Link to home
Create AccountLog in
Avatar of Eugene Palmer
Eugene PalmerFlag for United States of America

asked on

AD DC not found from clients

Hi,


I have a few Server Essentials 2016 installs.  One has started having a problem with clients not being able to find the DC.  Folder Redirection is failing amongst other problems.  Testing includes running dcdiag, repladmin and certutil.  dcdiag /test:dns shows all pass.  resolve-dnsname <domain> success, test-netconnection <domain> -port 53 (from server) shows TcpTestSucceeded true.


dcdiag shows all passed.


repadmin /showrepl against full dc localhost shows-

Repadmin can't connect to a home server because of the following error,

Try specifiying a different homeserver with /homeserver:[dnsname]
Error: An LDAP lookup operation failed with the following error:

    LDAP Error 81(0x51): Server Down
    Server Win32 Error 0(0x0):
    Extended Information:


So then,


repadmin /showrepl against full /homeserver:wse16:53 localhost

shows the same result


Nothing changed from when it was working that I know of. 


Certificates seem intact and valid.  Remote desktop works.  


Comparing this server against other known working WSE 2016 shows almost identical dns test behavior, except that the others do not have this problem.


I dis-joined a client from the domain but cannot rejoin due to AD DC not found.


Something happened to ldap?


Thanks for any suggestions.

Avatar of Peter Hutchison
Peter Hutchison
Flag of United Kingdom of Great Britain and Northern Ireland image

To find the AD DC server, the client primary DNS -must- point to the DNS server on the Domain Controller, and not to any other such as a router or an ISP DNS. The DC's DNS should be set up to forward external requests to the ISP.


LDAP is a protocol.


When looking at IPConfig /ALL for one of the clients does the DNS server list the Essential Server's IP?


On the Essentials Server does \\Domain.Local resolve with at least SYSVOL and NETLOGON folders visible in File Explorer? 

Avatar of Eugene Palmer

ASKER

Yes Mr. Hutchinson, that is the case.  Mr. Elder, all folders including sysvol, netlogon, folder redirection etc. are available at the server, including URL \\<domain>.local\sysvol, etc.


PS C:\> dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = wse16
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: Default-First-Site-Name\WSE16
      Starting test: Connectivity
         ......................... WSE16 passed test Connectivity

Doing primary tests

   Testing server: Default-First-Site-Name\WSE16

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... WSE16 passed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration
   Running partition tests on : <Domain>
   Running enterprise tests on : <domain>.local
      Starting test: DNS
         ......................... <domain>.local passed test DNS


Ethernet adapter 10.1.10.3 NIC2:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2
   Physical Address. . . . . . . . . : 10-98-36-AE-62-1A
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.1.10.3(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.1.10.1
   DNS Servers . . . . . . . . . . . : 10.1.10.3
   NetBIOS over Tcpip. . . . . . . . : Disabled


PS C:\> dfsrdiag pollad

Operation Succeeded


Clients show wse16 IP as DNS server.


From the client-


Test-Netconnection <WSE16 IP> -port 53, successful

Resolve-DNSName, successful

nltest /dsgetdc: successful


However, when attempting to change the client from a workgroup to the domain, this immediately shows up-


The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "<domain>":

The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.<domain>

Common causes of this error include the following:

- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:

10.1.10.3

- One or more of the following zones do not include delegation to its child zone:

<domain>
. (the root zone)

Any ideas?

You need to create the missing SRV records which can be done manually, or use one of these methods:

Import SRV records from C:\SystemRoot\Config\NetLogon.dns file 


See https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/verify-srv-dns-records-have-been-created


Yes, thank you,


I have tried that already starting with ipconfig /registerdns


But these records DO exist, why can't DNS find them?


Per the referenced article-


PS C:\> nslookup
Default Server:  wse16.<domain>.local
Address:  10.1.10.3

>
> set type=all
> _ldap._tcp.dc._msdc.<domain>
Server:  wse16.<domain>.local
Address:  10.1.10.3
*** wse16.<domain>.local can't find _ldap._tcp.dc._msdc.<domain>: Non-existent domain


How is it possible that the domain has disappeared?User generated image


In addition, DNS looks identical to my other WSE servers that have no issues.

I did find an incorrect Name Server setting in the msdcs.<domain>.local space properties in DNS, but the problem persists even after both server and client reboots.
ASKER CERTIFIED SOLUTION
Avatar of Eugene Palmer
Eugene Palmer
Flag of United States of America image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer