"Domain does not exist Or could not be contacted"?

Discussion in 'Active Directory' started by marek1712, Apr 6, 2009.

  1. I'm sorry, I was trying to read back in the thread to see where it is now
    failing. The ipconfigs look good, but it appears the dcdiag is spitting out
    errors regarding Kerberos, not able to get a DC list, among others.

    I apologize if we went over this, but if you can provide a re-cap on the
    following to get us caught up, that would be great.

    Have you disabled the IPv6 services in the NIC properties? (Disable IPv6,
    and the two Link Layer objects).
    Any 3rd party antivirus or spyware programs?
    Are all 3 instances of the Windows Firewall disabled?

    And describe how you are trying to add a group or a member to the group.

    Ace Fekay [Microsoft Certified Trainer], Apr 14, 2009
    1. Advertisements

  2. Also, concerning the the net start, and I understand it is in Polish, so
    maybe you can look for the following services in Server Manager to make sure
    they are enabled or disabled:

    Active Directory Domain Services - enabled
    DHCP Client Service - enabled
    DNS Client - enabled
    DNS Server - enabled
    Internet Connection Services (ICS) - DISABLED
    Netlogon - enabled
    Kerberos KDC - enabled

    Ace Fekay [Microsoft Certified Trainer], Apr 14, 2009
    1. Advertisements

  3. marek1712

    marek1712 Guest

    I'm sorry I couldn't reply faster (I had an important exam today).
    I have disabled IPv6 in the NIC's properties (and the registry). Is it
    really required to disable Link Layer items?
    I have installed Avira Server trial as KIS2009 isn't supported by the
    Windows Server.
    What should I disable in the Windows Firewall (it's running by the way)?
    ADUC is working properly. This problem occurs only when I try to add a group
    to the RADIUS rule in the Network Policy Server.

    To add a user I open ADUC, click on the "Create new user..." button, fill
    the information (e.g. user logon name: test2 and pick @przyklad.pl as it's
    naturally the only option available), then click on next (filling password)
    and finish at the confirmation window.
    To create a user group I click similar button, fill-in group's name , select
    Global group scope and "Security" as a group type.
    To add a user I pick "Properties" of a given group, select "Members" tab and
    select users via "Add..." button.

    As for the services - everything has the status as shown by you.

    marek1712, Apr 15, 2009
  4. Hello marek1712,

    In 2008 the firewall is running by default, according to the roles and features
    you install the needed ports are opened automatic. I am running out of ideas
    why it is not possible, to be honest. The domain and DNS seems to be ok.
    Maybe you should think about to open a call at MS support.

    Best regards

    Meinolf Weber
    Meinolf Weber [MVP-DS], Apr 15, 2009
  5. If the only concern is when adding the group in NAP, maybe NAP is not
    configured properly or it is looking for a Universal Group.

    Otherwise at this point, if that doesn't work, and I don't know what you
    went through to configure NAP and RRAS (which is a whole other procedure and
    process for a separate discussion to go over), maybe I must agree with
    Meinolf that it may be time to call Microsoft PSS and open a ticket.

    Ace Fekay [Microsoft Certified Trainer], Apr 15, 2009
  6. marek1712

    marek1712 Guest

    Well - I did everything by default. I didn't install RRAS as I don't need
    Health Policies and such - only 802.1X authenticating based on certificates.

    Anyway - I don't see a need to pay lots of money to MS support if the only
    problem is to switch to another container when selecting user group in the

    I'd like to express my gratitude to all the help both of you provided. As a
    beginner I didn't know of certain issues and you certainly helped me get rid
    of them. Once again - thank you and best regards,

    marek1712, Apr 16, 2009

  7. Hello Marek,

    Glad to be of service, for the most part. Keep learning. There's alot to
    learn, and after all the years I've been doing and teaching it, I still find
    stuff I didn't know about!

    Ace Fekay [Microsoft Certified Trainer], Apr 16, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.