Unable to join domain – ‘The network path was not found’ & Adding domain controller fails

Question

Hello,

I'm getting the attached error while adding the new tree newdomain.com to Forest (domain.com).

Even I tried to join the computers which are in sub-branch network (192.168.10.0) to our Main branch domain still facing the same issue.

Below are the points I have tested.

    *We can ping from AD server from Branch server  
*we can resolve the AD DNS names  
*assigned static IP to New server & added primary DNS as Main DC IP and checked  
*Checked by turning off domain firewall from both ends  
*Tried with enterprise & Domain admin user accounts while adding a tree.  
*Created branch site in active directory sites & subnets and mapped branch network subnet to site.  
*Added & allowed branch subnet(192.168.10.0/24) in domain firewall.  

We are not facing this issue in other branches, we have recently created new DC in one of my sub-branch locations and we didn't face any issue while adding a domain controller.

we are facing this issue only from the particular branch. we have IP Sec tunnel establish from this branch to main branch and nothing restricted. Please suggest

Regards,
Ram

Answer 1

Hello All,

The issue is resolved after the network team allowed the required ports in network firewall.
When we had a call discussion with the network team, they claimed nothing is blocked.
But however when we tested the connection of required ports by using PowerShell, we found connectivity is blocked.

UDP Port 88 for Kerberos authentication,

UDP and TCP Port 135 for domain controllers-to-domain controller and client to domain controller operations.

TCP Port 139 and UDP 138 for File Replication Service between domain controllers.

UDP Port 389 for LDAP to handle normal queries from client computers to the domain controllers.

TCP and UDP Port 445 for File Replication Service

TCP and UDP Port 464 for Kerberos Password Change

TCP Port 3268 and 3269 for Global Catalog from client to domain controller.

TCP and UDP Port 53 for DNS from client to domain controller and domain controller to domain controller

TEST from NEW server to domain controller

Test-netconnection 10.10.10.10 -port 445
Test-netconnection 10.10.10.10 -port 88
Test-netconnection 10.10.10.10. -port 138..........etc

After network team allowed those ports in firewall, we are able to create new tree domain and able to join domain.

If its failed, the windows or network firewall is blocking the ports...!!

Regards,
Ram

Answer 2

DSPatrick,

The screenshot attached is downloaded from Google.

Anyway I'm using domain name at the time of joining.. Ex : "domain.com" didn't faced any issues from the last 6 years.

And in the remaining branches, it's working fine. issue from only particular one branch office.

Regards,
Ram

Answer 3

Hi,

It can be a DNS resolution issue ot network flow issue between the server and domain controllers.

Try to resolve the domain name from the server using nslookup command

You can use download the PortQry tools to check required network flows between the server and domain controllers details.aspx

---

Please don't forget to mark helpful reply as answer if it help you to fix your issue

Answer 4

Hi,

For How to troubleshoot errors that occur when you join Windows-based computers to a domain,
If still can't find the reason , you may try to refer to the log of domain join operations in the %windir%\debug\Netsetup.log file on the clients.

Best Regards,

Answer 5

Thameur-BOURBITA , I'm able to nslookup the domain controller. I dont think the issue with DNS from both ends we are able to nslookup & ping successfully

Regards,
Ram