RPC Server is Unavailable on a DC

I have 2 DC's in one forest/domain with about 600 clients

Both DC's are running 2003 Enterprise with SP2 and fully patched. I have started doing some DNS troubleshooting per this article as clients hang on "Applying Personal Settings"


On my main DNS/DC Server, when I make the changes and do a ipconfig/registerdns - I get the "Registration of DNS records failed: The RPC server is unavailable". I have rebooted the server to no avail. I fear this could be causing some of the DNS issues I am having. How do I begin troubleshooting this error?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

This error almost always indicates an issue with DNS name resolution.  You should run netdiag and dcdiag (in the Windows Support Tools) on both of your DCs, as well as verifying that your DCs are pointing to the correct DNS server, and that the DNS server contains the _SRV records for your Active Directory domain.

Troubleshooting DNS can be a difficult process, but here is a general overview to get you started:

Things to keep in mind to insure AD functionality (including replication,
RPC communication, authentication, etc etc etc), and just to note, by
default, registration just works as long as:

1. The Primary DNS Suffix matches the zone name that is allowing updates.
Otherwise the client doesn't know what zone name to register in. You can
also have a different Conneciton Specific Suffix in addition to the Primary
DNS Suffix to register into that zone as well.

2. The DNS addresses configured in the client's IP properties must ONLY
reference the DNS server(s) hosting the AD zone you want to update in. You
cannot use an external DNS in any machine's IP property in an AD
environment. You can't mix them either. That's because of the way the DNS
Client side resolver service works. Even if you mix up internal DNS and
ISP's DNS addresses, the resolver algorithm can still have trouble asking
the correct DNS server. It will ask the first one first. If it doesn't get a
response, it removes the first one from the eligible resolvers list and goes
to the next in the list. It will not go back to the first one unless you
restart the machine, restart the DNS Client service, or set a registry entry
to cut the query TTL to 0. The rule is to ONLY use your internal DNS
server(s) and configure a forwarder to your ISP's DNS for efficient Internet

3. DHCP Option 006 for the clients are set to the same DNS server.

4. If using DHCP, DHCP server must only be referencing the same exact DNS
server(s) in it's own IP properties in order for it to 'force' (if you set
that setting) registration into DNS. Otherwise, how would it know which DNS
to send the reg data to?

5. If the AD DNS Domain name is a single label name, such as "EXAMPLE", and
not the proper format of "example.com" and/or any child of that format, such
as "child1.example.com", then we have a real big problem. DNS will not allow
registration into a single label domain name.
This is for rwo reasons:
1. It's not the proper hierachal format. DNS is
hierarchal, but a single label name has no hierarchy.
It's just a single name.
2. Registration attempts causes major Internet queries
to the Root servers. Why? Because it thinks the
single label name, such as "EXAMPLE", is a TLD
(Top LEvel Domain), such as "com", "net", etc. It
will now try to find what Root name server out there
handles that TLD. In the end it comes back to itself
and then attempts to register.

Due to this excessive Root query traffic, which ISC found from a study that
found Microsoft DNS server causing excessive traffic because of single label
names, stopped the ability to register into DNS with Windows 2000 SP4, XP
SP1, (especially XP,which cause lookup problems too), and Windows 2003.

6. AD/DNS zone is not configured to allow dynamic updates, whether Secure or
Secure and Non-Secure. If a client is not joined to the domain, and the zone
is set to Secure, it will not register either.

7.  'Register this connection's address" on the client is not enabled under
the NIC's IP properties, DNS tab.

8. Maybe there's a GPO set to force Secure updates and the machine isn't a
joined member of the domain.

9.  DHCP client service not running.  This is a requirement for DNS
registration and DNS resolution even if the client is not actually using

So in essence, as long as you do not reference any DNS servers that do not
host the AD zone, (no ISP's DNS servers can be in any machine's IP
and you leave everything else default, this just works. No registry
are required.

If you feel this wasn't helpful, I think it's time to ask for more specific
configuration information to better assist, such as:

1. ipconfig /all from a client and from your DC(s)
2. The DNS domain name of AD (found in ADUC)
3. The zonename in your Forward Lookup Zones in DNS
4. If updates are set to allow under zone properties
5. If this machine has more than one NIC
6. Do you have a firewall separating the DCs? If so, what brand?
7. Is/are forwarder(s) configured?
8. Do the SRV records exist under your zone name?
9. Event ID errors?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
dsheltzelAuthor Commented:
What about the RPC errors I have posted above?
RPC errors are most frequently caused by DNS misconfiguration or other issues within DNS. Use the steps that I outlined in a previous post to troubleshoot your DNS environment, which the RPC errors are likely symptomatic of.
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Excellent!! I had never seen anything stating that the DHCP client needs to be running.  This post saved me!

Some knucklehead (probably why he was replaced) set the DHCP client to disabled on an SBS 2003 server.

Enabling and starting DHCP client fixed the "RPC server unavailable" error on ipconfig /registerdns.

Cheers man I also didnt knew that DHCP client must be running

Thanks for tha DHCP Client reminder!!  I had forgotten about that!!!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.