Client access by hostname/FQDN error in Domain environment

I am in the process of cross forest DC migration with an environment of 400 users, first I have configured the GPO to add the dns suffix search domains to the current clients of the old domain however upon applying policy I get The RPC server is unavailable or RPC was cancelled or access denied sometimes.

I have checked the domains (4) health , replication and all looks very well. I checked the DNS as well and there seems to be no issues what so ever.

I connected to one of the clients that has an issue to make sure these clients are joined to the domain and using the proper DNS list. then checked if the domain has the correct hostname as it appears in the domain and everything looked fine.

I disabled Kaspersky firewall on the client and disabled Windows firewall client but still the same issue occur .

When trying to connect to any of these clients with hostname to browse to the C$ folder it gives an error, I also tried with the FQDN and had the same problem but with IP it connects fine.

I checked the RPC service, Computer browser service to see if they are running and they were running.

I am attaching screenshots of the GPO policy and the error that appears when trying to browse to the client folder C$ with hostname or fqdn.

I am out of options and would appreciate if someone could point me to a solution.

thanks
clientaccessbyhostnameerror.jpg
rpc-issue.jpg
LVL 24
Mohammed HamadaSenior IT ConsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

chinguettiCommented:
Don't know if you've done it already but try disabling IPv6 and test it again maybe?
0
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
Have you tried ensuring the DNS Suffix is added in advanced tcp ip properties on one of the clients?

By best practice this is usually issued through DHCP option 015.

How many active directory domains in total here? How many domain controllers in each domain?
0
Mohammed HamadaSenior IT ConsultantAuthor Commented:
There's two domains (Old.local) and (new.local) the migration is still not in progress due to this problem. In teh old domain there are 4 DCs.

Could you please tell me what do you mean exactly by DNS suffix is added in advanced tcp ip properties?

I am trying to add the dns suffix using the DNS client in the GPO.... the only dns suffix available now is the domain suffix which is the joined domain to the client.
0
Make Network Traffic Fast and Furious with SD-WAN

Software-defined WAN (SD-WAN) is a technology that determines the most effective way to route traffic to and from datacenter sites. Register for the webinar today to learn how your business can benefit from SD-WAN!

Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
look in the advanced properties of the network card on one of the machines having the issue you can add a dns suffix in here try adding old.local

as I said above this is usually distributed by DHCP option 15.
0
Mohammed HamadaSenior IT ConsultantAuthor Commented:
Yes I can add it to the dns suffix in the nic properties but I have 270 clients that have this issue and I can't go to them one by one to do so.

The main problem is that I can't push any GPO policy to work on these clients. Adding the dns suffix search domain is just a policy that I wanted to apply.
0
Mark BillExchange, AD, SQL, VMware, HPE, 3PAR, FUD, Anti MS Tekhnet, Pro EE, #1Commented:
Can you test whether it works or not that's what im asking.

This is usually pushed out through 015 option in DHCP.
0
Mohammed HamadaSenior IT ConsultantAuthor Commented:
Could you please explain what are you asking for is working or not? Are you asking if the GPO is working or not?
0
Mohammed HamadaSenior IT ConsultantAuthor Commented:
What I have tried is disabled all the firewalls the user have for test, I have then pointed the computer with the problem to a different DC using the following command

nltest /Server:client0 /SC_RESET:domain.local\DC2

This is not working ... on the GPO it gives RPC was cancelled

We don't involve anything in relation to the DHCP
0
Mohammed HamadaSenior IT ConsultantAuthor Commented:
I found the problem, the main issue was caused due to duplicated hostnames on the DNS server. the scavenging features seems to haven't been working since 2013. I am working on fixing it now and hope this will solve the issue.

thanks
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Mohammed HamadaSenior IT ConsultantAuthor Commented:
Self solved
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.