I am having trouble connecting my Windows 7 computer to a work domain. First, some particulars: My domain is running Windows Server 2003 Standard I am using a Netgear 328FVL Prosafe Firewall which is running the DHCP. I've called Netgear and they assure my that this model firewall is Windows 7 compatible. I have 12 Windows XP machines all working perfectly on my domain. My Server is handing out the DNS addresses. The laptop is a brand new Dell Vostro 3700 with Windows 7, 4 GB ram, installed by Dell. I've contacted Dell support and they were unable to get the machine up. What I've tried: I've tried setting static IP addresses on the Windows 7 machine, set WINS IP address, Turned on file sharing, Turned off the domain firewall, the public firewall, and the private firewall, I've enabled file and print sharing. I've tried setting up a temp user account tried to connect, nothing. I've set the IP address of the Server and Firewall in the HOSTS files. I've gone into gpedit and modified the Group policy, Win dows settings, Computer configuration, Security Settings,Local policies, Security options, Network Security: LAN manager authentication level and turned on Send LM & NTLM Responses. I've turned off IPv6 under properties. I've disconnected the Netgear from the network completely and still cannot gain access to the domain. I've loaded the Microsoft XP Mode and Virtual PC software and tried to connect to the domain that way, no luck. The error I get is: Your computer could not be joined to the domain because the following error occured. An attempt to resolve the DNS name of a domain controller in the domain being joined has failed. Please verify this client is configured to reach a DNS Server that can resolve DNS names in the target domain. I can ping and access Server and access directories on the Server. The Server acan ping the Windows 7 machine. I have access to the internet. I can set all the networked computers, but cannot access them. I've tried every suggestion on the forums and have had no success. I'm at my wits end. Is there something I haven't done or is there some software I need to add? It seems like it should be an easy fix since I have access to the Server and Internet. Please help!!!

Are you pointing to your DC as the DNS server?

Are you pointing to your DC as the DNS server? Do not rely on DHCP assignments. Manually put in the DNS server. You can also try a host file entry on the win7 pc. is the win7 version pro or enterprise or ultimate?

The Windows 7 version is Professional. I've already tried setting the Server IP address and the Netgear IP address in the HOSTS file and the LMHosts file, nothing. When I do an IP config I get: Ethernet adaptor Local Area Connection: Connection-specific DNS Suffix: IPv4 Address: 192.168.0.4 Subnet Mask: 255.255.255.0 Default Gateway: 192.168.0.1 When I do NSLookup: Server: ns3.megapath.net Address: 64.7.11.2 (which is the primary DNS address) Name: resmgt.com Address: 66.80.60.21 (which is not the secondary DNS address) I do not know where that address comes from Is this any help?

Hi, Regarding the error message, you could refer to the following article: Troubleshooting Domain Join Error Messages I would like to suggest you to try the following steps: 1. Try to boot into safe mode with networking to check if this issue persists. 2. Type wf.msc into search box. Right-click the root “Windows Firewall with Advanced Security on Local Computer” and choose “Restore Default Policy”. 3. Enable NetBIOS over TCP/IP and see how it works. 4. Ensure that the TCP/IP NetBIOS Helper Service is started. 5. Stopped DNS and NETLOGON service, renamed netlogon.dnb and netlogon.dns under C:\Windows\System32\Config. Restarted the DNS and NETLOGON. In addition, I would like to suggest you to refer to the similar thread: Windows 7 Pro won't connect to isolated Windows Server 2003 domain Hope it helps. Alex ZhaoPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Tried all the above suggestions, still no luck. Is there possibly some setting in tWindows Server 2003 Standard that I'm not trying? I find it hard to believe that it's Windows 7 at this point since I've tweaked just about everything with no success.

I still have not been able to get a resolution. Is there anybody out there that can help?

A couple of questions: You say your server is handling DNS for the domain. How is this possible when the router is handling DHCP? The HOST and PTR records might not be updated properly when an address is assigned. Try moving the DHCP function to the server as well and disabling it on the router; it's not difficult. Does your DC have a static address, or is it assigned by DHCP too?

You are correct, I checked the Server Roles and discovered that it is not handling DNS. The Server, which has the DC role, has a static IP address. I'm not sure how to move the DHCP from the router. Do I set up a role on the Server for DHCP first and then turn it off at the router? Is there any security or connection problems with doing that? I don't want anything to go down, if it doesn't have to. Thanks for your help.

