Tuesday, 16 March 2010

Changing the Primary Domain DNS name of this computer to "" failed.

We have been hitting an error when adding Windows 7 and Windows 2008 R2 machines to our Windows 2003 domain, specifically:

This issue does not affect older versions of Windows and does not appear to stop the computer from successfully joining the domain. I looked into the c:\windows\debug\netsetup.log and found the Windows 7/2008 R2 perform an additional number of steps at the end of the domain join, things that previous OS versions have not done and the following error is shown:
NetpLdapBin:ldap_bind failed Server:81: Server Down
I am yet to discover exactly what these additional steps do, but it was easy to spot the problem. Throughout the domain join the server contacts the domain controllers using the DC FQDNs. In this last section it attempts to contact the domain controllers using the netbios name, which fails as we do not apply domain suffixes to our servers and workstations using DHCP - we use the standard DNS devolution and setting to apply parent DNS names. If you do use DHCP to apply DNS suffixes you more than likely will not see this issue. If you don't you can work around the issue by adding a manual DNS suffix for your domain before your domain join and then remove it again afterwards (this is how we are working around it for now). Or you could just ignore it as I cannot find any negative side affects.
Microsoft have confirmed this as a bug in Windows 2008 R2 and Windows 7 but have not yet committed to a fix date as they see it as low priority (as it does not break anything). I have requested a KB number from MS, which I will post ASAP.


白色情人節 said...

thx u very much, i learn a lot

Anonymous said...

OMG! I'm stucked with this issue for a couple of days now. Thank you very much for this article!!! Now I got what's the problem. To fix this I just added entry to LMHOSTS file. Thank you Thank you Thank you!

hilmar said...

YEPP - brilliant explanation
makes it easy to understand

it sometimes helps to test with a second machine - a newly clean installed one with a new name


rhizhiy said...

thanks, had the same issue here, R2 box in win2003domain..

Anony Mouse said...

Thanks for the explanation. I've seen this problem on our network, but just brushed it aside. Glad to know that it's nothing serious.

Anonymous said...

I ran into this problem and corrected it by adding the DNS suffix, per your suggestion.

Thank you.

BTW, did MS ever give you the KB?

Micky Thompson said...

Thank you for posting this solution! I couldn't find a solution to this problem and your post pointed me right to it! You rock!

Rob Head said...

Sorry, no MS have never given me a KB number for this issue. I can't believe it has still not been fixed!

Anonymous said...

Thank you !

Anonymous said...


Dal said...

Thank you for posting a solution, but to say the error is harmless, is wrong.
When I got this error, I'm not able to log on to the server (via RDP) using domain users, I have to use local users. Same with file shares.
Also, when I reboot the servers, and get the logon screen, the local computer domain is selected as default, not the AD domain, as is common after a servers has joined a domain.
And that is just some problems I found after a few minutes of fiddling around, I guess there are more errors :)

Rob Head said...

Hi Dal,
It sounds like your machine has failed to bind to the domain at all - perhaps a different reason for the same message as we don't see the issues you describe.