 computer I'm trying to connect. I can ping the server, but not the domain. the domain i'm using is set up like "domain.local" .


Other things that might be relevant.
I'v already set up user accounts and a computer under the Server 2012 active domain administrator settings.
I'v port forwarded ports 80 and 443 on the server.
The server has a static IPv4 IP adress. I haven't done anything with IPv6
The W7 computer has a dynamic IP adress, but I don't think it changes. I believe my router is set up to keep it constant, not 100% sure though.

Thanks for any help with this, I'm pretty much out of ideas on this.

December 17, 2012 8:11:52 PM

Are you using DHCP? If so, you need to hand out the DNS addresses via DHCP to the W7 system. If not, you'll have to set the IP/Subnet/Gateway/DNS servers manually.

If you're letting your router hand out DHCP, it'll hand it out for the public internet, not your local network.

The easiest way would be to configure your Server with DNS. DNS would have forwarder(s) pointing to your ISP's DNS servers. You would run DNS locally on your private network. Your individual systems would have a static IP address set (most likely, you can do dynamic) but you need to configure a static IP address for DNS to point to your local server hosting DNS.

When your W7 makes a request, it'll hit your local DNS server. It'll resolve it and if not forward it out to the public DNS servers.
December 17, 2012 8:41:24 PM

^+1 Your not getting DNS settings to your workstation.
Related resources
December 18, 2012 12:12:05 AM

I also get this error in the DNS section of Server Manager.

Quote:
The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.


EDIT: However, this is followed by event 2 and event 4 which mean that its set up fine. I really appreciate the help but I'm doing this to learn how and I'm having a hard time following what your saying riser.

December 18, 2012 10:55:57 AM

When you deploy Active Directory you have to have DNS already installed. You'll want to configure your server to have static IP addresses. Point your AD DC (active directory domain controller also hosting DNS) to itself and DNS should forward to your ISP's DNS.

Write out your info like the IP address scheme of your system(s) and we can work through it.
December 18, 2012 11:38:21 AM

Only what riser already said, but in different words: You PC needs to resolve the domain name mydomain.local to an ip-address. Because it got it's own IP address from the router, it uses the router as it's DNS server and the router uses the DNS of your ISP. Both don't know about your AD DC. That's why you need to point your PC to the AC DC to use it as it's DNS. The DNS on the AC DC needs to know, where to resolve names outside it's own network and that's your router or the ISPs DNS.
A dirty shortcut to get it to work though is, to enter your domain name and the static AD DC ip-address in the hosts file on the PC.
December 18, 2012 12:37:39 PM

Communication flow:

PC --> AD DC & DNS (local network, computer names) --> out to Router/ISP DNS (websites)
December 18, 2012 1:39:26 PM

Ok, I'm going to provide as much info as possible and really try to learn stuff here. So thank you for sticking with me.

What I am getting is that I need to have the DNS of my server forward the requests it gets to my routers DNS.

I have looked at the Forwarders in the DNS manager, this is the info
Quote:
IP Adress: 192.168.1.1
Server FQDN: Wireless_Broadband_Router.home


Here are the DNS servers and DHCP Status of the Ethernet Adapters listed under "ipconfig /all."

"Ethernet Adapter Ethernet 2"
Quote:
DNS Servers ...
192.168.1.1 (This would make me think that the DNS is forwarding to my Routers DNS?)
71.252.0.xx (Is it ok to post my DNS Server address's and IP's here?)
DHCP is Enabled on this. (Should I set up a static IP?)



"Ethernet Adapter vEthernet Intel(R) Gigabit Network Connection - VIrtual Switch"
Quote:
DNS Servers ....
::1
127.0.0.1.

DHCP Is disabled on this.


(For the record there are also 3 more tunnel adapters but I won't post the info on those.)

When I first set up AD DC it asked me if I would like to automatically set up a DNS server, which is what i did, should I have set up DNS before trying to set up AD DC?

Things are a little different under the DNS Section of server manager (These values are the same in AD DS.)
Quote:
ServerName: MYSERVER
IPv4 Address: 192.168.1.13, 192.168.1.5


Thank you so much for trying to help, I know I must be frustrating to try and teach.
December 18, 2012 2:50:07 PM

Your ISP is a public DNS server so that isn't an issue. You wouldn't want to post your Router's Public IP address. Rule of thumb, just don't post the last 2 octets of any IP address. No big deal.

Ok, log into your Router and get the actual DNS IP addresses. The 72.x.x.x numbers. On your server in DNS, you want to put the forwarders to those 72.x.x.x numbers. Your server's static IP address should be 192.168.1.13 , subnet 255.255.255.0, gateway 192.168.1.1, and DNS server should be 192.168.1.x (pointing to itself, the server's IP).

