Cannot join Domain
-
2012年3月21日 14:29
I have Azure Connect setup and working fine. I can ping my Domain Controller (which is also a DNS server) from the Azure machine and can also ping the Azure box from the DC. I have the DNS listening on all ports as well.
However when I try to join the domain I get an error. From the integrator log i see:
NetJoinDomain failed with error code 1355.
So from what I have researched this means the Azure role cannot see or connect to the DC. So i looked into the dcdiag log file to get the specific error:
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller for domain xxx.yyy.zzz:
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.xxx.yyy.zzz
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
10.20.230.19
10.20.242.89
- One or more of the following zones do not include delegation to its child zone:
xxx.yyy.zzz
yyy.zzz
zzz
. (the root zone)
For information about correcting this problem, click Help.Looking over the cscfg config file I notice that the entry for DNSServers has been removed in the current version of Connect. A lot of the examples I have looked at have this entry included but when I tried to add it I could not deploy due to an error since that config entry is no longer valid. I am not sure that is even my problem here but since the error seems to be related to DNS and that entry does not exist anymore I thought maybe it's related.
Does anyone have any ideas of what I can do to further troubleshoot this issue??
thanks!
全部回复
-
2012年3月22日 5:48版主
NetJoinDomain failed with error code 1355.
So from what I have researched this means the Azure role cannot see or connect to the DC. So i looked into the dcdiag log file to get the specific error:
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller for domain xxx.yyy.zzz:
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.xxx.yyy.zzz
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
10.20.230.19
10.20.242.89
- One or more of the following zones do not include delegation to its child zone:
xxx.yyy.zzz
yyy.zzz
zzz
. (the root zone)
For information about correcting this problem, click Help.Looking over the cscfg config file I notice that the entry for DNSServers has been removed in the current version of Connect. A lot of the examples I have looked at have this entry included but when I tried to add it I could not deploy due to an error since that config entry is no longer valid. I am not sure that is even my problem here but since the error seems to be related to DNS and that entry does not exist anymore I thought maybe it's related.
Does anyone have any ideas of what I can do to further troubleshoot this issue??
thanks!
Hi,
Check this KB article, i guess you miss some firewall configuration when you try to use Azure Connect (such as outbound ports).
http://support.microsoft.com/kb/179442
Another thing is i notice you config file "DNSServers" entry has been removed, according to Overview of Azure Web role join to a domain, DNSServers is required, so would you like to show a sample of your configuration file if convinient?
Also, there a re some similar threads may help you:
Hope it can help you.
Please mark the replies as answers if they help or unmark if not. If you have any feedback about my replies, please contact msdnmg@microsoft.com Microsoft One Code Framework
-
2012年3月22日 15:27Which firewall needs to be configured? I have Windows firewall turned off on the DC. Everything between Azure and the DC should be going through the Azure Connect tunnel over 443 correct??
-
2012年3月23日 2:28
1355 means DC is not reachable. Are you able to ping the DC from your azure role instance and vice versa? Also please check %windir%\debug\netsetup.log, it may give some clue.
-
2012年3月23日 19:36yep both are pingable. netsetup show it fails on NetpCheckDomainNameIsValid returned 0x54b, last error is 0x232b
-
2012年3月27日 10:42
Strange problem.
Check this post to see if helps:http://www.pcreview.co.uk/forums/netpcheckdomainnameisvalid-returns-0x54b-t1659650.html
- 已标记为答案 Arwind - MSFTModerator 2012年3月30日 7:27
- 取消答案标记 jez 2012年5月22日 17:04
-
2012年5月22日 17:04
hello. The problem turned out to be related to the DNS and IPv6. IPv6 was enabled on the machine (which Azure Connect checks) and the DNS server was setup to listen on ALL IP addresses. Even though this was the case the machines' IPv6 address was not listed in the DNS servers' properties page in the IP Address list (even though when you select listen to ALL this list is disabled).
So apparently "listen to ALL" in MS DNS doesn't really mean ALL. Perhaps IPv6 was enabled after DNS was setup??? I don't know, but this was the problem. You must make sure your IPv6 address is listed in that disabled irrelevant listbox.
So this seems like a bug in the DNS feature of windows....
- 已标记为答案 jez 2012年5月22日 17:04
