Unable to join domain with new windows 10 computers - build 1803

2018-05-17

Question

_{Thursday, May 17, 2018 3:02 PM | 1 vote}

I have 3 new computers that I am truing to join to our domain and it cant seem to find the domain. I can ping the domain controller. Any suggestions on resolving this without having to roll back to the previous build, which will also take with it all of the apps that I installed after this build was installed. I have rolled back a computer and joined the domain from that computer, so I know that rolling back will work, but I did loose all the apps I installed and in the process of reinstalling them.

All replies (72)

_{Friday, May 18, 2018 3:16 AM | 2 votes}

Hi Jamie，

What's error message when you attempt to join the domain? What's your DC Sever version?

Here I suggest you check and install all available Windows Update. Now the latest build is 17134.48.

Besides that, please also enable the SMBv1.0 and flush your DNS record with the following command as Admin to have a try:

ipconfig /flushdns

Furthermore，I will submit this feedback via our own channel.

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].

_{Friday, May 18, 2018 9:02 AM | 1 vote}

Hi,

we have the same issue with multiple 1803 installations, we cannot join our domain anymore. Domain join worked and still works (just verified) with all former Windows versions (XP, Vista, 7, 8, and 10 until 1709) but 1803 shows an error on all machines I have tried until today. We (unfortunately) still have Windows Server 2003 as DC but we need this working again asap - or better yesterday. Of course, SMBv1 is activated in 1803, and build version is 17134.48 with all available updates.

Is there a workaround except rolling-back or reinstalling an older Windows version?

This is the error message:

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "MYDOMAIN":

The query was for the SRV record for _ldap._tcp.dc._msdcs.MYDOMAIN

The following domain controllers were identified by the query:
MYSERVER.MYDOMAIN

However no domain controllers could be contacted.

Common causes of this error include:

Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.
Domain controllers registered in DNS are not connected to the network or are not running.

Best regards,

Toni

_{Friday, May 25, 2018 7:33 PM | 2 votes}

I am also having this same issue. Unable to join new Windows 10 machines to Server 2012 domain with domain functional level Server 2003. Receiving same error that the domain controller could not be contacted.

Thanks.

_{Wednesday, May 30, 2018 7:35 AM | 1 vote}

Any updates, Microsoft? I see many people experiencing the same problem with NT4-style domains. I can confirm this problem rises after a clean 1803 install.

_{Wednesday, May 30, 2018 7:51 PM | 1 vote}

I'm having the same issue with 3 new I7 PC's upgraded from Home to Pro. I'm trying to add them to our Domain. The domain is on a Dell Windows Server 16 Standard server. And just add an I7 the same way 2 months ago. It believe it in Workstation side. And is Microsoft trying to sell us the new Work Station addtion?

_{Wednesday, June 6, 2018 2:14 PM}

Hi Everybody,

I have the same problem with a new PC on Win10 PRO ver.1803 (pre-installed version) on a domain controlled by DC 2003 Server. Receiving same error that the domain controller could not be contacted.

I have enabled SMB1.0 option and flushed DNS but without success... :(

_{Wednesday, June 6, 2018 2:47 PM}

I also have this issue, as we have a functional level of 2003 and this is a clean installation of Windows 10 Pro (1803) and previously it was 1709 and was joined to the domain. But since migrating to 1803 it fails to join the domain with the same error of unable to contact domain.

_{Wednesday, June 6, 2018 5:57 PM}

The only solution that worked was to install 1709, add to domain and then update to 1803 - everything seems OK. But clean install does not work.

_{Thursday, June 7, 2018 8:16 PM}

Same problem here. Microsoft has clearly updated the procedure used in joining domains.

