Error network path not found when tryin to join my domain

thebrand 20 Reputation points
2023-05-23T15:36:25.4966667+00:00

Hi everyone.

I'm trying to create an AD lab environment with two VM I have available. It's a must to use this two VMs unfortunately.

The first one is a windows server 2019 (lets call it dc1)

The second on is a windows server 2022 (lets call it srv1)

Both of them are hosted on cloud and have static public ip addresses.

I've started creating a domain (lets call it mydomain.com) on dc1 and I promoted it as Domain Controller. I've installed and configured the DNS server either. For those steps I've followed microsoft official guides so I'm pretty confident that the configs are ok.

Now I want to join srv1 to mydomain.com so I setted the primary dns of srv1 to the static ip of dc1

Here comes the troubles... when I try to join srv1 I get "network path not found error" so I started the troubleshooting. Here my checks:

  • ping dc1 from srv1 and vice versa, it works;
  • checking dns resolution. Launched nslookup from srv1 searching for mydomain.com, dc1.mydomain.com, it works;
  • disabled windows firewall (there are no third party firewalls) and defender both on srv1 and dc1. Still can't join;
  • checked windows debug logs on srv1 to get an hint and found something strange, everything works until the lines:

05/23/2023 16:19:43:917 NetUseAdd to \dc1.mydomain.com\IPC$ returned 53

05/23/2023 16:19:43:917 NetpJoinDomainOnDs: status of connecting to dc '\dc1.mydomain.com': 0x35

05/23/2023 16:19:43:917 NetpJoinDomainOnDs: Function exits with status of: 0x35

05/23/2023 16:19:43:917 NetpResetIDNEncoding: DnsDisableIdnEncoding(RESETALL) on 'mydomain.com' returned 0x0

05/23/2023 16:19:43:917 NetpJoinDomainOnDs: NetpResetIDNEncoding on 'mydomain.com': 0x0

05/23/2023 16:19:43:917 NetpDoDomainJoin: status: 0x35

Reading these lines I feel like there is something wrong accessing dc1's shares so I've tried to access from the explorer with the path "\dc1.mydomain.com\C$" and here I get "Windows cannot access \dc1.mydomain.com\C$"

To be sure I've tried the same connection from my personal pc but this time I'm prompted to insert my domain credentials. By providing my credentials I'm able to access the C$ share. At least now I'm sure that the problem is on srv1!

  • then I decided to check the connectivity from dc1 to srv1 and vice versa but to all the ports needed for AD communications. I've used commands like:

Test-NetConnection -ComputerName dc1.mydomain.com -Port 389

Test-NetConnection -ComputerName dc1.mydomain.com -Port 53

I've noticed that the only two ports that result in a failure of the test are 135 and 445. With these two ports the test fails from dc1 to srv1 and from srv1 to dc1 either.

If I repeat the same tests but from my local machine all the ports responds to test both on srv1 and dc1.

To be sure I've checked the ports with netstat and all necessary ports result on listening state including 135 and 445

Now I'm drowning in forums posts that "explain" how to solve this problem and I've probably read every single post on this topic so... here I am. Hoping someone know how to help

Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
6,211 questions
0 comments No comments
{count} votes

Accepted answer
  1. Anonymous
    2023-05-24T12:29:39.1033333+00:00

    Unfortunately the VMs are not on Azure.

    I'd ask the cloud provider about routing and firewalls.

    checked dcdiag and readmin outputs looking for errors but nothing...

    Not much to go on but also check the system and replication event logs for clues.

    --please don't forget to upvote and Accept as answer if the reply is helpful--


3 additional answers

Sort by: Most helpful
  1. Anonymous
    2023-05-23T17:51:25.09+00:00

    I'd check the domain controller and problem members are not multi-homed and also that they both use the static ip address of DC listed for DNS and no others such as router or public DNS. Also confirm the required ports are flowing between networks.

    https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts#windows-server-2008-and-later-versions

    --please don't forget to upvote and Accept as answer if the reply is helpful--


  2. Anonymous
    2023-05-23T19:01:54.95+00:00

    DC1 should also have own static ip address (127.51.56.2) listed for DNS The event logs may also provide some clues. A guess is some sort of blocking between networks or possibly the domain controller is not operational.

    --please don't forget to upvote and Accept as answer if the reply is helpful--


  3. Anonymous
    2023-05-23T19:41:29.28+00:00

    Is like there is something blocking traffic but just between the two servers...

    I would 100% agree. You could close this thread by marking answer and open a new thread here about routing the required ports between the networks.
    https://learn.microsoft.com/en-us/answers/tags/143/azure-virtual-network

    What do you mean with "domain controller is not operational"? Something I could check?

    You could check the system and dfs replication event logs for errors since last boot, also check dcdiag, and repadmin output for errors.
    Another option may be to create the VMs for testing on a hypervisor on your local network so as not to worry about the routing / firewall issues.

    --please don't forget to upvote and Accept as answer if the reply is helpful--