- Remove From My Forums
-
Вопрос
-
Вероятно, доменное имя «****» является NetBIOS-именем домена. Проверьте, что имя домена правильно зарегистрировано в WINS.
Если это имя не является NetBIOS-именем домена, следующие сведения помогут исправить ошибку в конфигурации DNS.
При запросе DNS записи ресурса размещения службы (SRV), используемой для выяснения размещения контроллера домена Active Directory для домена «****» произошла ошибка:
Произошла ошибка: «Ошибка DNS-сервера.»
(код ошибки: 0x0000232A RCODE_SERVER_FAILURE)Опрос проводился для SRV-записи для _ldap._tcp.dc._msdcs.****
К возможным причинам ошибки относятся:
— DNS-серверы, используемые этим компьютером содержат неправильные корневые ссылки. Этот компьютер настроен на использование DNS-серверов со следующими IP-адресами:
192.168.***.***
192.168.***.***— В одной или в нескольких зонах из указанных ниже содержится неверное делегирование:
****
. (корневая зона)что с этим делать?
-
Изменено
22 ноября 2016 г. 7:12
-
Изменено
Ответы
-
Как и говорится в проблеме — ошибка связана с DNS. Начните с проверок:
1. Контроллеры домена являются севрером DNS
2. На контроллерах домена первым прописан DNS 127.0.0.1
3. Выполните ipconfig /registerdns на контроллерах домена и выполните рестарт netlogon
4. Проверьте, что вторым DNS прописан другой контроллер домена
5. Проверьте, что это адреса контроллеров домена:
192.168.***.***
192.168.***.***6. Проверьте наличие в DNS записи «_ldap._tcp.dc._msdcs.****«
7. Если не помогло, выполните dcdiag
-
Помечено в качестве ответа
Petko KrushevMicrosoft contingent staff, Moderator
29 ноября 2016 г. 7:46
-
Помечено в качестве ответа
- Remove From My Forums
-
Вопрос
-
Вероятно, доменное имя «****» является NetBIOS-именем домена. Проверьте, что имя домена правильно зарегистрировано в WINS.
Если это имя не является NetBIOS-именем домена, следующие сведения помогут исправить ошибку в конфигурации DNS.
При запросе DNS записи ресурса размещения службы (SRV), используемой для выяснения размещения контроллера домена Active Directory для домена «****» произошла ошибка:
Произошла ошибка: «Ошибка DNS-сервера.»
(код ошибки: 0x0000232A RCODE_SERVER_FAILURE)Опрос проводился для SRV-записи для _ldap._tcp.dc._msdcs.****
К возможным причинам ошибки относятся:
— DNS-серверы, используемые этим компьютером содержат неправильные корневые ссылки. Этот компьютер настроен на использование DNS-серверов со следующими IP-адресами:
192.168.***.***
192.168.***.***— В одной или в нескольких зонах из указанных ниже содержится неверное делегирование:
****
. (корневая зона)что с этим делать?
- Изменено
22 ноября 2016 г. 7:12
- Изменено
Ответы
-
Как и говорится в проблеме — ошибка связана с DNS. Начните с проверок:
1. Контроллеры домена являются севрером DNS
2. На контроллерах домена первым прописан DNS 127.0.0.1
3. Выполните ipconfig /registerdns на контроллерах домена и выполните рестарт netlogon
4. Проверьте, что вторым DNS прописан другой контроллер домена
5. Проверьте, что это адреса контроллеров домена:
192.168.***.***
192.168.***.***6. Проверьте наличие в DNS записи «_ldap._tcp.dc._msdcs.****«
7. Если не помогло, выполните dcdiag
- Помечено в качестве ответа
Petko KrushevMicrosoft contingent staff, Moderator
29 ноября 2016 г. 7:46
- Помечено в качестве ответа
- Remove From My Forums
-
Question
-
Hi,
I am testing my virtual machine which runs on windows server 2008 Datacenter edition. I am trying to add my host computer to the virtual machine which is a domain controller. But i get an error which reads something like:
An active directory domain controller (AD DC)for the domain «Sharkie.com» could not be contacted. here are the details:
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain «Sharkie.com»:
The error was: «DNS server failure.»