_{Monday, June 11, 2018 2:10 PM | 17 votes}

If it's a single name domain (i.e contoso, and not contoso.org), the answer is this (do this changes in the workstation, not in the dc):

Start, Run, write regedit,ENTER.
- Lookup this subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters
- Locate AllowSingleLabelDnsDomain. If the key AllowSingleLabelDnsDomain does not exist:
  1. Edit, New, DWORD.
  2. Write AllowSingleLabelDnsDomain as key name, and ENTER.
- Double click AllowSingleLabelDnsDomain.
- Set the Value to 1.
Exit regedit
Try to join the domain

_{Tuesday, June 12, 2018 1:44 PM}

SAME HERE. Windows update installed 1803 and did a complete system restore. All my programs were removed! Did a clean install of 1803 and now I cannot join it back to the Domain. Thanks Microsoft.

_{Tuesday, June 12, 2018 2:04 PM}

Adding the above reg key did not work

_{Tuesday, June 12, 2018 2:09 PM | 4 votes}

Was able to add to domain by using action center...accounts...access work or school. Added .local to domain name.

_{Thursday, June 14, 2018 1:43 PM}

How did You do this? I change registry, like Fladnar says. I have Samba PDC with SMBv2 on. I connect to it from Win10 before update 1803. They are still connected. But now i have new PC and have error: "Cannot connect to domain. (error code 0x0000232B RCODE_NAME_ERROR)". Somebody have solution? I probably will take old Win10 installation disc and use it.

_{Thursday, June 14, 2018 5:09 PM}

Fladnar,

Was beating my head with this for a few days. 1709 would join the domain with no problems...1803 not so much. Added the registry key and was instantly able to join with 1803.

Thanks so much!

_{Friday, June 15, 2018 9:42 PM | 2 votes}

This issue being described in this thread is a known bug. RS4 broke remote mailslots which causes mailslot dependent operations like domain join to fail.

Look for this signature in NETLOLGON logs showing an 1803 client attempting to join a domain with NetBIOS domain name "CONTOSO" after setting DBFLAG = 2080FFFF

[Microsoft-Windows-DCLocator/Debug] Message=Sent out 'Sam Logon' message to \Contoso*\MAILSLOT\NET\NETLOGON on all transports.
[Microsoft-Windows-DCLocator/Debug] Message=NetpDcSendPing: cannot write netlogon mailslot: Contoso 0x0 53
[Microsoft-Windows-DCLocator/Debug] Message=NlBrowserSendDatagram : returned 0x35

Until MSFT fixes this later this summer, use a fully qualified DNS name to refer to the domain being joined.

This will allow domain joins on 1803 to complete assuming no other [security] settings in the registry + policy are causing domain join to fail. For example, domain join will fail with DC Discovery related errors when the NT4Emulator setting is enabled:

https://support.microsoft.com/en-us/help/2008652/unable-to-join-windows-server-2008-r2-or-windows-7-computer-to-active

_{Saturday, June 16, 2018 1:34 AM}

Hi All,

This is my store of Windows 10 Pro 1803 that would not join a local domain. Google Offline Domain Join Active Directory 3-minute fix. I'd post the link but it wasn't allow too.

3-new PC’s, 3-weeks trying to find the fix. Microsoft sales person try to sell me I a volume license of Pro to fix this. I knew the DNS error I was seeing was not right. If I enter a PC name from the Domain it would error it a second. But when I enter the correct Domain and Machine Name it would give an DNS error. After all my years of doing this I knew it was programming error on Microsoft part. There a lot of us have this same error over the past month. And Microsoft has not posted any new Child Lock on Windows Pro like their sales person had told me. I hope this fixes a lot of your issue quick to…

Yard Tech

_{Saturday, June 16, 2018 12:26 PM}

I think this thread is splitting. As far as I can see the OP has asked a question which is effectively "How do I get a 1803 PC to join an NT4 type of Domain". This is not an Active Directory Domain. It is a domain of the type last used in SBS2003 and is currently still available in Samba/linux. It is the same issue as I have and a few other people in the thread.

Fladnar's solution was for how to join a single name AD domain and not an NT4 domain. If it was meant to apply to an NT4 domain as well, it did not work for me.

eventtrac's post also looks like it is for an AD domain, but I'll work my way through it.

If anyone knows of the solution to the original issue, I'd love to hear it.

_{Monday, June 18, 2018 8:51 AM}

Glad it worked for you!!!