Your W7 box will be your IP address you assign (192.168.1.100?), sub, 255.255.255.0 gateway: 192.168.1.1, DNS 192.168.1.13

Your internal private network will have DNS point to your Server's IP address. For the gateway, your internal network will point to your router's IP address. For private network name resolution you will point to your server hosting DNS. For internet name resolution (websites) your DNS server will have fowarder's pointing to the 72.x.x.x numbers (public DNS servers).


Server:
IP: 192.168.1.13
Gateway: 192.168.1.13
DNS: 192.168.1.13

DNS Server settings:
Forwarders: add 72.x.x.x systems

Win7 Box:
IP: 192.168.1.x
Gateway: 192.168.1.1
DNS: 192.168.1.13 & optional 72.x.x.x (for direct website resolution if you want a secondary.)
December 18, 2012 3:22:58 PM

Ok, I'v done all of that. The only thing is that when I type the default gateway into my servers IPv4 settings, and then accept or close or whatever it resets. So I see 0.0.0.0 in the default gateway part of ipconfig /all.

Also, just to make sure. On my server I Only have to set up those settings on "Ethernet Adapter Ethernet 2" Not "vEthernet" right?

EDIT: I noticed in your post you had said to change the Gateway to 192.168.1.1 , and then at the bottom you said put it to 192.168.1.13, It does NOT reset when I put in 192.168.1.1.

DOUBLE EDIT: I did a few things, I changed the Gateway to 192.168.1.1 and it is now listed under ipconfig /all as
Default Gateway: 0.0.0.0
192.168.1.1

Also, I disabled vEthernet. Now the IPv4 address that is listed under server manager for all of the different roles is ONLY 192.168.1.13.
December 18, 2012 4:00:31 PM

Let's ignore the internet for right now. What you're trying to do is build your own private network. Ignore your router and internet.

In order to do that you need your DC up and running and DNS (Domain Name Resolution). If you used DHCP and took the basic settings, when DHCP hands out an IP address it would add that IP and Name into DNS in a Forward Look Up Zone (Name to IP). The Reserver Look Up Zone is optional (IP to Name).

This means your computer would know the names of all systems using DHCP. Since you're not using DHCP you'll have to manually update DNS to have those entries in it. You would simply create a "Host A" record in DNS under your domain name (domain.local) or whatever you named it. It your domain name was contoso.com, that's where you would create the Host A record. The FQDN (Fully Qualified Domain Name) would be myserver.contoso.com.

With that all computers on your private network would know the IP and Name of each other. Each computer would have to point to your own DNS server (your server) - meaning your DNS IP address on each system would point to your server for private name resolution. DHCP makes it simple, in your case doing it static would be easy since you have a system or two.

In order to bring the internet into all this, you need name resolution as well. The way DNS works is it tries to resolve a name and if it can't, it pushes it out to a higher level (from Private to Public DNS). This is what the Forwarder does. If your DNS server can't resolve a website (www.tomshardware.com) it would forward that request 1 hop out to your ISP's Public DNS. That server will resolve it and send that information back to your DNS server which in turn would send that information to the requesting computer. The website would resolve. This all would happen within a second or two.

On the back end, you only have to configure your DNS server to have the forwarders. Nothing else needs to change.

The gateway simply points your systems to a your router which lets it connect to another network (from your private to the public). That's the sole purpose of a router/gateway: connecting dissimilar networks. Based on your IP address (192.x.x.x) your system will know if a request is local (192.x.x.x) or public (nearly anything not on 192.x.x.x) and it will send that request to your router. Your router will do the work to pick the path to that location. When you want to hit a website, DNS resolves the name to an IP address. Your computer then passes that IP address to the router which picks a path to that IP address.
December 18, 2012 4:40:08 PM

Ok, I think I get it. The DNS on my server is only resolving local Ip's. Which are the IP's or names of the computers on my local network. So its only real function is to either return a local computers Name and IP or push the request up to my ISP to find a website.

So when I get the message

"An attempt to resolve the DNS name of a domain controller in the domain being joined has failed."

Its telling me that the (or a) domain controller cannot be found in the records of the DNS server I am running. And this is because I am not using DHCP, which means the computers on my network haven't been put into the "DNS catalog" of computers. So what I need to do is add a "Host A" record for my domain controller (server.) But not my W7 computer, because its using a dynamic IP, or DHCP and should already be added?

EDIT: I'm still a little confused about the 'Host a' thing. But I feel as thought I have a much better understanding of how servers, DNS, networks, and Active domains work. Also, My problem is solved. As soon as I removed the 0.0.0.0 Gateway from my server the W7 Computer was able to connect.