(error code 0x0000232A RCODE_SERVER_FAILURE)The query was for the SRV record for _ldap._tcp.dc._msdcs.Sharkie.com
Common causes of this error include the following:
— The DNS servers used by this computer contain incorrect root hints. This computer is configured to use DNS servers with the following IP addresses:
192.168.1.1
— One or more of the following zones contains incorrect delegation:
Sharkie.com
com
. (the root zone)Where have i gone wrong & if you could clarify me that there is an option to add my host client computer as a Domain member to the Server which runs on VM.
Your help would be appreciated.
Regards,
Vignesh
Vignesh
Answers
-
Hello,
An active directory domain controller (AD DC)for the domain «Sharkie.com» could not be contacted. here are the details:
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain «Sharkie.com»:
The error was: «DNS server failure.»
(error code 0x0000232A RCODE_SERVER_FAILURE)you have DNS problems.
Please make sure that:
- the DC is not multihomed and that RRAS is not enabled on it
- the DC is a DNS server
- The DC points to its private IP address and 127.0.0.1 as secondary one
- Each public DNS server is set as a forwarder and not added in IP settings of the DC
Once done, run ipconfig /registerdns and restart netlogon on the DC you have.
For servers / client computers, make sure that they are pointing to your internal DNS servers as primary and secondary DNS servers.
Also, make sure that needed ports for authentication are not blocked: http://msmvps.com/blogs/rexiology/archive/2006/04/05/89389.aspx
This
posting is provided «AS IS» with no warranties or guarantees , and confers no rights.Microsoft Student
Partner 2010 / 2011
Microsoft Certified Professional
Microsoft Certified Systems Administrator:
Security
Microsoft Certified Systems Engineer:
Security
Microsoft Certified Technology Specialist:
Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist:
Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified Technology Specialist:
Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified Technology Specialist:
Windows 7, Configuring
Microsoft Certified IT Professional: Enterprise
Administrator
Microsoft Certified IT Professional: Server Administrator- Marked as answer by
Thursday, September 15, 2011 9:07 AM
- Remove From My Forums
-
Question
-
Hi,
I am testing my virtual machine which runs on windows server 2008 Datacenter edition. I am trying to add my host computer to the virtual machine which is a domain controller. But i get an error which reads something like:
An active directory domain controller (AD DC)for the domain «Sharkie.com» could not be contacted. here are the details:
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain «Sharkie.com»:
The error was: «DNS server failure.»
(error code 0x0000232A RCODE_SERVER_FAILURE)The query was for the SRV record for _ldap._tcp.dc._msdcs.Sharkie.com
Common causes of this error include the following:
— The DNS servers used by this computer contain incorrect root hints. This computer is configured to use DNS servers with the following IP addresses:
192.168.1.1
— One or more of the following zones contains incorrect delegation:
Sharkie.com
com
. (the root zone)Where have i gone wrong & if you could clarify me that there is an option to add my host client computer as a Domain member to the Server which runs on VM.
Your help would be appreciated.
Regards,
Vignesh
Vignesh
Answers
-
Hello,
An active directory domain controller (AD DC)for the domain «Sharkie.com» could not be contacted. here are the details:
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain «Sharkie.com»:
The error was: «DNS server failure.»
(error code 0x0000232A RCODE_SERVER_FAILURE)you have DNS problems.
Please make sure that:
- the DC is not multihomed and that RRAS is not enabled on it
- the DC is a DNS server
- The DC points to its private IP address and 127.0.0.1 as secondary one
- Each public DNS server is set as a forwarder and not added in IP settings of the DC
Once done, run ipconfig /registerdns and restart netlogon on the DC you have.
For servers / client computers, make sure that they are pointing to your internal DNS servers as primary and secondary DNS servers.