_{Tuesday, June 19, 2018 8:38 AM}

@eventtrac,

It looks like you've edited your post and I was going to work my way through it today. I have problems joining an 1803 machine to an old style NT4 domain (requiring SMB 1.0 which I have enabled). Was your post applicable to my scenario or was it only relevant for joining an Active Directory Domain? It it was relevant, please can you repost your steps to debug with what to look for?

I have tried enabling netlogon debugging and I am getting:

C:\Windows\system32>Nltest /DBFlag:2080FFFF
SYSTEM\CurrentControlSet\Services\Netlogon\Parameters set to 0x2080ffff
I_NetLogonControl failed: Status = 1722 0x6ba RPC_S_SERVER_UNAVAILABLE

Also the netlogon setvice is not enabled. I suspect this is because it is for an Active Directory domain.

If I allow single word domain names, the NetSetup.LOG gives:

06/19/2018 09:16:11:766 NetpValidateName: checking to see if 'LAPTOP' is valid as type 1 name
06/19/2018 09:16:11:766 NetpCheckNetBiosNameNotInUse for 'LAPTOP' [MACHINE] returned 0x0
06/19/2018 09:16:11:766 NetpValidateName: name 'LAPTOP' is valid for type 1
06/19/2018 09:16:11:766 
06/19/2018 09:16:11:766 NetpValidateName: checking to see if 'Laptop' is valid as type 5 name
06/19/2018 09:16:11:766 NetpValidateName: name 'Laptop' is valid for type 5
06/19/2018 09:16:11:781 
06/19/2018 09:16:11:781 NetpValidateName: checking to see if 'CLEARSYSTEM' is valid as type 3 name
06/19/2018 09:16:11:797 NetpCheckDomainNameIsValid for CLEARSYSTEM returned 0x54b, last error is 0x0
06/19/2018 09:16:11:797 NetpCheckDomainNameIsValid [ Exists ] for 'CLEARSYSTEM' returned 0x54b

CLEARSYSTEM is the domain I am trying to join.

TIA,

Nick

_{Thursday, June 21, 2018 1:59 AM | 1 vote}

Hi all,

After confirm with product team, this is a known issue and they are in investing it.

Please keep your Windows up to date. There will be fixed in further released build.

If any update, I will post here as soon as possible.

Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].

_{Thursday, June 21, 2018 4:26 AM}

@ NickJH - sorry to pull the rug out from under you. Pointless exercise now that we know that this is a bug in the RTM release of RS4 AND know what the signature is to confirm a scenario match.

Domain Joins using short NETBIOS names are going to fail on 1803 until the remote mailslot bug gets fixed later this summer.

The Only workaround is to perform the join using the "long" fully qualified DNS domain name - i.e. "contoso.com" vs. NetBIOS domain name "contoso".

Moderator Karen has offered to share an update as to when this bug gets fixed. I expect that Microsoft will document the issue in the release notes of the RS4 monthly update that resolves the bug.

_{Thursday, June 21, 2018 3:52 PM}

@eventtrac,

I thought you had a solution there but I can't get it to work. Bear in mind this is an old-style NT4 domain running in Samba on Linux and not an Active Directory domain. My NETBIOS name is CLEARSYSTEM so I've tried using both CLEARSYSTEM.howitts.test and just howitts.test as the Domain name when joining. I have added the following srv records:

srv-host=_ldap._tcp.dc._msdcs.clearsystem,172.22.22.1
srv-host=_ldap._tcp.dc._msdcs.clearsystem.howitts.test,172.22.22.1
srv-host=_ldap._tcp.dc._msdcs.howitts.test,172.22.22.1
srv-host=_ldap._tcp.dc._msdcs.CLEARSYSTEM,172.22.22.1

(throwing the book at it). But it still comes back with a message that the Active Directory Domain Controller for howittts.test or clearsystem.howitts.test could not be found.

This is the dcdiag.txt log for the CLEARSYSTEM.howitts.test:

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "CLEARSYSTEM.howitts.test":

The query was for the SRV record for _ldap._tcp.dc._msdcs.CLEARSYSTEM.howitts.test

The following domain controllers were identified by the query:
172.22.22.1


However no domain controllers could be contacted.

