I'm running into some major issues while trying to domain join a machine with my setup. I have five domain controllers that replicate perfectly, with two of them located on a different network. The machine seems to get the message that it has joined the domain, but after rebooting, it gives me an error that says "security database doesn't exist". I've checked the netlogon logs, and the only errors I'm seeing are related to the endpoint failing to register its A or AAAA records. I suspect this might be a DNS problem, but I'm not entirely sure how to troubleshoot it further. Any insights would be appreciated!
5 Answers
It might also help to take a closer look at the MTU settings. If there's a VPN involved, sometimes packets can get dropped because of size constraints. Lowering the MTU on the VPN tunnel could help.
Sounds like a classic DNS issue. The fact that the computer object is created but you're having trouble with the trust suggests that DNS isn't properly handling the requests. You might want to ensure that all the DNS settings are correct and that there's connectivity between the DCs across the networks. Run a few tests with pinging and nslookup to check if there's an issue there.
Totally agreed! Often it's DNS causing the fuss. Just make sure everything's resolving as you'd expect.
You might be hitting a replication delay issue. If the new computer object hasn’t replicated in time, trying to authenticate via a remote DC can lead to issues. Giving it some time might fix this, but if it doesn't, manually initiating a replication might also help.
I’d check the netsetup.log for any specific error messages too. If there's any RPC-related error, that could point you towards the issue. Also, triggering more logging during the join process might reveal more clues!
You should verify that the time settings on your machines aren't off by more than 5 minutes. Time discrepancies can really mess with trust relationships. If that's in check, the next step is ensuring that your DCs on the other subnet are reachable and configured correctly in your AD Sites and Services settings.
Yeah, timing can be a pain. But if everything is synced, then it's likely something else.
They say it's never DNS until it is! Definitely check your DNS records and configurations.