DNS lookup issue with Windows 7

The original issue is that I can???t add a Windows 7 computer to the domain, I
get an error saying: The following error occurred attempting to join the
domain ???domainname???:  An attempt to resolve the DNS name of a domain
controller in the domain being joined has failed??????

Background.

The active directory was recently upgraded from 2003 with 2 2003 domain
controller servers.  Those servers are now gone, replaced by 2 windows 2008r2
servers both running DNS.

Windows XP machines can join the domain and do nslookups without issues as
well as Windows 7 Machines that are already on the domain, can do nslookups
without issues.

Windows 7 Machines that are not on the domain, get valid DHCP addresses from
the domain controller, as well as the correct dns server address.  They also
show up on the DNS server as an address lease and under the reverse
lookupzone.  But nslookups to internal pc???s/server time out. The problem
machines can browse the internet.

I have checked the dns settings over and over again, and everything looks
correct, I have even tried deleting and recreating the reverse lookup zones.
Dynamic Updates on the reverse lookup zone are set for nonsecure and secure.
I see no errors in the even log on the server.

More Info:Here is the ipconfig/all from the windows 7 machine not on the

More Info:

Here is the ipconfig/all from the windows 7 machine not on the domain:

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix  . : domainname.bc.ca
Description . . . . . . . . . . . : Intel(R) 82566MM Gigabit Network
Connecti
on
Physical Address. . . . . . . . . : 00-1E-68-BD-28-2E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.100.170(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, January 29, 2010 2:53:37 PM
Lease Expires . . . . . . . . . . : Monday, February 01, 2010 3:21:41 PM
Default Gateway . . . . . . . . . : 192.168.100.2
DHCP Server . . . . . . . . . . . : 192.168.100.1
DNS Servers . . . . . . . . . . . : 192.168.100.1
NetBIOS over Tcpip. . . . . . . . : Enabled


and a sample of the nslookup (returns properly on any XP machine on/off the
domain, or any Windows 7 machine already joined to the domain:

Server:  chdomainy.domain.bc.ca
Address:  192.168.100.1

DNS request timed out.
timeout was 2 seconds.
*** Request to chdomainy.domain.bc.ca timed-out


And the IPconfig from the server:

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix  . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : 00-26-B9-39-38-A5
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.100.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.2
DNS Servers . . . . . . . . . . . : 192.168.100.1
192.168.100.15
NetBIOS over Tcpip. . . . . . . . : Enabled

The ipconfigs look good.

The ipconfigs look good. I was wondering what the Search Suffix is on the
Windows 7 machine. Does it match the AD DNS domain name?

When you are trying to join the Windows 7 machine, what are you using for
the domain name? The FQDN name (domain.com), or the NetBIOS name ("domain")?

How about when you provide credentials? Are you using

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please
contact Microsoft PSS directly. Please check http://support.microsoft.com
for regional support phone numbers.

"Ace Fekay [MVP-DS, MCT]" wrote:Yes, the search suffix is correct, it is the

Yes, the search suffix is correct, it is the full domain name and matches
the Windows 7 machine that is working correctly.

I have tried both ways, when using the FQDN, i get a different error:

not your network's administrator, notify the administrator that you received
this information, which has been recorded in the file
C:\Windows\debug\dcdiag.txt.

WWW browser access is very likely a red herring.

WWW browser access is very likely a red herring. For all we know, you
have a proxy HTTP server, and the DNS lookups to turn (the domain name
portions of) URLs into IP addresses are not even being done locally on
those machines. WWW browsers are not DNS diagnosis tools.

it is time for you to watch der blinkenlichten, either with some
appropriate network traffic sniffing tools or with your own eyes. When
you perform a query using a DNS lookup tool, a DNS/UDP packet is being
sent to the proxy DNS server at 192.168.100.1. You need to prove that it
even leaves the machine and goes along the wire. If it does, you then
need to prove that the proxy DNS server at 192.168.100.1 receives it and
responds. Then you need to prove that the response returns to the
machine at 192.168.100.170. If you fail at any stage, then you need to
investigate what is stopping the network traffic at that point. (For the
response traffic, for example, one potential cause would be two machines
erroneously sharing that IP address.)

"Ace Fekay [MVP-DS, MCT]" wrote:

"Ace Fekay [MVP-DS, MCT]" wrote:

"Ace Fekay [MVP-DS, MCT]" wrote:

"Ace Fekay [MVP-DS, MCT]" wrote:

"bradtf" wrote:

"bradtf" wrote: