nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Newb DC issue

SephStorm

I have installed Windows Server 2003 and XP Pro in virtual machines in VMWare. The pro computer is currently a standalone machine, I want to add it to my domain.

I have installed DNS, DHCP, and Active Directory.

By performing query and recursive tests, I have determined that DNS is working. DHCP is not started, I assume because there are no clients in the domain to least IP addresses to.

I have verified that both machines are on the same network. The DC domain name is OffworldCorporation.local

When I attempt to join a domain through system properties-Computer/domain changes, I get a message saying "A domain controller for the domain OffworldCorporation.local could not be contacted." I have no idea what I am doing wrong.

Both computers can access the internet, however I cannot ping either computer from the other. Maybe I am using the wrong network connection on the VM?

Find more posts tagged with

SAVE $250 on Your Microsoft Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Microsoft Boot Camps

Comments

Agent6376

I've had much more luck with this when bridging the two connections to the existing network. However, you can statically set your IP addresses on each machine to see if you're able to get some communication before you try to implement DHCP. Also, once you get your machines pinging one another, try statically setting (or creating a DHCP option) your DNS to the Domain Controller. Most of the time that I've had issues joining a computer to a domain, it's been because of DNS.

SephStorm

I am getting frustrated.

I set the network type to bridged. I reinstalled everything but the OS on the server(VM), and I set static IP's for every host in my network.

I can ping from the server to my host OS, but not from the host to the server.

leefdaddy

Turn off Windows firewall on the server and hosts? Can you remote desktop to the server? Can you join the PCs to the domain, if they join the domain they are obviously communicating.

Hyper-Me

The XP client is using the IP of the DC for DNS, right?

dynamik

Hyper-Me wrote: »

The XP client is using the IP of the DC for DNS, right?

More than likely the problem. The XP machine requires the SRV records to locate the DC(s). If you're just using your gateway or your ISP's DNS servers to resolve domain names, it's not going to find those.

SephStorm

ok, heres the config

Netgear router:
Dyn assigned IP.
Dyn assigned DNS
Router is configured as a DHCP server
Router is configured as a DNS server

Host Machine: laptop running W7.
Static IP from router:192.168.1.2
DCHP svr: 192.168.1.1
DNS server:192.168.1.1

Guest1: Win SVR 2003
Name

svr-x5vo8s.OffworldCorporation.net
Domain:OffworldCorporation.net
Static IP:192.168.1.5
Default gateway:192.169.1.1
DNS Server: 192.168.1.1

Guest2: Win XP 2003
Static IP:192.168.1.6
DNS Server:192.168.1.1 (This was the SVR, but changed until I can get on the domain)

After allowing incoming ICMP echo requests, I was able to ping the server from bost the host and guest#2. I still cannot join the domain, nor can I Remote desktop to the pc, though that may be because I have never used it before.

If someone wants to try remote desktop, let me know, i'll try it.

Zartanasaurus

Change the DNS address on all your machines to point to 192.168.1.5 (your domain controller). Your router and ISP don't know that your domain exists, so it can't resolve "offworldcorporation.local". Your DC does and can.

SephStorm

For some reason, after turning off windows firewall and doing the above, I can attempt to join at the next step(it askes for authentication. After that I am having another issue, which I think is a result of my domain length).

What do I need to do to keep WF from blocking requests?

dynamik

It wasn't the firewall; you didn't have the DNS server configured correctly.

Domain length isn't the problem. Check the event logs on Server 2003 to see what the problem is.

You're using credentials for an account that can join computers to the domain?

SephStorm

has to be the firewall, if I turn on the firewall, the host will come back with a message stating it can't find the domain(this is after changing the dns server)

if i turn off the firewall, it finds the domain and asks for an account with permission to join the domain. (now my problem is I cant use the @ symbol in the xp vm for some reason.)

Zartanasaurus

SephStorm wrote: »

(now my problem is I cant use the @ symbol in the xp vm for some reason.)

You can do it NT style as well IE domain\administrator until you work out the @ problem.

SephStorm

I was finally able to join the domain, I copied the "@" symbol from the internet and pasted it into the window. So I am on the domain now, now I need to figure out the DHCP and DNS issues.

First I need to figure out the firewall issue. I created account "mhunt" while the svr firewall was down. This user can log onto the domain whether the firewall is on or off. So I turned on the firewall and created account "dstorm" this user cannot log onto the domain when the fw is on, because the "domain is unreachable". I think my svr is in some high security mode where it doesn't except any connection not previously established. Thoughts?

Hyper-Me

you shouldnt need the @.

I've always just typed in the username because it assumes the domain is the domain you just tried to join to.

SephStorm

I don't need it when I login from the windows login screen, but like I said, the computer was "in a workgroup" and I had to join the domain from inside windows. right click my computer, properties, computer name, change (to join a domain).

rage_hog

Have you tried adding
192.168.1.5 OffworldCorporation.local

to the
C:\windows\system32\drivers\etc\hosts

file on the XP box?

SephStorm

yep, no luck.

Can someone tell me if this may apply to me? I'm using sp2 but anyway.

How to configure Windows Server 2003 SP1 firewall for a Domain Controller

Essendon

I too struggled with this when I first used VMware. This is what I now do, really simple.

Leave your host machine alone. Dont worry what its config is. In VMware, make sure that the Ethernet is set to Host-only: A private network shared with the host. Now put the DC vm and the client vm on the same subnet. The client vm should point to the DC for DNS. As for letting the machines communicate on the internet (a DC shouldnt really communicate with the internet anyway), add another network adapter and leave it at the default option of bridged. This second network adapter should be able to pick up the network config from your Netgear router. Make sure that WF is off, otherwise you are going to have problems such as joining clients to the domain.

HTH.

dynamik

Wait, you enabled the firewall in Server 2003?

If so, yes, you're going to need to create exceptions for all the ports that a DC uses.

I thought you were talking about the firewall in your client.

Easier way to lock it down is to use the security configuration wizard (SCW).