An Active Directory domain controller for this domain could not be contacted
It sounds like DNS resolution. If it's on the same subnet then it cannot be the firewall.
Can you ping this machine by both hostname and fully qualified domain name in both directions?
Well, if they are both using the same DNS server and that server is responding to the queries that is a good sign that the problem is not so severe.
If the machine cannot ping and you mentioned they are on the same subnet, check for an IP addreess conflict as well as check that there are no typos in the subnet, gateway, netmask, etc...
Check that the time on the client is correct. Sound silly but this can stop the client for joing up with the domian.
I had the same problem.
PaulLcn is right about some comments he made regarding "If the server is a domain controller, do you also use it for DNS because the DNS server IP address points to the router? Change it to the DC/DNS server.Active directory relies on DNS".
However this what I did. On my domain controller (DC) its role is AD/DNS.
On my DC I went into the IP address properties and manually configured the DNS settings. My 'Preferred DNS is 192.168.1.6'. This is the IP address of my DC. The 'Alternate DNS is 192.168.1.1'. This is the IP address of my default gateway (my cable router).
On my laptop I went into the IP properties and manually configured the DNS settings. My 'Preferred DNS is 192.168.1.6'. This is the IP address of my DC. The 'Alternate DNS is 192.168.1.1'. This is the IP address of my default gateway (my cable router). Then I attempted to add my laptop to my domain and it worked with the right crodentials.
I was still able to access the Internet on my laptop and my DC. I did, however, go into DNS Manager to create my Lookup/Reverse Zones, this is for training purposes ONLY. But I didn't need to create a 'Conditional Forwarders' to access the Internet.
I found this to be the problem I had:
"If the server is a domain controller, do you also use it for DNS because the DNS server IP address points to the router? Change it to the DC/DNS server. Active Directory relies on DNS, and you should run DNS on the server, not on the router. To get Internet access, configure the FORWARDER to the ISP's DNS server under the DNS server properties in the DNS management console."
From: A Domain Controller for the Domain XXX Could Not be Contacted
My lab desktop NIC was getting its DNS information from the router. I left the router to handle DHCP, but I manually entered the DNS IP address of my domain controller (which is also my DNS server). Since the domain controller has a forward to my router, I can still get Internet access.
With this done, the lab desktop was added to the domain without a problem.