Tuesday, 16 March 2010

Changing the Primary Domain DNS name of this computer to "" failed.

We have been hitting an error when adding Windows 7 and Windows 2008 R2 machines to our Windows 2003 domain, specifically:










.
.
.
.
This issue does not affect older versions of Windows and does not appear to stop the computer from successfully joining the domain. I looked into the c:\windows\debug\netsetup.log and found the Windows 7/2008 R2 perform an additional number of steps at the end of the domain join, things that previous OS versions have not done and the following error is shown:
NetpLdapBin:ldap_bind failed Server:81: Server Down
I am yet to discover exactly what these additional steps do, but it was easy to spot the problem. Throughout the domain join the server contacts the domain controllers using the DC FQDNs. In this last section it attempts to contact the domain controllers using the netbios name, which fails as we do not apply domain suffixes to our servers and workstations using DHCP - we use the standard DNS devolution and setting to apply parent DNS names. If you do use DHCP to apply DNS suffixes you more than likely will not see this issue. If you don't you can work around the issue by adding a manual DNS suffix for your domain before your domain join and then remove it again afterwards (this is how we are working around it for now). Or you could just ignore it as I cannot find any negative side affects.
Microsoft have confirmed this as a bug in Windows 2008 R2 and Windows 7 but have not yet committed to a fix date as they see it as low priority (as it does not break anything). I have requested a KB number from MS, which I will post ASAP.