Common causes of this error include:

- Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect addresses.

- Domain controllers registered in DNS are not connected to the network or are not running.

CLEARSYSTEM.howitts.test resolves correctly and responds to pings.

Is your solution for an AD DC only or should it work for both domain types? If it should work for both, are you able to help me troubleshoot it?

TIA, Nick

_{Sunday, June 24, 2018 6:25 PM}

I was hoping a "solution" would be to "upgrade" to rel 1709. However, Microsoft didn't allow going back to an older version without throwing out all applications and settings. Microsoft - please fix this mess. You insist on pushing out a new set of "features" every 6 months, but the main feature seems to be things to make gamers happy and break things for the business users.

_{Tuesday, June 26, 2018 9:57 PM}

Is there a technical reason why domain join can't be completed with a fully qualified DNS domain name until MSFT releases a fix or are you joining domains with single label DNS domain names? Agree that the regression is disappointing but most users should not be blocked from completing domain joins in the majority of AD domains.

_{Wednesday, June 27, 2018 11:38 AM}

I am not aware that old-style NT4 domains can have a fully qualified DNS. They are stuck at a maximum of 15 (?) characters as was the old Workgroup. DNS records are not needed and NetBIOS is used. If I use AD style DNS records, it just tells me it cannot find an AD DC although it finds the server IP. I have tried DNS records with:

DOMAIN

DOMAIN.my.lan

my.lan

domain

None of these worked. Also note it is not an AD domain I am trying to join.

_{Wednesday, June 27, 2018 5:11 PM | 1 vote}

If it's a single name domain (i.e contoso, and not contoso.org), the answer is this (do this changes in the workstation, not in the dc):

Start, Run, write regedit,ENTER.

Lookup this subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Locate AllowSingleLabelDnsDomain. If the key AllowSingleLabelDnsDomain does not exist:

Edit, New, DWORD.

Write AllowSingleLabelDnsDomain as key name, and ENTER.

Double click AllowSingleLabelDnsDomain.

Set the Value to 1.

Exit regedit

Try to join the domain

Several hours wasted until I found your post. Thank you!

_{Thursday, June 28, 2018 3:47 PM}

Had the same issue. it seems like you cant join tthe domain on 1803 only with the netbios name. you have to use the fqdn. for me this worked.

_{Friday, June 29, 2018 8:33 AM}

@BBS_BUA,

Were you joining an AD domain or an old-style domain? If it was an old-style domain, what did you use as the FQDN and what is your NetBIOS name?

_{Friday, July 6, 2018 4:07 PM | 1 vote}

Did anybody find a solution for this problem? Connect fresh Windows 10 Version 1803 to a NT4 Style domain

_{Monday, July 9, 2018 1:57 PM}

After many hours trouble shooting, adding this subkey worked for us.

Thanks

_{Tuesday, July 10, 2018 12:23 AM}

Excellent, something finally worked.

Plagued with this bug for 2 months

_{Thursday, July 19, 2018 9:01 PM | 1 vote}

This worked for me thanks. It was getting real frustrating having to roll back to 1709 to join a domain.

_{Friday, July 20, 2018 12:13 PM}

Is your domain NT4 (Samba 3) or Samba Active Directory (Samba 4)?

Looks like Samba 3 (NT4) domains support has been silently dropped from Windows 10 at or after version 1709.

Please refer to Samba Wiki site, they have a notice about that.

_{Wednesday, July 25, 2018 11:54 AM}

Glad it worked for you!

_{Thursday, July 26, 2018 7:56 AM}

If it's a single name domain (i.e contoso, and not contoso.org), the answer is this (do this changes in the workstation, not in the dc):

Start, Run, write regedit,ENTER.

Lookup this subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Locate AllowSingleLabelDnsDomain. If the key AllowSingleLabelDnsDomain does not exist:

Edit, New, DWORD.

Write AllowSingleLabelDnsDomain as key name, and ENTER.

Double click AllowSingleLabelDnsDomain.

Set the Value to 1.

