none
lack of network connectivity to a domain controller

    Question

  • This is in a test environment.  I have a 2008 Server standard DC.  A 2008 Server standard, Member server that has been joined to the domain.

    On the member server I run:  gpupdate /force  and get this message:

    The processing of Group Policy failed because of lack of network connectivity to
    a domain controller.

    The DC only has one NIC.  Static IP.  There is an A record in DNS and a PTR record in a reverse lookup zone (not sure if that matters).  From the Member Server I can ping the DC by host name, and vice versa. 

    Any idea what would cause this, and how to trouble shoot it?

    Thanks.

     

     

    Wednesday, February 02, 2011 5:12 PM

Answers

  • Hello,

    your DC and domain DNS server is  192.168.10.252.

    So on the domain controller and the member server use ONLY  192.168.10.252 as DNS server. What are 192.168.10.12/13 for DNS servers?

    Do you have on GLASGOW the following DNS zones and are the server registered with an A record and the DC/DNS server also with the name server record:

    msdcs.contoso.internal and contoso.internal

    Also make sure the DHCP client service is started and set to automatic, it is requried for correct DNS registration.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Wednesday, February 02, 2011 6:27 PM
  • Hi John,

    Meinolf's suggestion is right. DNS records play an important role for domain controllers in the Active Directory domain. Client computers (Winlogon Service) always query DNS Server to find the IP Address of the domain controller. Please make sure that the member server use domain controller (192.168.10.252) as DNS server and you can follow the simple steps to ensure SRV records of a domain controller are registered in the DNS Server.

    1. Open Command Prompt
    2. Type NSLOOKUP and hit enter
    3. Type Set Type=all and press enter
    4. At NSLOOKUP prompt, type _LDAP._TCP.DC._MSDCS.Domain_Name.com and hit enter.

    How to Verify the Creation of SRV Records for a Domain Controller
    http://support.microsoft.com/kb/241515

    How To Reregister SRV records of a Domain Controller In DNS Zone
    http://support.microsoft.com/kb/556002

    Brent


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Thursday, February 03, 2011 6:00 AM
    Moderator

All replies

  • start by running the following from the member server:

    dcdiag /s:<DCName>

    Post the output please


    Chris Morgan
    Wednesday, February 02, 2011 5:35 PM
  • That's weird, dcdiag was missing from the System32 folder.  So I copied it from the DC.  This is the output.... but that doesn't look right.

     

    Resource ID 0x60d not found.
    Unable to print Resource ID 0x60d .
    Unable to print Resource ID 0x60d .

    Resource ID 0x41d not found.
    Unable to print Resource ID 0x41d .
    Unable to print Resource ID 0x41d .
       Resource ID 0x61a not found.
       Unable to print Resource ID 0x61a .
       Unable to print Resource ID 0x61a .
       Message 0xc0001780 not found.
       Resource ID 0x61b not found.
       Unable to print Resource ID 0x61b .
       Unable to print Resource ID 0x61b .

    Wednesday, February 02, 2011 5:47 PM
  • Hello,

    in addition, please post also an unedited ipconfig /all from both servers. How are they connected, with a switch? If the Active directory domain services are not installed on the member server you will get an error with dcdiag command.

    Please run the following command on the DC directly, "dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt" without the quotes. As the output will become large, DON'T post them into the thread, please use Windows Sky Drive(with open access!) and add the link from it here.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Wednesday, February 02, 2011 5:49 PM
  • Here it is:

     


    Directory Server Diagnosis


    Performing initial setup:

       * Identified AD Forest.
       Done gathering initial info.


    Doing initial required tests

      
       Testing server: Default-First-Site-Name\GLASGOW

          Starting test: Connectivity

             The host de5f7dce-f6c9-4bbe-9234-fb9df2865394._msdcs.contoso.internal

             could not be resolved to an IP address. Check the DNS server, DHCP,

             server name, etc.

             Neither the the server name (Glasgow.contoso.internal) nor the Guid

             DNS name

             (de5f7dce-f6c9-4bbe-9234-fb9df2865394._msdcs.contoso.internal) could

             be resolved by DNS.  Check that the server is up and is registered

             correctly with the DNS server.
             ......................... GLASGOW failed test Connectivity



    Doing primary tests

      
       Testing server: Default-First-Site-Name\GLASGOW

          Skipping all tests, because server GLASGOW is not responding to directory

          service requests.