Thank you very much for your help with this!
December 18, 2012 4:56:42 PM

Very nice, you are correct and picked up on it better than anyone could expect.

I would suspect you're letting the router handle DHCP, so it wouldn't be in your DNS system. You could set your server up to handle DHCP though.

When you join your W7 computer to your domain, it will automatically register in DNS.

I would configure your W7 system with static IPs for now. Once you have your DNS server IP address set on the system, you can try to Ping the server name. It should resolve to an IP address. You can also type "NSLOOKUP" in a command prompt which is basically a name service lookup. It will come back and tell you which DNS server you connected to and then you can type a system name in and get an IP.

If those fails, make sure you can ping the IP address of the server. If you can do that you have network connectivity. Ping the Name of the server, it should resolve back to an IP address and maybe return a ping reply (firewall may block it on the server). If it does not resolve to an IP address, DNS issues are present.

You can open up DNS and verify that under your domain name you see either a Host A record for your server or a Directory Services name with an IP that matches your server's along with the name.
December 18, 2012 5:05:58 PM

I checked, now there is a Host A Record for my W7 Computer in the DNS manager. Also all of the pings are going through. Looks like things are going nicely. Soon I'll start my next project of getting remote desktop setup. Hopefully I'll have less trouble with that.

Once again I can't tell you how much help you'v been.
December 18, 2012 5:10:02 PM

Not a problem, I do this kind of stuff all day.

You can toy with Group Policies if you wanted to learn on a larger scale. Setting up RDP shouldn't be difficult.

In AD you could make a group called "RDPUsers" or something and make that group a local member of Administrators on your W7 box. Any user you add to that group would then be able to RDP (as long as they were a domain user) to the W7 box and log in.
December 18, 2012 5:43:11 PM

What I'm going to try to do is set it up so that I can access my server from anywhere. So I am going ahead and buying a domain to use as a Dynamic DNS. I'll set it up with my router DDNS settings then port forward the ports for remote access and set up the Active Domain again with the DDNS address (which I'm faily certain I can do successfully now.)
December 18, 2012 6:03:29 PM

what os are you using?
December 18, 2012 6:06:23 PM

the great randini said:
what os are you using?

Windows Server 2012
December 18, 2012 6:07:23 PM

Yeah that's simple enough to do. You don't need to buy a domain name though if you're using DynDNS. Buying the domain would be the route I would go.

From your router you would simply forward port 3389 TCP to your W7 box and then you could authenicate against your AD server with your credentials. If you really wanted you could add in additional security, but having AD is more than most people do. Many just forward RDP to their system and RDP to it that way. I used to do that when I was doing some testing and web surfing from work. :) 

Simple enough, sounds like you're on the right path and being smart about using AD instead of a local account.
December 18, 2012 6:41:13 PM

I'm looking to change the domain address from mydomain.local to myDDNS.org, would a good way just be to completely remove the AD DS completely and then re-install it?
December 18, 2012 6:46:09 PM

Yes, but you wouldn't want to use a name that might be a name on the internet. That will lead to name resolution issues although there is a DNS fix for that.

You could do something like myDDNS.local and buy your domain myDDNS.org and have it forward to your .local address instead. That way you keep the naming convention different between private/public networks.
December 18, 2012 6:49:19 PM

riser said:
Yes, but you wouldn't want to use a name that might be a name on the internet. That will lead to name resolution issues although there is a DNS fix for that.

You could do something like myDDNS.local and buy your domain myDDNS.org and have it forward to your .local address instead. That way you keep the naming convention different between private/public networks.


So could I just forward my myDDNS.org to my current domain.local, not change a thing and still access it from other IP's out of my local network?


EDIT: Think I found another solution, I can set up a VPN to my local network and then use any computer anywhere to connect to the VPN and then use the .local address for remote desktop. Hopefully. It sounded smart.
December 18, 2012 7:41:24 PM

Your .local address is really just your external IP address of your router. The IP address your ISP supplies to you. You can have whatever domain name you want, you just point it to your ISP's address they assign you.

VPN works as well and is a bit more secure on top of that.
May 14, 2014 9:23:26 PM

riser said:
Yes, but you wouldn't want to use a name that might be a name on the internet. That will lead to name resolution issues although there is a DNS fix for that.


Hi, I'm new. Running Server 2008 Standard and attemping to join domain. I get the same errors shown here and no fix I've read about has worked. My problem might be that my domain name and my website have the same address and I think I'm having resolution issues and joining issues. So my question to you riser is, what is this DNS fix your talking about here? Thanks!
!