Exit regedit

Try to join the domain

Hello,

This worked for me just had to perform restart of the machine after making the change in the registry.

Thanks for help.

_{Thursday, July 26, 2018 2:23 PM}

Glad it worked!

_{Friday, July 27, 2018 2:20 PM}

None of these functions worked for anyone using Samba3.
It seems to me that Microsoft has abandoned Samba3.

_{Friday, July 27, 2018 2:22 PM}

If it's a single name domain (i.e contoso, and not contoso.org), the answer is this (do this changes in the workstation, not in the dc):

Start, Run, write regedit,ENTER.

Lookup this subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters

Locate AllowSingleLabelDnsDomain. If the key AllowSingleLabelDnsDomain does not exist:

Edit, New, DWORD.

Write AllowSingleLabelDnsDomain as key name, and ENTER.

Double click AllowSingleLabelDnsDomain.

Set the Value to 1.

Exit regedit

Try to join the domain

It worked flawless for me!

_{Friday, July 27, 2018 9:57 PM}

Thank You!

_{Monday, July 30, 2018 8:29 AM}

Hello,
>> Here << you can download script that will help you create or modify the **AllowSingleLabelDnsDomain **registry key.

Hope its useful.

_{Monday, July 30, 2018 2:16 PM}

He had already included this record but without success.

_{Thursday, August 2, 2018 2:44 PM}

Okay I think I have a permanent solution to this. The problem id caused because technology moves on and there are two fronts on which this has occurred here.

IPv6 is now used in preference over IPv4. Server 2003 didn't speak IPv6 and so there can be an IP protocol mismatch between new Windows clients talking V6 saying "Hi there" and the ancient 2003 server holding it's ear trumpet up and shouting "Say what!!?"
- Solution: Disable IPV6 on the client computer that you are attempting to join to the domain
The SMBv1 protocol is bad and nasty and has been EOL'd for current builds of Windows. It was the series of gaping hole vulnerabilities in SMBv1 protocol that were exploited in the recent Wannacry Cryptovirus outbreak. The world has moved to better and more secure versions of SMB. Unfortunately your poor old server is still stuck in the dark ages and sits there saying *"I can only let you join the domain sonny, if you bring me some good old SMBv1 like my momma used to make it and whilst your at it, I want a gramophone and some Brylcream."
*- Solution: Install SMBv1 in the <Add Windows Programs & Features> area and then reboot.

I hope this helps someone.

_{Sunday, August 5, 2018 9:15 AM}

Okay I think I have a permanent solution to this. The problem id caused because technology moves on and there are two fronts on which this has occurred here.

IPv6 is now used in preference over IPv4. Server 2003 didn't speak IPv6 and so there can be an IP protocol mismatch between new Windows clients talking V6 saying "Hi there" and the ancient 2003 server holding it's ear trumpet up and shouting "Say what!!?"

Solution: Disable IPV6 on the client computer that you are attempting to join to the domain

The SMBv1 protocol is bad and nasty and has been EOL'd for current builds of Windows. It was the series of gaping hole vulnerabilities in SMBv1 protocol that were exploited in the recent Wannacry Cryptovirus outbreak. The world has moved to better and more secure versions of SMB. Unfortunately your poor old server is still stuck in the dark ages and sits there saying *"I can only let you join the domain sonny, if you bring me some good old SMBv1 like my momma used to make it and whilst your at it, I want a gramophone and some Brylcream."
*- Solution: Install SMBv1 in the <Add Windows Programs & Features> area and then reboot.

I hope this helps someone.

Sorry but this does not work for me. I still get the same message about not being able to contact an AD DC on the network.

_{Tuesday, August 14, 2018 2:46 AM}

It may be that on Microsoft Windows Server, which is a 64-bit operating system, there are 32-bit (x86) or 32-bit (x86) applications installed on it, when there is almost always something that is not working right.

On Microsoft Windows Server (which is 64-bit version) when there are 32-bit (x86) drivers or 32-bit (x86) applications installed on it, there are usually some problems later, and one of these problems occurs in Windows Update automatic downloads.