Also, make sure that needed ports for authentication are not blocked: http://msmvps.com/blogs/rexiology/archive/2006/04/05/89389.aspx
This
posting is provided «AS IS» with no warranties or guarantees , and confers no rights.Microsoft Student
Partner 2010 / 2011
Microsoft Certified Professional
Microsoft Certified Systems Administrator:
Security
Microsoft Certified Systems Engineer:
Security
Microsoft Certified Technology Specialist:
Windows Server 2008 Active Directory, Configuration
Microsoft Certified Technology Specialist:
Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified Technology Specialist:
Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified Technology Specialist:
Windows 7, Configuring
Microsoft Certified IT Professional: Enterprise
Administrator
Microsoft Certified IT Professional: Server Administrator- Marked as answer by
Thursday, September 15, 2011 9:07 AM
I have a DC running on Windows Server 2012. As of yesterday,
I have been unable to join any Windows 10 workstations to the domain. I keep
seeing a DNS server failure error. I’m able to pickup a DHCP address from the
DC and my DNS is correct. I can ping the server just fine and ping the workstation
from the server. I have tested disabling AV on both the server and workstation but
no dice. Below is the error I’m seeing from the workstation side.
The following error occurred when DNS was queried for the
service location (SRV) resource record used to locate an Active Directory
Domain Controller (AD DC) for domain «osbc.local»:
The error was: «DNS server failure.»
(error code 0x0000232A RCODE_SERVER_FAILURE)
The query was for the SRV record for
_ldap._tcp.dc._msdcs.osbc.local
Common causes of this error include the following:
— The DNS servers used by this computer contain incorrect
root hints. This computer is configured to use DNS servers with the following
IP addresses:
XXX.XXX.XXX.XXX
— One or more of the following zones contains incorrect
delegation:
osbc.local
local
. (the root zone)
23-Jan-2012 15:27:55.357 client 10.0.0.10#59250: query ‘local.ord.local/SOA/IN’ approved
23-Jan-2012 15:27:55.660 client 10.0.0.10#53101: query (cache) ‘./SOA/IN’ approved
23-Jan-2012 15:27:55.661 client 10.0.0.10#54128: query (cache) ‘./NS/IN’ approved
23-Jan-2012 15:27:55.662 client @0xb500c008: udprecv
и стартовый лог бинда
Jan 23 15:48:54 gate named[10497]: shutting down
Jan 23 15:48:54 gate named[10497]: no longer listening on 127.0.0.1#53
Jan 23 15:48:54 gate named[10497]: no longer listening on 10.0.0.1#53
Jan 23 15:48:54 gate named[10497]: exiting
Jan 23 15:48:54 gate start-stop-daemon: pam_unix(start-stop-daemon:session): session opened for user nobody by (uid=0)
Jan 23 15:48:54 gate named[10543]: starting BIND 9.7.4-P1 -u named -4 -d 1
Jan 23 15:48:54 gate named[10543]: built with ‘—prefix=/usr’ ‘—build=i686-pc-linux-gnu’ ‘—host=i686-pc-linux-gnu’ ‘—mandir=/usr/share/man’ ‘—infodir=/usr/share/info’ ‘—datadir=/usr/share’ ‘—sysconfdir=/etc’ ‘—localstatedir=/var/lib’ ‘—sysconfdir=/etc/bind’ ‘—localstatedir=/var’ ‘—with-libtool’ ‘—with-openssl’ ‘—without-idn’ ‘—enable-ipv6’ ‘—with-libxml2’ ‘—without-gssapi’ ‘—enable-linux-caps’ ‘—enable-threads’ ‘—with-randomdev=/dev/random’ ‘build_alias=i686-pc-linux-gnu’ ‘host_alias=i686-pc-linux-gnu’ ‘CFLAGS=-O2 -march=native -mtune=native -pipe’ ‘LDFLAGS=-Wl,-O1 -Wl,—as-needed’
Jan 23 15:48:54 gate named[10543]: adjusted limit on open files from 1024 to 1048576
Jan 23 15:48:54 gate named[10543]: found 2 CPUs, using 2 worker threads
Jan 23 15:48:54 gate named[10543]: using up to 4096 sockets
Jan 23 15:48:54 gate named[10543]: Using 101 tasks for zone loading
Jan 23 15:48:54 gate named[10543]: loading configuration from ‘/etc/bind/named.conf’
Jan 23 15:48:54 gate named[10543]: reading built-in trusted keys from file ‘/etc/bind/bind.keys’
Jan 23 15:48:54 gate named[10543]: using default UDP/IPv4 port range: [1024, 65535]
Jan 23 15:48:54 gate named[10543]: using default UDP/IPv6 port range: [1024, 65535]
Jan 23 15:48:54 gate named[10543]: no IPv6 interfaces found
