Wednesday, July 9, 2025

2025-07-09 - Active Directory 4.0 - Joining both Windows 11 Virtual Machines to the Domain

 

How I Solved the Windows 11 Domain Join Fail in My Proxmox AD Lab

I couldn’t get my Windows 11 Enterprise VMs to join the testlab.local domain hosted in Proxmox. I kept running into errors like "Domain not found" or "Active Directory Domain Controller could not be contacted."

Turns out, the issue was DNS not resolving properly over IPv6. Here's how I figured it out and got Win11Ent‑1 to finally join the domain.

Background

  • Lab is running on a Lenovo M910 with Proxmox

  • Domain: testlab.local

  • Domain Controller: Server 2025 VM WIN‑BCCTIROV6RS
    → Static IP: 192.168.50.191

  • All client VMs are pointed to that IP for DNS

  • FSMO roles confirmed using netdom query fsmo

  • Two Windows 11 Enterprise VMs (only one runs at a time with the DC)

Symptoms

  • nslookup testlab.local on Win11Ent‑1 returned a non-existent domain and showed an IPv6 address

  • Attempting to join the domain failed with “Domain not found” errors

  • DNS was definitely running: the zone existed and all SRV records were in place


What I Did

How I Tried to Add the Workstation to the Domain

Before attempting to join the domain, I made sure the workstation was pointing to the correct DNS server:

  • Set DNS Server to the Domain Controller IP

  • Press Win + R, type ncpa.cpl, press Enter

  • Right-click the Ethernet adapter, select Properties

  • Select Internet Protocol Version 4 (TCP/IPv4), click Properties

  • Select Use the following DNS server addresses:

  • Preferred DNS server: 192.168.50.191

  • Leave alternate blank

  • Click OK, then close all windows

Attempting to Join Windows 11 Enterprise to the Domain

  • Press Win + R, type sysdm.cpl, press Enter

  • In System Properties, go to the Computer Name tab, click Change…

  • Select Domain > entered: testlab.local

  • Got error: “An Active Directory Domain Controller (AD DC) for the domain ‘testlab.local’ could not be contacted.”

    Ensure that the domain name is typed correctly. If the name is correct, click Details for troubleshooting information.

  • nslookup testlab.local indicated that Windows was querying an IPv6 DNS server (instead of my IPv4 DNS at 192.168.50.191)

  1. Fixing the problem, Verified DNS server is reachable

Win11Ent-1 > Open Command Prompt > ping 192.168.50.191

  • 100% success

  1. Checked DNS port connectivity

Win11Ent-1 > PowerShell > Test-NetConnection 192.168.50.191 -Port 53

  • Port was open

  1. Forced the VM to use only IPv4 DNS

Win11Ent-1 > Win + R > ncpa.cpl
Right-click Ethernet adapter > Properties
Uncheck Internet Protocol Version 6 (TCP/IPv6)

Click on Internet Protocol Version 4 (TCP/IPv4) > Properties
Set DNS server manually: 192.168.50.191
Clear alternate DNS field

  1. Flushed and re-registered DNS

Win11Ent-1 > Run Command Prompt as Admin:

ipconfig /flushdns
ipconfig /registerdns

  1. Tested DNS directly against the server

Command Prompt > nslookup testlab.local and also nslookup testlab.local

192.168.50.191

  • Returned 192.168.50.191 as expected

  • Still said "Server: Unknown" but that’s fine for now

  • Entered > echo %userdomain%

  • Returned TESTLAB (finally!)

  1. Tried joining the domain again

Win + R > sysdm.cpl
Computer Name tab > Change…
Select Domain and enter: testlab.local
It worked this time and prompted for credentials




✅ Success
Disabling IPv6 fixed it. Domain join prompt came up.

I used:

  • Username: Administrator

  • Password: WinServ2025

Got the “Welcome to the testlab.local domain” message. 

Restart Required After Domain Join

After successfully joining a Windows 11 workstation to the domain, a restart is required before domain credentials can be used to log in.

Here’s what I did:

  • Joined the domain:
    Win + R > sysdm.cpl > Computer Name tab > Change… > Select Domain > enter testlab.local

    Enter credentials: TESTLAB\Administrator > Password: WinServ2025

  • Got the success message saying the machine was added to the domain.

  • Prompt appeared:

    “You must restart your computer to apply these changes.”

So I followed the prompt:

  • Restarted the workstation.

  • Upon Rebooting, I clicked Other User and entered TESTLAB\Administrator as the username and WinServ2025 as the password, which successfully logged me into the domain account. 

  • It took a minute but it logged into the account.

  •  I set up the other machine and it was very straightforward after that. Changed the DNS address statically, turned off IPv6, entered the nslookup TESTLAB and echo %userdomain% commands and added the machine to the domain, and got the right results!

Summary

  • DNS was fine on the server.

  • Client prioritized IPv6 and tried resolving via ::1 and a public IPv6 resolver.

  • That broke DNS resolution until I disabled IPv6.

  • Fix was: disable IPv6, force IPv4 DNS, flush and register, reattempt domain join.

If your lab VM won’t join a domain but DNS looks fine, check if IPv6 is getting in the way.

This has been Truncat3d 00000000111100010100110______________end of line

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

2025-07-10 - BYU Wi‑Fi captive portal troubleshooting

  BYU Wi‑Fi Captive Portal Troubleshooting What happened I had used BYU Wi‑Fi just fine before, but at some point, the captive portal star...