Active directory locatorcheck failed

Posted on 2012-09-12
Medium Priority
Last Modified: 2013-04-03

I have a client with Active Directory and 5 sites. The primary site has two DC's. Once dc is the PDC and also holds all other fsmo roles. If we run dcdiag on the PDC or the other DC in the primary site it passes all tests.
If we run dcdiag on any DC in the other sites they pass all tests except for locatorcheck.
Replication occurs between sites so I am hoping somebody can give me some steps to troubleshoot this. I have read that this test is very important as it means the DCs cannot find the FSMO role holders which seems strange considering the DCs pass the roleholders test.
So how important is it?
Any help would be greatly appreciated.
Question by:workingtechnology
  • 2

Assisted Solution

djsharma earned 249 total points
ID: 38393420
Check the DNS settings on your new domain controller, in 2003 and later, you should always point to, and then secondary to another domain controller or any other DNS server with that internal DNS zone available. You should then add a "forwarder" to the DNS service itself under the DNS MMC snap-in.
LVL 18

Assisted Solution

by:Sarang Tinguria
Sarang Tinguria earned 501 total points
ID: 38393480
Do not use as primary DNS check below link

Check the ports and make sure the DC is GC and KDC is running
LVL 18

Accepted Solution

Sarang Tinguria earned 501 total points
ID: 38400415
See below recommendation for DNS Config in env

How we should Configuere DNS on our DC :-->

Every DNS server should Point to its own IP as a primary DNS and DNS located in remote site as a secondary DNS in TCP/IP properties
All the unused NIC's to be disabled
Valid DNS Ip from ISP to be configuered in DNS forwarders Do not configuere local DNS in forwarders
Public DNS IP's Should not be used at any NIC Card except Forwarders
Domain Controllers should not be multi-homed
Running VPN server and RRas server makes the DC multihomed refer http://support.microsoft.com/default.aspx?scid=kb;en-us;272294

If anything above is incorrect please correct it and run "ipconfig /flushdns & ipconfig /registerdns " and restart DNS service using "net stop dns & net start dns"

DNS best practices

Checklist: Deploying DNS for Active Directory

Author Closing Comment

ID: 39046255
We ended up demoting all the branch domain controllers and re doing dc promo. It seems as though the DNS servers were installed after or before dcpromo and it failed to integrate correctly with AD. I will try and assign the point to all as you all attempted something.

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question