Jan 23 15:48:54 gate named[10543]: listening on IPv4 interface lo, 127.0.0.1#53
Jan 23 15:48:54 gate named[10543]: binding TCP socket: address in use
Jan 23 15:48:54 gate named[10543]: listening on IPv4 interface eth0, 10.0.0.1#53
Jan 23 15:48:54 gate named[10543]: binding TCP socket: address in use
Jan 23 15:48:54 gate named[10543]: generating session key for dynamic DNS
Jan 23 15:48:54 gate named[10543]: zone ‘_msdcs.ord.local’ allows updates by IP address, which is insecure
Jan 23 15:48:54 gate named[10543]: zone ‘_tcp.ord.local’ allows updates by IP address, which is insecure
Jan 23 15:48:54 gate named[10543]: zone ‘_udp.ord.local’ allows updates by IP address, which is insecure
Jan 23 15:48:54 gate named[10543]: zone ‘_sites.ord.local’ allows updates by IP address, which is insecure
Jan 23 15:48:54 gate named[10543]: zone ‘DomainDNSZones.ord.local’ allows updates by IP address, which is insecure
Jan 23 15:48:54 gate named[10543]: zone ‘ForestDNSZones.ord.local’ allows updates by IP address, which is insecure
Jan 23 15:48:54 gate named[10543]: set up managed keys zone for view _default, file ‘/etc/bind/managed-keys.bind’
Jan 23 15:48:54 gate named[10543]: automatic empty zone: 0.IN-ADDR.ARPA
Jan 23 15:48:54 gate named[10543]: automatic empty zone: 254.169.IN-ADDR.ARPA
Jan 23 15:48:54 gate named[10543]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Jan 23 15:48:54 gate named[10543]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Jan 23 15:48:54 gate named[10543]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Jan 23 15:48:54 gate named[10543]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Jan 23 15:48:54 gate named[10543]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Jan 23 15:48:54 gate named[10543]: automatic empty zone: 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Jan 23 15:48:54 gate named[10543]: automatic empty zone: D.F.IP6.ARPA
Jan 23 15:48:54 gate named[10543]: automatic empty zone: 8.E.F.IP6.ARPA
Jan 23 15:48:54 gate named[10543]: automatic empty zone: 9.E.F.IP6.ARPA
Jan 23 15:48:54 gate named[10543]: automatic empty zone: A.E.F.IP6.ARPA
Jan 23 15:48:54 gate named[10543]: automatic empty zone: B.E.F.IP6.ARPA
Jan 23 15:48:54 gate named[10543]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Jan 23 15:48:54 gate named[10543]: /etc/bind/named.conf:120: couldn’t add command channel 127.0.0.1#953: address in use
Jan 23 15:48:54 gate named[10543]: /etc/bind/named.conf:121: couldn’t add command channel 10.0.0.1#953: address in use
Jan 23 15:48:54 gate named[10543]: zone 0.10.in-addr.arpa/IN: loaded serial 122214468
Jan 23 15:48:54 gate named[10543]: zone 127.in-addr.arpa/IN: loaded serial 2008122601
Jan 23 15:48:54 gate named[10543]: zone ord.local/IN: loaded serial 122214468
Jan 23 15:48:54 gate named[10543]: zone _msdcs.ord.local/IN: loaded serial 20071033
Jan 23 15:48:54 gate named[10543]: zone _sites.ord.local/IN: loaded serial 20071033
Jan 23 15:48:54 gate named[10543]: zone _tcp.ord.local/IN: loaded serial 20071033
Jan 23 15:48:54 gate named[10543]: zone _udp.ord.local/IN: loaded serial 20071033
Jan 23 15:48:54 gate named[10543]: zone DomainDNSZones.ord.local/IN: loaded serial 20071033
Jan 23 15:48:54 gate named[10543]: zone ForestDNSZones.ord.local/IN: loaded serial 20071033
Jan 23 15:48:54 gate named[10543]: zone localhost/IN: loaded serial 2008122601
Jan 23 15:48:54 gate named[10543]: managed-keys-zone ./IN: loaded serial 0
Jan 23 15:48:54 gate named[10543]: zone 0.10.in-addr.arpa/IN: sending notifies (serial 122214468)
Jan 23 15:48:54 gate named[10543]: zone ord.local/IN: sending notifies (serial 122214468)
Jan 23 15:48:54 gate named[10543]: running
I have a DC running on Windows Server 2012. As of yesterday,
I have been unable to join any Windows 10 workstations to the domain. I keep
seeing a DNS server failure error. I’m able to pickup a DHCP address from the
DC and my DNS is correct. I can ping the server just fine and ping the workstation
from the server. I have tested disabling AV on both the server and workstation but
no dice. Below is the error I’m seeing from the workstation side.