To correct the problem, you must under Control Panel, Programs and Features, uninstall all 32-bit (x86) drivers, download and install the 64-bit (x64) version of these drivers, and finally restart the server.

Same the same in Windows 7 (64 bit version, idem in Windows 8.1 (64 bit version) and idem in windows 10 (64 bit version).

And in the network card configuration, in TCP / IP version 4, in the item primary IP address (can not be in automatic, the IP address must be fixed address), and the gateway is the IP address of the router.

If the computer / server is sharing folders with other users on the network, the IP address of that computer / server must also be a fixed IP address.

_{Tuesday, August 14, 2018 5:51 PM | 1 vote}

Here with me, I have computers with Windows 7 (32 bit version and 64 bit version installed), and I have computers with Windows 10 (64 bit version installed).

On the Windows 10 computer, click the window icon, then click the Configuration icon, then click System, then click About to see if your Windows 10 installed is a 64-bit (x64) or 32-bit version bit (x86).

Then click on the Configuration icon, click on Ethernet, click on change adapter options, this will show the network connections. Click one of the network connections (you are viewing there) with the right mouse button, and choose properties, so you can change the network adapter's settings in TCP / IP version 4.

In the item Network Connections, in the item Ethernet Properties, click on the Network item, click the Advanced item, click on DNS, there you can register all the DNS addresses that are being used in your network, and you can add the specific primary DNS suffixes for each network connection.

Click on advanced options (right side of the video screen) and check the box (*) to enable network discovery, enable automatic configuration of networked devices, and in the personal and private profile item, click [x] on share files and printers.

In the All Networks item, under the Public Folder Sharing item, click the Enable Sharing box (*) so anyone with network access can read and write files to public folders.

_{Wednesday, August 29, 2018 7:03 PM}

Hi, JamieDS:

Here at my network, I got successful after two things, already told below:

1) Installing SMBv1 support;

2) Adding AllowSingleLabelDnsDomain key to registry;

Even so, I only got my machines into domain using FQDN, not Simple Name.

Thanks

_{Friday, August 31, 2018 10:02 AM}

Wow, thank you man! You helped me alot with this post.

Do you know why single labeled Domains are not longer allowed since Build 1803?

Best Regards

-- Jesper Lerch

_{Friday, September 21, 2018 2:42 PM}

Your suggestion worked for me. I had the exact problem discussed in this thread, build 1803 Windows 10 Pro unable to find the domain controller. I was using the same method I have always used via System Properties and renaming computer or joining domain, with no luck. I navigated to the "accounts" setting and "access work or school" setting, followed the prompts and entered my domain "mydomain.com" and it took. It asked for domain credentials and I had to do a restart. I had created the computer name in Active Directory previously, so it found the computer account and was joined to the domain. Thank you.

_{Saturday, September 22, 2018 1:22 PM}

This worked perfectly! I've been racking my head around this one for a week now. Finally someone who has the right answer.

_{Saturday, September 29, 2018 9:26 AM}

It looks like the 1809 update, KB4458469, fixes the problem. Coupled with an update to Samba, I can now join NT4 domains again, without even using the SMB1 protocol. Without the Samba update I still need SMB1 enabled, but I can join the old style domains again.

If you can't wait, you can get the update from the Update Catalog, or, if you postponed the 1803 update, use the Upgrade Link.

_{Sunday, September 30, 2018 5:14 PM}

Fladnar, I don't know what to say, but know that you just saved my life! God bless you!!! Wish I could send you a gift or something!

_{Monday, October 1, 2018 9:00 PM}

It looks like the 1809 update, KB4458469, fixes the problem. Coupled with an update to Samba, I can now join NT4 domains again, without even using the SMB1 protocol. Without the Samba update I still need SMB1 enabled, but I can join the old style domains again.

If you can't wait, you can get the update from the Update Catalog, or, if you postponed the 1803 update, use the Upgrade Link.

This needs to be on the top. Thank You!

_{Friday, October 5, 2018 6:44 PM}

Check your jumbo frames setting on the NIC. So surprised but with JF enabled the Win10 and 2016 servers we have almost came to a halt, once we installed those latest updates. Once we disabled JF on the network everything started to work including adding the trouble server to the domain.

