Editing host file can be dangerous, and it can be miss leading. This is the first lesson of this post. We will see how to perform domain join operation for Server 2016 and How to avoid Server 2016 Domain Join Error Code 0x0000267C. I was not able to join the server to the domain. I tried with NetBIOS name of the domain and full FQDN without any success. I was confident that DNS server is configured correctly on the newly build server. The entire troubleshooting and Domain join processes are explained in the video here.
The DC server was not reachable from newly build server because of firewall configurations on the local server. I disabled the firewall on the server, and that resolved the reachability issue.
The basic checks we need to perform before joining a server 2016 to domain are
- Ping DC server with IP
- Ping DC server with short name
- Ping DC server with FQDN
- Remove the host file entries if there is any entry with the domain name or DC server name
- Check the required Firewall ports are opened between the member server and DC server
- Check the antivirus software (Symantec/MacAfee) are NOT blocking the communication
I received the following is the domain join error on server 2016 machine. An Active Directory Domain Controller (AD DC) for the domain “Intune.com” could not be contacted. Ensure that the domain name is typed correctly. If the name is correct, click details for troubleshooting information. I made sure that the domain name is correctly entered.
C:\Windows\Debug\dcdiag.txt is the log file which can provide us more details when you have any issues with domain join.I checked the DCDIAG.log file, and it gave more details about the domain join issue.
Domain Join Error Details
An error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "intune.com". The error was: "No DNS servers configured for local system." (error code 0x0000267C DNS_ERROR_NO_DNS_SERVERS) The query was for the SRV record for _ldap._tcp.dc._msdcs.intune.com
The domain name was correctly mentioned during the server 2016 domain join process. Also, the server can ping the domain and DC.But when I checked the host file of the local 2016 server, then there were some entries of domain name mapping. I deleted those entries from host file. Also, I checked the IPCONFIG information on the server and noticed that the DNS server IP was not configured. Rather DNS server IP was configured as gateway device IP. I removed the gateway IP and correctly configure the DNS server IP in the IPCONFIG utility. More details available in the video below.