The following error occurred when DNS was queried for the
service location (SRV) resource record used to locate an Active Directory
Domain Controller (AD DC) for domain «osbc.local»:
The error was: «DNS server failure.»
(error code 0x0000232A RCODE_SERVER_FAILURE)
The query was for the SRV record for
_ldap._tcp.dc._msdcs.osbc.local
Common causes of this error include the following:
— The DNS servers used by this computer contain incorrect
root hints. This computer is configured to use DNS servers with the following
IP addresses:
XXX.XXX.XXX.XXX
— One or more of the following zones contains incorrect
delegation:
osbc.local
local
. (the root zone)
Hi,
I got a problem after replacing my network switch after the old one stopped working.
The new switch is a managed switch (HP ProCurve), I have set the switch on DHCP so it would receive ip, dns etc. automatically from my win2003 server.
I thought everything was good to go. But when I tried to reach my documents on the server from mypc (client) it wouldn’t show. I tried to ping the server 192.168.0.1 and bizon.mydomain.no, it responded to the ping.
So I tested the dns with nslookup and Set Type=SRV and _ldap._tcp.dc._msdcs.mydomain.no
The server responded with:
Server: bizon.mydomain.no
Address: 192.168.0.1
DNS request timed out.
Timeout was two seconds.
So I tried to unjoin the workstation (my pc) from the server and rejoin it again to the domain mydomain.no
It wouldn’t rejoin with the domain, it is switching between two errors when I’m trying to rejoin the domain, these are:
The error was: This operation returned because the timeout period expired.
(error code 0x000005B4 ERROR_TIMEOUT)The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain.no
DNS servers used by this computer for name resolution, not responding. This computer is configured to use DNS servers with following IP addresses:
192.168.0.1
Make sure your computer is connected to the network, that these are the correct IP addresses for the DNS server, and that at least one of the DNS servers are running.
And
The error was: Error in the DNS server.
(error code 0x0000232A RCODE_SERVER_FAILURE)The query was for the SRV record for _ldap._tcp.dc._msdcs.mydomain.no
Common causes of this error include:
— DNS servers used by your computer has errors rottips. This computer is configured to use DNS servers with following IP addresses:
192.168.0.1
— One or more of the following zones contains incorrect delegation:
mydomain.no
no
. (root zone)
Is it my switch that is making all this trouble?
The server is not used external, ex.webpages and exchange etc.. But Lotus Domino server are running on this server and can be reached external.
This server is the only one with dns setup.
