A systems administrator deploys a new Windows file server named FS01. Users report they are unable to access a share at \\FS01\share using their domain credentials, receiving an "Access is Denied" error. The administrator verifies the share and file-level permissions are correctly assigned to the appropriate domain security groups. While troubleshooting, the administrator confirms they can ping the server's IP address from a client workstation, but a ping FS01.corp.local command fails. The administrator is able to log in to the server console using only the local administrator account. Which of the following is the MOST likely cause of these issues?
The server has not been joined to the corp.local domain.
A firewall is blocking Server Message Block (SMB) traffic to FS01.
Client workstations have an incorrect DNS suffix search order configured.
The DNS server for corp.local has a stale or missing A record for FS01.
The correct answer is that the server has not been joined to the domain. This single issue explains all the symptoms presented in the scenario. When a server is not a member of the domain, it cannot authenticate users with domain credentials because it has no trust relationship with the domain controllers. This is why users receive an "Access is Denied" error despite having correct permissions. Additionally, a non-domain-joined server will not automatically register its hostname (A record) and FQDN with the Active Directory-integrated DNS. This explains why pinging the IP address works, but pinging the FQDN (FS01.corp.local) fails. The ability to log in only with a local account further confirms the server is operating as a standalone machine and not as a domain member.
A firewall blocking SMB traffic would explain the inability to access the file share but would not explain the FQDN name resolution failure or the inability to authenticate with domain credentials. A DNS server misconfiguration could explain the name resolution failure but does not, by itself, explain the domain authentication failure. An incorrect DNS suffix on client workstations would affect how clients resolve short names but would not prevent domain authentication or a direct FQDN ping from working if the server's record existed in DNS.