Home
Persuading Vista to Join a Domain

Persuading Vista to Join a Domain

June 5, 2001 No Comments Vista

Persuading Vista to Join a Domain

Mission: To persuade Vista to Join a DomainThe following error occurred attempting to join the domain.

Most of the time Vista machines join an Active Directory domain without any trouble, (just as they did in XP).  However, sometimes all that you get is error messages, for example:

The following error occurred attempting to join the domain.  An attempt to resolve the DNS of a DC failed’

The mission of this page is to troubleshoot those reluctant Vista machines and persuade them to join your Windows Server 2003 domain.

Factors to Consider When Joining a Domain

 ♦

Introduction

The methods for joining a Vista computer to an Active Directory domain are the same as they were for XP machines.  To recap, either be organized and create a computer account in Active Directory, before you go to the Vista machine, or else create a new computer account as you join the domain from the Vista machine.

My goal is to separate the important from the irrelevant.  Here follows a troubleshooting report of what I did, and what worked for me.

System Icon

The quickest way to launch the System Icon is to hold down the Windows key and press the Pause / Break key.  Alternatively, navigate to the Control Panel, System and Maintenance and System. 

What you are seeking is to change the ‘Member of’ radio button from Workgroup to Domain.Vista System Icon Configuration

Experiment with a simple domain name, for example ‘CP’, or choose the fully qualified domain name, ‘CP.mosel’.  You may also wish to click on ‘More..’ and append the full dns name to the simple computer name, for example Vista.cp.mosel.

DNS – Tricky as Usual

It is vital that the Vista machine can resolve the domain name of the Active Directory that you seek to join.

Start your troubleshooting with ipconfig /all.  Check the name of the DNS server.  Follow up with by testing: ping server.domain.com.  Also plain: ping server, yields useful clues as to whether it’s a firewall problem or a faulty DNS configuration at the Vista client.  The situation maybe that ping or ICMP packets are allowed through the firewall, but the ports needed to join the domain are blocked.

If the error says:

An attempt to resolve the DNS name of the DC in the domain being joined failed.

You have to respect the Vista message and research whether it’s a DNS configuration error or a related problem such as the firewall settings.

Guy Recommends 3 Free Active Directory ToolsDownload Solarwinds Active Directory Administration Tool

SolarWinds have produced three Active Directory add-ons.  These free utilities have been approved by Microsoft, and will help to manage your domain by:

  1. Seeking and zapping unwanted user accounts.
  2. Finding inactive computers.
  3. Bulk-importing new users.  Give this AD utility a try, it’s free!

Download your FREE Active Directory administration tools.

Use the following dns server - Join DomainTCP/IP Settings

What I recommend is start your troubleshooting at the Control Panel, navigate to the Network and Internet, Network Connections, Local area connection; now right-click and select Properties, Internet Protocol Version 4 and Properties.  You should see the screen shot opposite.  Concentrate on:

 ‘Use the following DNS server addresses:
    Preferred DNS server’

Remember, only you know the correct IP address for this DNS server, don’t slavishly copy my IP address.

If you are using DHCP and the Scope Options are correctly configured you could leave the radio button at:

 ‘Obtain DNS server address automatically’. 

If you experiment with different values for the IP address you don’t need to reboot.

Tip: ipconfig /flushdns clears the cache if you are trying to ping different TCP/IP addresses.

Firewall Problem

In my experiments to join a Vista machine to a domain, the firewall was the crucial setting.  The only way that I could succeed was to disable the firewall on the Windows Server 2003.  You find the menus via:  Control Panel, Windows Firewall.  In a more sophisticated domain, you probably other firewall settings, however the principle is the same.

Windows Server 2003: Firewall Status – Off

Vista Computer: Firewall Status – On

One sign that it was indeed a firewall problem was when I ran the command: ping server.  I got a reply from not from plain server, but from server.domain.com.  This was an indication that not only were the ICMP (ping) ports open, but also that DNS was correctly configured and resolved my request for server to the fully qualified server.domain.com. 

My conclusion was firewall was blocking the ports needed for Vista to join the domain.

Even by opening ports, 389, 135, 88 and 53 I still could not join the domain.  Since I am not a professor of firewalls and port numbers, I took the ruthless approach and just temporarily turned the Windows Firewall Off on the server side.

If I turned the Firewall On at the server, the Vista machine just would not join the domain.  When I turned the firewall Off the Vista machines joined the main without any trouble.  For me, this discovery finally sealed the message The following error occurred attempting to join the domain as a firewall problem.

See SolarWinds Firewall Browser »

Rumours and Red Herrings

WINS
I heard rumours that the only way to solve problems such as ‘The following error occurred attempting to join the domain’, was to enable WINS.  All I can say is that WINS did not help in my situation.  What I say is good luck if in fact WINS is you salvation, however, I can see no reason why it should help, other than if your DNS is mis-configured.

Creating a computer account in Active Directory 
While there is no harm in creating a computer account in the name of the machine that you want to join to the domain, this is neither essential, nor is it the root cause of this error.  The only problem that creating a computer solves, is if the account that tries to join the Vista machine to the domain is NOT a Domain Admin.  Even in this situation, Vista provides a dialog box so that you can enter the name of Domain Admin and thus overcome permission problems.

Summary of Joining Vista to a Domain

In my troubleshooting experiments the key to persuading a Vista machine to join an Active Directory domain was turning off the firewall at the Windows Server 2003 end.  In my opinion The following error occurred attempting to join the domain is most likely to be a firewall problem.  The other possibility is that the TCP/IP settings for DNS are incorrect.  Fortunately it’s easy to check the DNS name resolution by using ipconfig and ping.

 

If you like this page then please share it with your friends

 

Configuring Windows Vista Topics:

 

     Vista Tools and Extras

 

   Tweak the Registry ebook

Download Your Tweak the Registry Ebook for only $6.45

This ebook will explain the workings of the registry.  I thoroughly enjoy tweaking the registry, and I want to distill the best of my experiences and pass them on to you.

Each registry tweak has two aims; to solve a specific problem, and to provide general learning points, which help you to master regedit. 

Over 60 pages ebook and PDF format

 

About The Author

Guy Thomas

Related Posts