Share via

Domain Join

Anonymous
2023-10-24T13:31:08+00:00

Hi All,

I just cannot figure this one out, and am reaching out for help and assistance.

I have a situation where I am unable to join two workgroup servers to a Domain in work.

The servers are on a separate network to the Domain Controllers. I was not able to ping the DC's from the servers, and requested that they be allowed through our network firewall. This work has been completed this a.m. and I am able to ping from both workgroup servers to our Domain Controllers and also from the Domain Controllers to the workgroup servers. So no issue there with comms between the devices.

However, when I attempt to join the workgroup servers to the Domain I keep getting error messages "An Active Directory Domain Controller for the domain abc.com could not be contacted" When I click the Details Tab I see this message "The following error occurred when DNS was queried for the service location *SRV) resource record used to locate an ADDC for domain abc.com. The query was for the SRV record for _ldap._tcp.dc_msdcs.abc.com.

I have input the DNS servers settings on both network cards on the workgroup servers to point to the Domain Controllers. I have also allowed locally ports 137 through the firewall via TCP and UDP. But the issue persists.

I have seen and corrected many of these problems before but I cant seem to budge this one. Could this be something to do with the firewall again. Although I as I explained I am able to ping from DC to workgroup and vise versa.

Any help on this matter would be greatly received as this a rather urgent request from the customer.

Regards.

Windows Server Identity and access Active Directory

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2023-10-25T03:07:57+00:00

    Hello czql5v007,

    Thank you for posting in Microsoft Community forum.

    It seems the issue is related to ports or network.

    Please check all the ports that AD required on two servers and DC.

    Active Directory and Active Directory Domain Services Port Requirements

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd772723(v=ws.10)?redirectedfrom=MSDN

    Active Directory Replication over Firewalls

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-2000-server/bb727063(v=technet.10)?redirectedfrom=MSDN
    Especially,     please check the ports below on two servers.

    53/TCP/UDP          DNS 

    389/TCP/UDP       LDAP 

    135/TCP                 RPC Endpoint Mapper 

    49152-65535/TCP   RPC for LSA, SAM, Netlogon (*) 

    88/TCP/UDP       Kerberos 

    445/TCP           SMB 

    Service Protocol Ports
    W32Time UDP 49152 -65535
    RPC Endpoint Mapper TCP 49152 -65535
    Kerberos password change TCP 49152 -65535
    RPC for LSA, SAM, Netlogon (*) TCP 49152 -65535
    LDAP TCP/UDP 49152 -65535
    LDAP SSL TCP 49152 -65535
    LDAP GC TCP 49152 -65535
    LDAP GC SSL TCP 49152 -65535
    DNS TCP/UDP 49152 -65535
    FRS RPC (*) TCP 49152 -65535
    Kerberos TCP/UDP 49152 -65535
    SMB (**) TCP/UDP 49152 -65535
    DFSR RPC (*) TCP 49152 -65535

    I hope the information above is helpful.

    If you have any question or concern, please feel free to let us know.

    Best Regards,
    Daisy Zhou

    0 comments