Unable to join domain – ‘The network path was not found’ & Adding domain controller fails

Question

Hello,

I'm getting the attached error while adding the new tree newdomain.com to Forest (domain.com).

Even I tried to join the computers which are in sub-branch network (192.168.10.0) to our Main branch domain still facing the same issue.

Below are the points I have tested.

    *We can ping from AD server from Branch server  
*we can resolve the AD DNS names  
*assigned static IP to New server & added primary DNS as Main DC IP and checked  
*Checked by turning off domain firewall from both ends  
*Tried with enterprise & Domain admin user accounts while adding a tree.  
*Created branch site in active directory sites & subnets and mapped branch network subnet to site.  
*Added & allowed branch subnet(192.168.10.0/24) in domain firewall.  

We are not facing this issue in other branches, we have recently created new DC in one of my sub-branch locations and we didn't face any issue while adding a domain controller.

we are facing this issue only from the particular branch. we have IP Sec tunnel establish from this branch to main branch and nothing restricted. Please suggest

Regards,
Ram

Answer 1

Hello All,

The issue is resolved after the network team allowed the required ports in network firewall.
When we had a call discussion with the network team, they claimed nothing is blocked.
But however when we tested the connection of required ports by using PowerShell, we found connectivity is blocked.

UDP Port 88 for Kerberos authentication,

UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations.

TCP Port 139 and UDP 138 for File Replication Service between domain controllers.

UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.

TCP and UDP Port 445 for File Replication Service

TCP and UDP Port 464 for Kerberos Password Change

TCP Port 3268 and 3269 for Global Catalog from client to domain controller.

TCP and UDP Port 53 for DNS from client to domain controller and domain controller to domain controller

TEST from NEW server to domain controller

Test-netconnection 10.10.10.10 -port 445
Test-netconnection 10.10.10.10 -port 88
Test-netconnection 10.10.10.10. -port 138..........etc

After network team allowed those ports in firewall, we are able to create new tree domain and able to join domain.

If its failed, the windows or network firewall is blocking the ports...!!

Regards,
Ram

Answer 2

I'm just trying to think outside of the box here, but are they Azure AD Hybrid joined PCs?

Answer 3

Had the similar problem. After putting the firewall down I managed to add problematic machine to the domain.

Answer 4

we had the same issue, we flushed the dns then renewed and all worked just fine afterwards.

Answer 5

Go back and check your DNS configuration, that's where the problem is. I spent 2 days with the same problem, my DNS configuration was wrong, once entered again it worked like a charm.