Message says Domain not available when logging in

Question

All right, folks, so here's the scoop. I set up a Windows domain at my home both for fun and for experience because I am a Systems and Network Administrator by trade which makes admitting that I am having this problem that much more embarrassing. But, in any event, everything worked fine when I had the domain  running in my old house but I sold that and recently moved and then set up all my computers at my new house. Yet now, every time that I try to log into the domain I see a message that says “Domain not available”. I've manually set IPs all on the same subnet for all my computers and also set the first entry in the DNS fields to be my Domain Controller. As it stands now, I can ping the Domain Controller, I can remote into the Domain Controller and I have remoted into the Domain Controller and made sure that DNS is running. I've also made sure that there are SRV records in DNS, which is what I understand a computer looks for when it's trying to determine which machine is the domain controller. But nothing I've done has worked and before I go through the trouble of relearning everything I've forgotten about setting up the network so that workstations can be properly authenticated by the domain controller, I thought I would call upon the collective brain power of the community and see if someone doesn't know the answer right off the top of their head and knows exactly what I forgot to do. Thanks so much in advance for everyone's help.

Answer 1

Based on the symptoms described, the issue could be related to DNS errors or time synchronization between computers. It is recommended to follow the methods listed in the Microsoft article "Domain controller is not functioning correctly" to troubleshoot DNS errors and synchronize time between computers. Additionally, it is important to ensure that the correct DNS server is configured on the client as the preferred DNS and that the client has connectivity to that server.

References:

• Domain controller is not functioning correctly
• How to troubleshoot errors that occur when you join Windows-based computers to a domain

Answer 2

Hello Matthew Cohen,

Thank you for posting in Q&A forum.

Is there any problem with the network layout and wiring of the new home

How did you get and set the IP address of the Domain Controller? You can get the IP address by running ipconfig /all on Domain Controller and set the static IP address on Domain Controller.

On the other Domain Computers, you can check their the IP address and DNS server by running ipconfig /all on every machine.

It may be a problem with the DNS of the domain controller. You can try resolving the client through DNS in the domain controllers.

Secondly, you can open these ports: 389, 636, 88, 53, 445, 137, 138, 139, 135, 3268.

Check if there are any issues with the configuration of firewalls, routers, or switches

I hope the information above is helpful.

If you have any questions or concerns, please feel free to let us know.

 

Best Regards,

Daisy Zhou

 

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

Answer 3

Hi Daisy,

Thanks for trying to help. Here are the answers to your questions.

Is there any problem with the network layout and wiring of the new home

No, everything functions normally other than not being able to do a domain join. Incidentally, I found one of my other laptops running Windows 10 Pro wasn't on the domain and that one successfully joined the domain on the first attempt to do so.

How did you get and set the IP address of the Domain Controller? You can get the IP address by running ipconfig /all on Domain Controller and set the static IP address on Domain Controller.

All Windows PCs running on the network have IPs and DNS servers statically set.

On the other Domain Computers, you can check their the IP address and DNS server by running ipconfig /all on every machine.

Yep, done that already.

It may be a problem with the DNS of the domain controller. You can try resolving the client through DNS in the domain controllers.

if by "try resolving the client through DNS in the domain controllers" you mean do NSLookup on the client for the domain controller, there nslookup returns the error "can't find <NAME OF DOMAIN CONTROLLER>: Non-existent domain"

Secondly, you can open these ports: 389, 636, 88, 53, 445, 137, 138, 139, 135, 3268.

I shut down Windows Firewall on the client and tried to then join the workstation to the domain and the results were the same. Since I was able to join a different computer to the domain yesterday, I don't think blocked ports is the problem. The machine I am working with now is a Windows 11 Pro machine where virtual NICs are bound to the physical NIC via Hyper-V. I don't think that would make any difference but it has always been confusing to me.

Check if there are any issues with the configuration of firewalls, routers, or switches

Everything is operating normally except for the Domain Join on the Windows 11 pro PC.

Thanks for all your help but the problem continues.

v/r,

Matthew

Answer 4

Hello Matthew Cohen,

Thank you for reply.

Regarding "try resolving the client through DNS in the domain controllers" you are correct, and what I meant was using NSLookup. Also, could you please provide the screenshot after you run nslookup.

My assessment is that some ports on the computer may not be open, as disabling the firewall is not necessarily related to opening ports. Disabling the firewall is simply to prevent the firewall from blocking ports. You can check whether the relevant ports are open through the firewall or by using the command prompt. Here are two methods to check the status of ports on the client side:

Firewall on client:

1. Open the Control Panel.
2. Click on "System and Security".
3. Click on "Windows Defender Firewall".
4. In the left sidebar, click "Advanced settings". This will open "Advanced Security Windows Defender Firewall".
5. In the "Advanced Security Windows Defender Firewall" window, you can click on either Inbound Rules or Outbound Rules.
6. Here all rules will be listed, and you can see the details for each rule, including the ports involved.
7. To view detailed information for a specific rule, including the port number, double-click on that rule.

Command Line:

1. Open Command Prompt or PowerShell.
2. Enter the following command to view all inbound rules and their details (including port numbers):

netsh advfirewall firewall show rule name=all dir=in

3. To view all outbound rules and their details, use:

netsh advfirewall firewall show rule name=all dir=out

Both of the above methods can view the relevant ports. You can check whether the port I mentioned earlier is open according to the operation.

If you still cannot resolve the issue you're facing, please send a screenshot of the specific error message you receive when trying to join the domain.

I hope the information above is helpful.

If you have any questions or concerns, please feel free to let us know.

Best Regards,

Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.

Answer 5

The problem is resolved. While the cable modem provided by the ISP, provided a strong enough signal to cover the entire house I didn't see any way that it would allow me to resolve a domain name on my local network by using my domain controller. The solution was to dig the nodes of my mesh Network out of storage and connect that to the cable modem. Then I put the cable modem in bridging mode and connected to the Wi-Fi network that was being broadcast by the mesh nodes. From here I was allowed to manually sit DNS servers and I successfully joined two clients to The Domain just now. Thanks to everyone who tried to help. If I need any more help I'll be sure to post back on this forum. Respectfully, Matthew