Error while joining Client server to a domain

Question

I have a lab setup of Windows Server 2022 machine in Oracle VirtualBox to connect to an existing Active Directory (AD) domain but are facing network connectivity and DNS resolution issues. Network adapter is set to Bridged for both AD and normal server.

Current Lab Setup:

AD Server (Windows Server 2019) - Already Configured

• IP: 10.0.2.100
  • Subnet Mask: 255.255.255.0
    • Default Gateway: 10.0.2.2
      • Preferred DNS: 10.0.2.100
        • Roles Installed: AD DS, DNS, DHCP, DFS
          • Forward Lookup Zone: Configured
            • Reverse Lookup Zone: Configured (No PTR records yet)
• New Server (Windows Server 2022) - Issue Occurs Here
• IP: 10.0.2.101
• Subnet Mask: 255.255.255.0
• Default Gateway: 10.0.2.2
• Preferred DNS: 10.0.2.100 (AD Server IP)
• Not yet joined to the domain.
  • Ping to AD Server (10.0.2.100) works.

Troubleshooting Steps Taken So Far:

✅ Checked network settings (Static IP assigned correctly). ✅ Disabled and re-enabled network adapters on both servers. ✅ Rebooted both servers after reconfiguring DNS. ✅ Disabled Windows Firewall on both servers. ✅ Confirmed DNS settings (Forward Lookup Zone configured, Reverse Lookup Zone created but no PTR records yet).

Assistance Needed:

• Why is the new server (2022) unable to reach the AD Server (2019) via ping or DNS?
• Is NAT the correct network setting in VirtualBox, or should another mode be used (Bridged, Host-Only, Internal, etc.)?
• Any additional DNS or firewall settings required for proper connectivity?

Answer 1

Hello

Thank you for posting in Q&A forum.

Here are the suggestions for your references (some of them you have taken).

1. Why is the Server 2022 unable to reach the AD Server (2019) via ping or DNS?

A1:

IP/DNS Configuration:  

1.Verify that both machines get proper IP addresses in the same subnet. For a domain environment, the client must use the AD server’s IP (or the appropriate DNS server on the domain) as its primary DNS – even if that DNS server also serves other functions.  

2.Manually assign (or check via DHCP) the correct IP addresses, subnet masks, default gateways, and – most importantly – DNS server settings. Misconfigured DNS is a common culprit.

Ping/ICMP Blocked by Firewall:  

Windows Firewall on both servers (especially on Server 2022 which may have stricter defaults) might block ICMP (ping) traffic. To test the connectivity, you might temporarily disable the firewall (or add a rule to allow ICMP Echo Requests) on both sides.

VirtualBox Bridging Specifics:  

1.When using bridged adapter mode, ensure that the VirtualBox network settings are bound to the correct physical network adapter. If the host has multiple adapters (e.g., Wi-Fi and Ethernet), the wrong choice might lead to connectivity issues.  

2.Verify that the VirtualBox Bridged Adapter is configured for “Promiscuous Mode: Allow All” if needed.

2. Is NAT the correct network setting in VirtualBox, or should another mode be used (Bridged, Host-Only, Internal, etc.)?

A2:

NAT Mode:

While easy for internet connectivity in many cases, NAT mode typically hides the VM’s IP behind the host. This can cause issues when you need the VM to be visible on your network. For domain joining and AD operations, the client machine (Server 2022) must be fully reachable by the domain controller.  

Bridged Mode:

This setting is generally recommended for a lab AD environment. It gives the VM its own IP address on the physical network, making it easier for the domain controller (AD/ DNS) to communicate directly with it.  

Alternatives:   

Host-Only or Internal networks work for isolated test environments, but if your AD server is external to the VirtualBox host or on a different VM, ensuring they are on the same network (or connected via a router/switch) is key. Thus, Bridged Mode (or an appropriately routed Internal setup) is usually the way to go.

3. Any additional DNS or firewall settings required for proper connectivity?

A3:

DNS Settings:  

1.Make sure the Server 2022 client is configured to use the AD server’s IP address as its DNS server (check using command ipconfig /all). Domain joining and most AD functionality rely on proper DNS resolution (including SRV record lookups).  

2.Verify that on the AD server (Windows Server 2019), the necessary DNS records exist and replication (if there is more than one domain controller) is functioning correctly.  

3.In lab setups, sometimes external DNS servers are listed in addition to the AD DNS. This can lead to lookups bypassing your domain records. Use only the AD DNS on domain member servers.

Firewall Settings:  

On the client (Server 2022) and the domain controller (Server 2019), ensure the Windows Firewall (or any third-party firewall) has exceptions for domain-related traffic. Common ports include:   TCP/UDP 53 (DNS)   

TCP 88 (Kerberos)   

TCP 135 (RPC)   

TCP/UDP 389 (LDAP)   

TCP 445 (SMB)   

Other dynamic ports for RPC may also be needed.  

VirtualBox-Specific Considerations:  

1.Some configurations may require adjusting VirtualBox’s network adapter advanced settings (for instance, enabling promiscuous mode or checking cable connection status).  

2.Confirm that there are no conflicts or duplicate IP assignments on the network.

Here is a link for your reference about domain joining troubleshoot.

https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/active-directory-domain-join-troubleshooting-guidance

I hope the information above is helpful.

If you have any questions or concerns, please feel free to let us know.

Best Regards,

Daisy Zhou

============================================

If the Answer is helpful, please click "Accept Answer" and upvote it.