_{Sunday, October 14, 2018 9:25 AM}

not working even if you add a 64bit key Qword

im sure there is a Bug in this update 1803

cause i have windows server 2003 in another branch , windows 10 in previous version joined perfectly without any issues!

_{Thursday, October 18, 2018 1:57 PM}

SMB1 support is no longer installed by default with fresh installs of Windows 10 at this level. IF you add it then you will once again be able to connect to 2003 and older servers and shares on those computers.

_{Saturday, October 20, 2018 10:22 AM}

SMB1 support is no longer installed by default with fresh installs of Windows 10 at this level. IF you add it then you will once again be able to connect to 2003 and older servers and shares on those computers.

Absolutely not true. You won't be able to join a domain again until you are at OS Build version >= 17134.319, so you need to at least apply the KB4458469 update. If your DC is Samba >= 4.7.1 rather than 2003, then there is no need to use SMB1 in Windows unless your your Samba settings force it. I don't know about 2003.

_{Thursday, November 29, 2018 4:04 PM}

Once you do the domain.local, you can go back and remove the .local and it should join the domain with no problem. The problem I've run into adding .local is that the machines won't receive the group policies. Here's the cause and resolution from MS Technet

Cause

The errors occur if NT4Emulator is set to 0x1 in the following registry subkey of the helper domain controller used to join the target domain:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
Value Name: NT4Emulator
Value Type: REG_DWORD
Value Data: 1

Resolution

To resolve this issue either delete the NT4Emulator registry value on the Active Directory domain controllers in the destination domain if Windows NT 4.0 domain controllers are no longer present or can be retired. Otherwise, set the following registry value on the Windows 7 or Windows Server 2008 R2 client before attempting to join the domain:

- Start Registry Editor (Regedit.exe).
Locate the following key in the registry:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
If it does not exist, create a new REG_DWORD value named NeutralizeNT4Emulator, and set the value to0x1.
Quit Registry Editor.

This registry setting allows the Active Directory domain controllers with the NT4Emulator setting to respond normally to the requesting client (avoiding Windows NT 4.0 emulation mode).

_{Tuesday, December 4, 2018 7:48 PM}

Not to resuscitate this issue from the dead but a solution I found was the following:

For older domain controllers SMB v1 is required to domain Join the computers to the domain.

The quick and dirty solution for this would just be to go into ‘Turn Windows features on or off’ and then enable all of the SMB v1 options and restart the computer.

This just started happening because 1803 disables SMB v1 by default.

That got things working for me. If anyone stumbles across this down the road.

_{Saturday, December 8, 2018 6:51 PM}

I had to enable SMB 1.0 from "Turn Windows Features On or Off" Windows 10 "1809" and then I was able to join the domain.

_{Saturday, January 5, 2019 2:40 PM}

Hello!

For me it does NOT work. I have made some tests with a "fresh" virtual machine to avoid mistakes. With Win7 or other OS I join but with WIN10 1809 NO (of course with SMB1 enabled). Also with registry AllowSingleLabelDnsDomain. Always the same error: event 4097 can't join M2 to domain SAMDOM . Error code 1355

Here my smb.conf(samba 4.6.16)

[global]
        netbios name = PDC
        workgroup = SAMDOM
        security = User
        passdb backend = tdbsam
        username map = /etc/samba/username.map
        domain logons = Yes
        server max protocol = NT1
        log file = /var/log/samba/%m
        log level = 3

Any idea? Maybe your DNS... or hosts file... or a particular smb.conf directive other than these?

_{Wednesday, January 9, 2019 3:00 PM}

Hello!

For me it does NOT work. I have made some tests with a "fresh" virtual machine to avoid mistakes. With Win7 or other OS I join but with WIN10 1809 NO (of course with SMB1 enabled). Also with registry AllowSingleLabelDnsDomain. Always the same error: event 4097 can't join M2 to domain SAMDOM . Error code 1355

Here my smb.conf(samba 4.6.16)

[global]
        netbios name = PDC
        workgroup = SAMDOM
        security = User
        passdb backend = tdbsam
        username map = /etc/samba/username.map
        domain logons = Yes
        server max protocol = NT1
        log file = /var/log/samba/%m
        log level = 3

Any idea? Maybe your DNS... or hosts file... or a particular smb.conf directive other than these?

