asked on
AD DC not found from clients
Hi,
I have a few Server Essentials 2016 installs. One has started having a problem with clients not being able to find the DC. Folder Redirection is failing amongst other problems. Testing includes running dcdiag, repladmin and certutil. dcdiag /test:dns shows all pass. resolve-dnsname <domain> success, test-netconnection <domain> -port 53 (from server) shows TcpTestSucceeded true.
dcdiag shows all passed.
repadmin /showrepl against full dc localhost shows-
Repadmin can't connect to a home server because of the following error,
Try specifiying a different homeserver with /homeserver:[dnsname]
Error: An LDAP lookup operation failed with the following error:
LDAP Error 81(0x51): Server Down
Server Win32 Error 0(0x0):
Extended Information:
So then,
repadmin /showrepl against full /homeserver:wse16:53 localhost
shows the same result
Nothing changed from when it was working that I know of.
Certificates seem intact and valid. Remote desktop works.
Comparing this server against other known working WSE 2016 shows almost identical dns test behavior, except that the others do not have this problem.
I dis-joined a client from the domain but cannot rejoin due to AD DC not found.
Something happened to ldap?
Thanks for any suggestions.
LDAP is a protocol.
When looking at IPConfig /ALL for one of the clients does the DNS server list the Essential Server's IP?
On the Essentials Server does \\Domain.Local resolve with at least SYSVOL and NETLOGON folders visible in File Explorer?
ASKER
Yes Mr. Hutchinson, that is the case. Mr. Elder, all folders including sysvol, netlogon, folder redirection etc. are available at the server, including URL \\<domain>.local\sysvol, etc.
PS C:\> dcdiag /test:dns
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = wse16
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site-Name\WSE16
Starting test: Connectivity
......................... WSE16 passed test Connectivity
Doing primary tests
Testing server: Default-First-Site-Name\WSE16
Starting test: DNS
DNS Tests are running and not hung. Please wait a few minutes...
......................... WSE16 passed test DNS
Running partition tests on : ForestDnsZones
Running partition tests on : DomainDnsZones
Running partition tests on : Schema
Running partition tests on : Configuration
Running partition tests on : <Domain>
Running enterprise tests on : <domain>.local
Starting test: DNS
......................... <domain>.local passed test DNS
Ethernet adapter 10.1.10.3 NIC2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet #2
Physical Address. . . . . . . . . : 10-98-36-AE-62-1A
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.1.10.3(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.10.1
DNS Servers . . . . . . . . . . . : 10.1.10.3
NetBIOS over Tcpip. . . . . . . . : Disabled
PS C:\> dfsrdiag pollad
Operation Succeeded
Clients show wse16 IP as DNS server.
From the client-
Test-Netconnection <WSE16 IP> -port 53, successful
Resolve-DNSName, successful
nltest /dsgetdc: successful
However, when attempting to change the client from a workgroup to the domain, this immediately shows up-
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "<domain>":
The error was: "DNS name does not exist."
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.<domain>
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following IP addresses:
10.1.10.3
- One or more of the following zones do not include delegation to its child zone:
<domain>
. (the root zone)
Any ideas?
You need to create the missing SRV records which can be done manually, or use one of these methods:
Import SRV records from C:\SystemRoot\Config\NetLogon.dns file
ASKER
Yes, thank you,
I have tried that already starting with ipconfig /registerdns
But these records DO exist, why can't DNS find them?
Per the referenced article-
PS C:\> nslookup
Default Server: wse16.<domain>.local
Address: 10.1.10.3
>
> set type=all
> _ldap._tcp.dc._msdc.<domain>
Server: wse16.<domain>.local
Address: 10.1.10.3
*** wse16.<domain>.local can't find _ldap._tcp.dc._msdc.<domain>: Non-existent domain
How is it possible that the domain has disappeared?
In addition, DNS looks identical to my other WSE servers that have no issues.
ASKER
To find the AD DC server, the client primary DNS -must- point to the DNS server on the Domain Controller, and not to any other such as a router or an ISP DNS. The DC's DNS should be set up to forward external requests to the ISP.