Okay, so your router is handling both DNS and DHCP? That's fine. Proper configuration in this case would be to point your DNS at the router and let it handle the forwarding. Then you would simply add the DC's static address to the Windows 7 machine's HOSTS file, which you say you've already done. But... did you use the FQDN of the DC and not just its short name - ie. myserver.mydomain.com and not just myserver? .......... Depending on how much time you want to put into this to make it right (and if you're going to be adding more Windows 7 machines in the future, you should), I've got a very similar set up to yours here - a Windows 2003 domain connected to a Netgear FVS318 Prosafe VPN Firewall/Router and I have no problems joining Windows 7 machines to my domain. Here's how it's set up: A Windows 2003 DC hosting Primary DNS (Active Directory integrated) and DHCP. DHCP automatically updates DNS when an address is assigned. DNS forwarders are set up to forward non-domain DNS requests to my ISP's DNS servers. It's really quite simple to set up, you need to turn on the DNS and DHCP roles on the DC, set up your DHCP address range (including exclusions and reservations, plus scope and server options); create your DNS Forward Lookup zone (which would be your domain name) and possibly a Reverse Lookup zone (recommended), create your static host records for your servers and plug in your forwarding information. Then just turn off the router's DHCP function and refresh the workstation's addresses from the new server; all-in-all about 1 - 1.5 hours of work, maybe less. In your DHCP scope options you'd want to at least define Option 003, your router's address; Option 006, your DNS server's address and Option 015, your DNS Domain Name. That way these will be automagically assigned when an address is given out.

Hey Rob, Thank you for the advise and you cannot believe how happy I am to hear that you have a similar setup. It all sounds great what I should do, but you lost me after set up your dhcp address range . . . . I'm sorry, to inconvenience you with this, but when it comes to the Server, I am an idiot. I can add Windows XP computers to the AD and that is basically it. If you could guide me to where I could do the things that you ask, I would be eternally grateful. Again, I'm sorry to ask so much of you, but I've been thrust into this with no training. Also, when I start to do these things that you suggest, will anybody on the network be losing any connectivity to the internet or network printers, etc?

Okay. If it's only the one Windows 7 machine and you don't plan to add many more in the near future I'd go with the HOSTS file solution and add the FQDN of your DC to your Windows 7 HOSTS file. FQDN means Fully Qualified Domain Name. In my case the FQDN of my DC would be hancock.edcodie.com and the HOSTS entry would look like: 172.19.11.14 hancock.edcodie.com Entering 172.19.11.14 hancock wouldn't be sufficient as there's no domain specified, so although a PING of server HANCOCK would return the correct address, Windows doesn't see it as authorative for the domain. Now, as to moving your DNS and DHCP roles from your router to the server, that's a question best answered in one of the server forums, but I'd start with setting up the DNS role first - you can have more than one DNS server on a network, so setting that up while your router is still functioning in its DNS role would mean no disruptions; although you may have to reboot the server at least once after the DNS role is given to it. DHCP is another matter. In most cases, more than one DHCP server on a network will only cause problems. Also, as the role is moved from the router to the server your machines will start to lose their connectivity until the new address from the new server is acquired. So this is something that would best be done when no users are active, say late at night or possibly on a weekend, depending on your business. If time permits, tonight or tomorrow I'll throw something together for you; a sort of cheat-sheet on how to set it up. It's been a couple of years since I've done it, so I'll have to review my (almost non-existent) notes and procedures.

Again, I can't thank you enough. I've been trying everything I could find on the internet to get the Windows 7 machine onto our domain and nothing worked. It's good (and bad in my case) to know that it has been the Server configuration all along. I will be trying to get 4 Windows 7 machines onto the domain when all is said and done, if that makes a difference.

All right, I put together a few notes and screen shots, here it is: http://cid-c12e9471ed654253.office.live.com/self.aspx/Shared%5E_Stuff/DNS%5E0DHCP%5E_SETUP%5E_W2003.pdf It's 20 pages, but that's because of the screen shots, not the actual instructions. Someone who does it frequently might want to look it over and see if I missed anything.

Thanks again, I'll be able to try it towards the end of next week and I'll let you know what happens.

Tomorrow, I'm going to install DNS onto the Server and see if that solves my problem, since, as you said, I can have more than one running DNS. That would mean that my Netgear would have DNS and my Server. I'll let you know what happens.

If you install DNS on the server without DHCP you'll have go around an manually update all of your workstations to point at your DNS server. On a network as small as yours this doesn't really present a problem, but it's something to think about.

When you say manually update, What do you mean? I won't have to give them static IP's will I?

No, not at all. But you will have to go in and tell them not to obtain their DNS server address automatically. In XP, login as an administrator, right-click on My Network Places, select Properties, right-click on Local Area Connection, select Properties again, scroll down the list and highlight (do not uncheck) Internet Protocol (TCP/IP), click the Properties button and you'll see the following: Select the Use the following DNS server addresses radio button and enter your DNS server's address. For Windows 7 go to Start Orb->Control Panel->Network and Sharing Center->Change adapter settings, right-click on Local Area Connection and proceed from that point.

Thnaks for the insight. I'll be trying it tomorrow.

Of course. Since you're not setting up DHCP on your server yet, just set everything back to Obtain DNS Server address automatically. Alternately, if it's bothering you that much, just put your router's address in the Alternate DNS server box. That way, if a lookup fails at the server it'll try the router next. PS. Important! Don't forget to set up the forwarders on the server or lookups will fail for anything but internal addresses.

This may seem like a dumb question, but can I revert back to the Firewall handing out the DNS if this causes any problems?

Adding the DNS role to the Server did the trick!!! Glad to hear it! Do I still need to add the DHCP role now that I have connectivity to the network? That all depends. Without your DHCP tied to your DNS you'll have to go in and modify the DNS settings on each computer you add to your domain. If it's not a problem for you, then it's not a problem for me either. From an Admin's POV it's just easier to have DHCP handle all the network configuration whenever I attach a new device, but then again, I'm dealing with several dozen PCs and other devices (Blackberry and Android smartphones, outside laptops - both customer and employee...)

Adding the DNS role to the Server did the trick!!! Do I still need to add the DHCP role now that I have connectivity to the network? (by the way, I don't have any first borns to name after you, but I will tip a few back for you)

Okay, let's see if I can explain this... Currently, your network is getting its DHCP from your SOHO (Small Office/Home Office) router. SOHO (and home consumer) routers, for all the wonderful things they do, are basically dumb devices when it comes to DHCP and DNS, in other words, they only recognize themselves. When your router doles out an IP address via DHCP it also sends out network configuration information to the receiving computer (address lease time, default gateway, default DNS server...) Since the router doesn't know of any DNS device except itself, it tells the receiving computer to set the router as the default DNS resolution device. You've now successfully set up a real DNS server on your Windows 2003 DC, but your router doesn't - and can't - even know it exists, so you need to tell Windows to look somewhere besides the router for DNS resolution. That's where changing the settings from automatic DNS to manual come in, you're overriding the info that the router is telling Windows to set. And it's only the DNS information that we're overriding, not the default gateway (that's still your router) and not the machine's IP address. Anyway, no, you don't need to set up static addresses. It's okay to let your router continue to give out IP addresses via DHCP as long as you realize that on any computer you want to access domain resources you'll have to go into the network settings and enter the address for your DNS server. If all you want to do is access the Internet - like maybe a customer comes in and hooks into your network - then this is unnecessary because the information the router passes out will still allow them to do this. I hope that didn't confuse you more. (And this is why I recommend setting up DHCP on the DC too - we can eliminate the router from the configuration equation altogether and just let it do the job it's best at: routing packets to the Internet.)

Bob, if you're still listening. When you say that I have tomodify the DNS settings on each computer, I take it you mean I should give each computer a static IP. If that is the case, should I be giving static IP's that are outside the range of the DHCP controller or can I use those IP addresses?

Thanks for the insight. I will eventually set up the DHCP on the Server, but want to wait until nobody's here as you suggested. Since I've set up the DNS on the Server, I have been able to join 4 Windows 7 machines to the network with no problems. Tahnk you again. I am experiencing 1 problem though and am wondering if it's because of what I did. Our accounting department uses Peachtree Acoounting and they are having problems connecting 2 computers to access a database. I've call Peachetree and they had me set static IP addresses on the 2 computers and I've also set host records that ties the IP and computer names together. Any ideas?

I am experiencing 1 problem though and am wondering if it's because of what I did. Our accounting department uses Peachtree Acoounting and they are having problems connecting 2 computers to access a database. Well yeah, if it was working before and it suddenly stopped, then I'd say it's related. Did you change the DNS settings on those machines to point to your new DNS server? Is Peachtree on a different server, also with a static address? Remember, you need add a Host record to your DNS for every device that has a static address. Let's make sure we're on the same page here - when you say: ... set host records that ties the IP and computer names together. I picture you going in to your DNS and adding Host (A) records for those machines; or did you just add entries into their HOSTS file? Either way, it's working now, right?

I have changed the DNS settings on those machines to point to the new DNS Server and yes both machines have static IP addresses. Yes, I added Host (A) records. Peachtree thinks they discovered the problem, but I won't know until everybody boots up tommorow. Peachtree says it was the Windows firewall blocking communication between the 2 machines. It is working now. I'll keep you informed. Thanks for the prompt reply.