Here is my settings on the NIC through ipconfig:
Ethernet-kort Lokal tilkobling:
Tilkoblingsspesifikt DNS-suffiks : mydomain.no
Beskrivelse . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E
GBE NIC
Fysisk adresse . . . . . . . . . : 00-1E-33-1F-CC-D3
DHCP aktivert . . . . . . . . . . : Yes
Automatisk konfigurasjon aktivert : Yes
Koblingslokal IPv6-adresse. . . . : fe80::a539:44c7:4d1b:58b9%11(Foretrukket)IPv4-adresse. . . . . . . . . . . : 192.168.0.111(Foretrukket)
Nettverksmaske . . . . . . . . . .: 255.255.255.0
Leieavtale inngått. . . . . . . . : 3. januar 2012 07:56:48
Leieavtale utløper. . . . . . . . : 11. januar 2012 08:05:09
Standard gateway . . . . . . . . .: 192.168.0.254
DHCP-server . . . . . . . . . . . : 192.168.0.1
DHCPv6-IAID . . . . . . . . . . . : 251665971
DHCPv6 klient-DUID. . . . . . . . : 00-01-00-01-12-24-6B-2F-00-1E-33-1F-CC-D3DNS-servere . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Aktivert
This article is a collection of error messages from the domain join process, windows event viewer and general observations. All of these were tested on a windows 2012R2 server joining to a single domain controller 2012R2 over a simulated router. The domain is testforest.local and domain controller IP 10.1.1.50. Various ports were blocked for each test and the results are recorded below.
Main Error Message on client: «An Active Directory Domain Controller (AD DC) for the domain ‘test.local’ could not be contacted. Ensure that the domain name is typed correctly»
Situation: No functional dns. That means, the client has no dns IP’s configured, they are not valid dns server IP’s, they are not accessible to this client, etc.
Sub Error Message when Details are expanded:
Note: This information is intended for a network administrator. If you are not your network’s administrator, notify the administrator that you received this information, which has been recorded in the file C:Windowsdebugdcdiag.txt.
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain «testforest.local»:
The error was: «This operation returned because the timeout period expired.»
(error code 0x000005B4 ERROR_TIMEOUT)
The query was for the SRV record for _ldap._tcp.dc._msdcs.testforest.local
The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses:
10.1.1.50
Verify that this computer is connected to the network, that these are the correct DNS server IP addresses, and that at least one of the DNS servers is running.
Steps to perform: Ensure the client is pointing to a valid dns server that can resolve this active directory domain. Use of nslookup as a troubleshooting tool, or nltest /dnsgetdc: will help test connectivity.
Situation: a RODC is accessible, however a RW domain controller is not accessible. Your machine may be at a branch office with a local RODC that is handling dns queries, however the link connecting back to a writable domain controller is down. Additionally this error could come up if the client has a functioning dns server to query that does provide answers, but due to some connectivity problem, the machine can’t connect to a domain controller.
Sub Error Message when Details are expanded:
DNS was successfully querie for the service location (SRV) resource record used to locate a domain controller for domain «testforest.local»:
The query was for the SRV record _ldap._tcp.dc._msdcs.testforest.local
The following domain controllers were identified by the query:
forest1dc1.testforest.local
However no domain controllers could be contacted.
Situation: Functional dns server, however the server doesn’t cover this zone. This means, the DNS server is accessible and is providing answers, however it cannot resolve anything in this Active Directory zone. It does not host the zone, it does not forward to another server than can answer, nor does it do any recursion to find the answer.
Sub Error Message when Details are expanded:
Note: This information is intended for a network administrator. If you are not your network’s administrator, notify the administrator that you received this information, which has been recorded in the file C:Windowsdebugdcdiag.txt.
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain «testforest2.local»:
The error was: «DNS server failure.»
(error code 0x0000232A RCODE_SERVER_FAILURE)
The query was for the SRV record for _ldap._tcp.dc._msdcs.testforest2.local
Common causes of this error include the following:
— The DNS servers used by this computer contain incorrect root hints. This computer is configured to use DNS servers with the following IP addresses:
10.1.1.50
— One or more of the following zones contains incorrect delegation:
testforest2.local
local
. (the root zone)
Steps to Perform: 1) Ensure that the name typed in for the domain name on the client is the correct name, 2) check DNS infrastructure to find a server that is capable of resolving the active directory domain’s dns zone.
Situation: Port 389 blocked (LDAP udp/tcp)
Sub Error Message when Details are expanded:
Note: This information is intended for a network administrator. If you are not your network’s administrator, notify the administrator that you received this information, which has been recorded in the file C:Windowsdebugdcdiag.txt.
DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain «testforest.local»:
The query was for the SRV record for _ldap._tcp.dc._msdcs.testforest.local
The following domain controllers were identified by the query:
forest1dc1.testforest.local
## This ends the above section where the primary error message is domain controller could not be contacted. In all three of these cases, there will be no prompt for credentials.
Error: the RPC Server is unavailable
Situation: Block of port 135.
What is seen: User is prompted for credentials. Domain join is slow but works eventually with a welcome to the domain error. After the success, it may pop up «Changing the primary domain dns name of this computer to «» failed. The name will remain «testforest.local».
Error: Extremely slow domain join and everything else (boot up, logon, etc)
Situation: kerberos blocked (port 88 with DROP by firewall)
What is seen: Domain join still works but it is much slower, boot up is very slow, logons are very slow, GP update is very slow
Causes errors in system log
-lsasrv 6038 Microsoft Windows Server has detected NTLM authentication is presently being used between clients and this server….
-GroupPolicy 1055 Windows could not resolve the computer name
-TerminalServices-RemoteConnectionManager 1067 The RD Session Host server cannot register ‘TERMSRV’ Service Principal Name to be use for server authentication. The following error occured: The system cannot contact a domain controller to service the authentication request.
-DNS CLient Events 8019. The system failed to register host (A or AAAA) resource recortapter with settings:…
-Winlogon 6006 GPClient errors
Situation: Kerberos blocked with icmp reject (port unreachable), same slowness
Error: none
Situation: port 137 is blocked
What is seen: prompts for cred, no problem in domain join, works quickly, no issues.
Situation: port 445 blocked
What is seen: Domain join works quickly, Boot speed is fine, and logon speed is fine. Gpupdate seems to work over port 137/139 (further blocking these ports breaks group policy with eventID 1096 in system log). TCP 139 is the primary backup to 445 though the other ports may be required to get the connection started
Situation: port 3268 (AD global catalog) blocked
What is seen: No problem, fast join, no obvious problems after join
Situation: All ICMP traffic is blocked
What is seen: Join is fast, boot is fine, logon is fine. Nothing significant seen here. Firewall didn’t catch any pkt drop.
Situation: Clock time of machine doesn’t match domain controller (large skew >5min)
What is seen: No problem in domain join. System reboot, logon are all fine. Clock time sync’s after domain join reboot.
Error: «An Active Directory Domain Controller (AD DC) for the domain ‘test.local’ could not be contacted. Ensure that the domain name is typed correctly»
Sub error message in Details:
Note: This information is intended for a network administrator. If you are not your network’s administrator, notify the administrator that you received this information, which has been recorded in the file C:Windowsdebugdcdiag.txt.
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain «testforest.local»:
The error was: «This operation returned because the timeout period expired.»
(error code 0x000005B4 ERROR_TIMEOUT)
The query was for the SRV record for _ldap._tcp.dc._msdcs.testforest.local
The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses:
10.1.1.50
Verify that this computer is connected to the network, that these are the correct DNS server IP addresses, and that at least one of the DNS servers is running.
Situation:
all dynamic ports above 1023 dropped in both directions.
Causes: dropped dns traffic on return. If return traffic/dns is working…. domain join is fine, boot is slow, logon is slow
Group policy 1053. The processing of Group Policy failed. Windows could not resolve the user name. This could be caused by …
Group policy 1055. The processing of Group policy failed. Windows could not resolve the computer name. This could be caused by …
TerminalServices-RemoteConnection Manager 1067 The RD Session Host server cannot register ‘TERMSRV’ Service Principal Name to be used for server authentication. The following error occured: The RPC server is unavailable.
Service control manager 7022 The Network Location Awareness service hung on starting.
Windows Remote Management 10154
The WinRM service failed to create the following SPNs: WSMAN/Slave1.testforest.local; WSMAN/Slave1.
The error received was 1722: %%1722.
The SPNs can be created by an administrator using setspn.exe utility.
Application Log — winlogon 6006 GPClient taking a long time