Using the domain join User Interface (UI) to join a Windows 7 or Windows Server 2008 R2 workgroup computer to an Active Directory domain by specifying the target DNS domain name fails with the following on-screen error:
Changing the Primary Domain DNS name of this computer to "" failed. The name will
remain "<DNS domain>.<top level domain>".
The error was:
The specified server cannot perform the required operation.
The NETSETUP.LOG on the computer being joined contains the following text
<date> <time> NetpSetDnsHostNameAndSpn: NetpLdapBind failed: 0x3a
where 0x3a maps to:
||Symbolic Error String
||Hex Error #
||Decimal Error #|
|The specified server cannot perform the operation
Cases where the "Changing the Primary Domain DNS name.." error appear in conjunction with extended errors other than "the specified server cannot perform the required operation", including those listed in the table below, are NOT related to the symptom, cause or resolution text discussed in this article.
The Extended errors that make the "Changing the Primary DNS name..." error unrelated to this KB include:
|A security package specific error occurred |
|The remote procedure call failed and did not execute|
When a computer is joined to the domain, it attempts to register a Service Principal Name to ensure that its DNS suffix is allowed in the target domain. The domain join UI queries information from the Local Security Authority (LSA) policy database for the short (NetBIOS) and long (DNS) names of the target domain.
The error described in the symptoms section occurs because a function in the domain join UI improperly performs an LDAP bind to a Domain Controller in the target domain by its short name, which fails in the following conditions:
- The "Disable NetBIOS over TCP/IP" checkbox has been disabled in the IPv4 properties of the computer being joined
- Connectivity over UDP port 137 is blocked between client and the helper DC servicing the join operation in the target domain
- The TCP/IPv4 protocol has been disabled so that the client being joined or the DC in the destination domain targeted by the LDAP BIND is running TCP/IPv6 only.
Despite the appearance of the on-screen error described in the symptoms section, the domain join operation completes as evidenced by the status in the NETSETUP.LOG
NetpCompleteOfflineDomainJoin SUCCESS: Requested a reboot :0x0
NetpDoDomainJoin: status: 0x0
To eliminate the error, either:
- Verify that NetBIOS over TCP/IP is enabled.
a) Click Start , click Run , type ncpa.cpl , and then click OK .
b) In Network Connections , right-click Local Area Connection , and then click Properties .
c) Click Internet Protocol Version 4 (TCP/IPv4), and then click Properties .
d) In the Internet Protocol Version 4 (TCP/IPv4) Properties dialog box, click Advanced .
e) On the WINS tab, verify Enable NetBIOS Over TCP/IP is enabled, and then click OK three times.
- Verify end-to-end network connectivity over UDP port 137 over the network path connecting the client being and the helper DC serving the join operation.
- If the error occurred in an IPv6 only environment OR you require a fix to resolve the error, open a support incident with Microsoft Customer Service and Support requesting a post RTM fix for Windows 7 and / or Windows Server 2008 R2.
for other considerations.
Article ID: 2018583 - Last Review: September 22, 2010 - Revision: 9.0
- Windows Server 2008 R2 Standard
- Windows 7 Professional
- Windows 7 Ultimate