Cannot join Win7 workstations to Win2k8 domain

Solution 1:

It took forever to find where it was happening, but it turns out that there were filters within the VPN blocking LDAP (and other) traffic. I cleared those filters and now it's working.

Solution 2:

There could be a firewall between the Win7 machine and the domain controllers.

If you have access to nmap:

nmap -PN -p389 dc1.example.local dc2.example.local

Update:

nltest /dsgetdc:example.local

nslookup -q=srv _ldap._tcp.dc._msdcs.example.local  
nslookup -q=a $prefered_host  
ldapsearch -h $IPaddress_of_A_record -x -b "" -s base (&(DNSDomain=example.local)(HOST=$localmachineshostname)(NtVer=\\\\16\\\\00\\\\00\\\\00)) netlogon

NtVer is asking for V5 (version5 netlogon), V5EX(version 5 extened logon), VCS (closest dc). Taken from Win7Ent.

(ldap hex is trixy.)

Solution 3:

Sounds like the win7 is not pointing its DNS to a DC? Perhaps DHCP is pointing DNS to the internet providers DNS?