Unable to join domain – ‘The network path was not found’ & Adding domain controller fails

Question

Hello,

I'm getting the attached error while adding the new tree newdomain.com to Forest (domain.com).

Even I tried to join the computers which are in sub-branch network (192.168.10.0) to our Main branch domain still facing the same issue.

Below are the points I have tested.

    *We can ping from AD server from Branch server  
*we can resolve the AD DNS names  
*assigned static IP to New server & added primary DNS as Main DC IP and checked  
*Checked by turning off domain firewall from both ends  
*Tried with enterprise & Domain admin user accounts while adding a tree.  
*Created branch site in active directory sites & subnets and mapped branch network subnet to site.  
*Added & allowed branch subnet(192.168.10.0/24) in domain firewall.  

We are not facing this issue in other branches, we have recently created new DC in one of my sub-branch locations and we didn't face any issue while adding a domain controller.

we are facing this issue only from the particular branch. we have IP Sec tunnel establish from this branch to main branch and nothing restricted. Please suggest

Regards,
Ram

Answer 1

Hello All,

The issue is resolved after the network team allowed the required ports in network firewall.
When we had a call discussion with the network team, they claimed nothing is blocked.
But however when we tested the connection of required ports by using PowerShell, we found connectivity is blocked.

UDP Port 88 for Kerberos authentication,

UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations.

TCP Port 139 and UDP 138 for File Replication Service between domain controllers.

UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.

TCP and UDP Port 445 for File Replication Service

TCP and UDP Port 464 for Kerberos Password Change

TCP Port 3268 and 3269 for Global Catalog from client to domain controller.

TCP and UDP Port 53 for DNS from client to domain controller and domain controller to domain controller

TEST from NEW server to domain controller

Test-netconnection 10.10.10.10 -port 445
Test-netconnection 10.10.10.10 -port 88
Test-netconnection 10.10.10.10. -port 138..........etc

After network team allowed those ports in firewall, we are able to create new tree domain and able to join domain.

If its failed, the windows or network firewall is blocking the ports...!!

Regards,
Ram

Answer 2

i have the same issue but different

we got a ransomware on our sever because one of the admin changed the firewall settings by mistake to allow rdp not our problem now

my issue is i created new server under main.mydomain.local 220.1
and another replica as sec.mydomain.local 220.2 just adjusted time, added ad ds and dns server,
then i started add reverse dns wanted to allow client computers to my controller
i didn't do anything else and got the same message here what i have
i disabled firewall on clients and servers
i got to enter my name and password as an admin and it sees the domain controller but then i still got same messages
i tried to go from the old domain to new domain directly same message
from old domain >workgroup>new domain same message
tested all ports are true (464,137,138,139,9389,389,3268,3269)
and then we figured that the sec controller entered and one of devices which was a new fresh windows entered the domain
we figured out that any fresh windows entered the domain easily

we goes to diagnosis the clients we tried all purge command to delete old domain files and policies yet the issue still there
i still have 198 devices and i cant imagine doing fresh install to all of that will take weeks

any help

Answer 3

I'm just trying to think outside of the box here, but are they Azure AD Hybrid joined PCs?

Answer 4

Had the similar problem. After putting the firewall down I managed to add problematic machine to the domain.