Windows 7 Professional?

Windows 10 Professional?

Windows 10 Enterprise?

Windows 10 Home and Windows 7 Home does not work to enter into the Windows Server and Azure domain.

Ana Gauna | Microsoft Partner CSP | Skype: [email protected] | If I helped you, mark the answer as useful

_{Thursday, January 17, 2019 4:11 AM}

For me these solutions were not the problem. We had this strange problem of nort being able to connect new PC's to the domain after switching to Telstra NBN internet and their new hardware. What I found was that even though their new router provided had DHCP turned OFF, and our SBS 2008 server was still controlling DNS and DHCP, the new router and/or server were insisting on resolving the servers name to its IPv6 address. I found this out by pinging the servers name at the CMD prompt.

I then went into the SBS 2008 DNS server and noticed that <server name> had a HOST (A) record for its IPv4 address, but it was not listed with its IPv6 address.

I then added a new (AAAA) IPv6 record for <server name> that was needed, using the address found in the servers network adapters properties under IPv6.

Rebooted the laptop I was having trouble trying to connect to the domain then tried again and boom, I could connect it to the domain.

I hope this helps some other poor fool still stuck managing SBS 2008.

_{Friday, January 18, 2019 2:42 AM}

I have 3 new computers that I am truing to join to our domain and it cant seem to find the domain. I can ping the domain controller. Any suggestions on resolving this without having to roll back to the previous build, which will also take with it all of the apps that I installed after this build was installed. I have rolled back a computer and joined the domain from that computer, so I know that rolling back will work, but I did loose all the apps I installed and in the process of reinstalling them.

Found a Fix, was updated to 1809. My server is Windows 2003

At the Windows 10, search for "Windows Features", find and tick "SMB 1.0/CIFS File Sharing Support".

_{Thursday, January 31, 2019 7:28 PM}

You rock and thanks.. i thought i was going nuts... cheers!

_{Wednesday, February 6, 2019 4:36 PM | 1 vote}

I had the similar issue - some computers could not join my domain - other computer scould join without any issue.

My final and very simple solution was, juts to switch of the IP6 protocol on the client side. Using IP4 the domain immediately was found and the computer has joined. After the registration I reactivated the IP6 protocol.

_{Wednesday, February 13, 2019 3:14 PM}

a bit late to this but after weeks of trying different things and having it escalated to our corporate guys with no luck, this step worked like a charm @YardGuy.

_{Monday, August 12, 2019 2:17 PM}

I got around this by typing in the whole domain path.

securitydomain.domain.local

_{Thursday, August 15, 2019 1:00 PM}

Ana Mercedes Gauna | IT Consultant | Microsoft Partner: 5126593...

In the item Network Connections, in the item Ethernet Properties, click on the Network item, click the Advanced item, click on DNS, there you can register all the DNS addresses that are being used in your network, and you can add the specific primary DNS suffixes for each network connection.

Old post, but with Windows 7 phasing out it's here again. I had the problem of not being able to get the new Windows 10 machines to join the domain. In my case the only thing need to make it work was to set the DNS to point to my DNS server address (rather than obtain automatically). I plan to change it back to automatic afterwards.

Patrick H

_{Friday, February 14, 2020 12:09 AM}

Disable IP V6 on the client and you’ll connect straight away

_{Thursday, June 4, 2020 3:04 PM}

Working just fine, after making changes as Fladnar suggested. Thank you very much.

_{Monday, August 3, 2020 6:13 AM}

I know this post is two years old but, sitting here at 1:00 am preparing a laptop for a new user - you are my hero. Thanks you so much for the answer! It worked.

Share via

Unable to join domain with new windows 10 computers - build 1803

Question

All replies (72)

Cause

Resolution

Additional resources