This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 94%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
I've passed the AZ-900, so I guess I'm not an absolute newbie, but not by much. Anyway, I'm working through a Udemy class on the AZ-800 curriculum by John Christopher.
I have created a Resource Group. Within that group I have both AD Domain Services and a windows 2019 Server. When I try to join the server into the domain I get:
An Active Directory Domain Controller (AD DC) for the domain "xxxxxxxxxx.com" could not be contacted.
Ensure the domain name is typed correctly.
If the name is correct, click Details for troubleshooting information.
DETAILS gives me:
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "xxxxxxxxxx.com":
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.xxxxxxxxxx.com
Common causes of this error include the following:
X.X.X.X
xxxxxxxxxx.com
com
. (the root zone)
I back out of the domain joining.
At this point I go over to the Resource Group and the domain name. There is a warning that the DC could not be contacted. There I will find a banner with "Configuration issues for your managed...". Clicking there, there is a little routine to fix the DNS entries. It says that the issue is fixed. I reboot the server, but I can never get it to join the domain.
From the VM command prompt:
C:\Users\elpadmin>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : Server
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : so4qjdhbct0uvlf1wwyqy0x45d.phxx.internal.cloudapp.net
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : so4qjdhbct0uvlf1wwyqy0x45d.phxx.internal.cloudapp.net
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
Physical Address. . . . . . . . . : 60-45-BD-C8-8C-1B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::acf5:ede7:2c6b:5e32%6(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.0.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, September 6, 2022 4:43:44 PM
Lease Expires . . . . . . . . . . : Friday, October 13, 2158 11:39:40 PM
Default Gateway . . . . . . . . . : 10.1.0.1
DHCP Server . . . . . . . . . . . : 168.63.129.16
DHCPv6 IAID . . . . . . . . . . . : 106972605
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2A-A8-B8-C7-60-45-BD-C8-8C-1B
DNS Servers . . . . . . . . . . . : 168.63.129.16
NetBIOS over Tcpip. . . . . . . . : Enabled
C:\Users\elpadmin>nslookup xxxxxxxxxx.com
Server: UnKnown
Address: 168.63.129.16
*** UnKnown can't find xxxxxxxxxx.com: Non-existent domain
C:\Users\elpadmin>nslookup xxxxxxxxxx.com 168.63.129.16
Server: UnKnown
Address: 168.63.129.16
*** UnKnown can't find xxxxxxxxxx.com: Non-existent domain
C:\Users\elpadmin>ping 168.63.129.16
Pinging 168.63.129.16 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 168.63.129.16:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)
I'm sure I'm just doing something stupid.
Does anyone have any suggestions? I've been beating my head against the wall for several days now. Has anyone else experienced a pain point learning Azure? I've been stuck here for a few days now.
Thanks!
Additionally, I have only added one NSG rule, and that is to open up RDP, port 3389:
Priority = 321
Port = 3389
Protocol = Any
Source = Any
Destination = Any
Action = Alloy
I've checked the Domain's NSG for any alerts, especially the AADDS001 alert. There are zero alerts.
I verified the IPs for the domain, which is 10.0.0.4 and 10.0.0.5.
I can not ping either of those addresses from the VM.
I set up a 2nd VM on the virtual network. A Win10 machine. It cannot ping the other VM or the DNS server with their IP addresses.
Hello @SRohleder ,
You have mentioned that you set up a 2nd VM on the virtual network but it cannot ping the other VM or the DNS server with their IP addresses. Could you please provide the below details:
1) Are both these VMs and the DNS server in the same Vnet?
2) Are there are any UDRs associated to any of the subnets where these VMs and DNS server are deployed? If yes, could you share them?
3) Could you try to run a IP flow verify using Network Watcher and check if the VM traffic is allowed/blocked.
Refer : https://learn.microsoft.com/en-us/azure/network-watcher/diagnose-vm-network-traffic-filtering-problem
4) Are you trying to join an Azure virtual machine to AADDS (Azure AD domain services) which is already Azure AD joined? If so, this is a not supported scenario whereas you could only join workgroup Azure VMs part of AADDS (Azure AD domain services) to learn more about, read : https://learn.microsoft.com/en-us/azure/active-directory-domain-services/join-windows-vm
Regards,
Gita
Hello @SRohleder ,
Hope you got a chance to review the comment posted by our expert. Request you to post your response in the reply section of the comment.
Thanks,
Akshay Kaushik
Some trouble shooting here.
https://learn.microsoft.com/en-us/azure/active-directory-domain-services/troubleshoot-domain-join
--please don't forget to upvote and Accept as answer if the reply is helpful--