      
      
       Running partition tests on : ForestDnsZones

          Starting test: CheckSDRefDom

             ......................... ForestDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... ForestDnsZones passed test

             CrossRefValidation

      
       Running partition tests on : DomainDnsZones

          Starting test: CheckSDRefDom

             ......................... DomainDnsZones passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... DomainDnsZones passed test

             CrossRefValidation

      
       Running partition tests on : Schema

          Starting test: CheckSDRefDom

             ......................... Schema passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Schema passed test CrossRefValidation

      
       Running partition tests on : Configuration

          Starting test: CheckSDRefDom

             ......................... Configuration passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... Configuration passed test CrossRefValidation

      
       Running partition tests on : contoso

          Starting test: CheckSDRefDom

             ......................... contoso passed test CheckSDRefDom

          Starting test: CrossRefValidation

             ......................... contoso passed test CrossRefValidation

      
       Running enterprise tests on : contoso.internal

          Starting test: LocatorCheck

             ......................... contoso.internal passed test LocatorCheck

          Starting test: Intersite

             ......................... contoso.internal passed test Intersite

     

    IPconfig /ALL from both servers:

    Domain Controller -------------

       Host Name . . . . . . . . . . . . : Glasgow
       Primary Dns Suffix  . . . . . . . : contoso.internal
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : contoso.internal

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
       Physical Address. . . . . . . . . : 08-00-27-6E-9C-69
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.10.252(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.10.3
       DNS Servers . . . . . . . . . . . : 192.168.10.12
                                           192.168.10.13

     

    Member Server ----------------

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Desktop Adapter
       Physical Address. . . . . . . . . : 08-00-27-B3-B8-E9
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       IPv4 Address. . . . . . . . . . . : 192.168.10.51(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Lease Obtained. . . . . . . . . . : Wednesday, February 02, 2011 8:23:54 AM
       Lease Expires . . . . . . . . . . : Thursday, February 03, 2011 8:23:56 AM
       Default Gateway . . . . . . . . . : 192.168.10.3
       DHCP Server . . . . . . . . . . . : 192.168.10.12
       DNS Servers . . . . . . . . . . . : 192.168.10.12
                                           192.168.10.13
       Primary WINS Server . . . . . . . : 192.168.10.12
       Secondary WINS Server . . . . . . : 192.168.10.13

     

    Wednesday, February 02, 2011 5:59 PM
  • Please run the following command on the DC directly, "dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt" without the quotes. As the output will become large, DON'T post them into the thread, please use Windows Sky Drive(with open access!) and add the link from it here.

    When I run that I get a message saying "AD DS /Lightweight Directory Services diagnosis utility has stopped working"
    Wednesday, February 02, 2011 6:03 PM
  • Please run the following command on the DC directly, "dcdiag /v /c /d /e /s:dcname >c:\dcdiag.txt" without the quotes. As the output will become large, DON'T post them into the thread, please use Windows Sky Drive(with open access!) and add the link from it here.

    When I run that I get a message saying "AD DS /Lightweight Directory Services diagnosis utility has stopped working"


    Hello,

    please post the server roles you have installed in detail.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Wednesday, February 02, 2011 6:23 PM
  • Hello,

    your DC and domain DNS server is  192.168.10.252.

    So on the domain controller and the member server use ONLY  192.168.10.252 as DNS server. What are 192.168.10.12/13 for DNS servers?

    Do you have on GLASGOW the following DNS zones and are the server registered with an A record and the DC/DNS server also with the name server record:

    msdcs.contoso.internal and contoso.internal

    Also make sure the DHCP client service is started and set to automatic, it is requried for correct DNS registration.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
    Wednesday, February 02, 2011 6:27 PM
  • Hi John,

    Meinolf's suggestion is right. DNS records play an important role for domain controllers in the Active Directory domain. Client computers (Winlogon Service) always query DNS Server to find the IP Address of the domain controller. Please make sure that the member server use domain controller (192.168.10.252) as DNS server and you can follow the simple steps to ensure SRV records of a domain controller are registered in the DNS Server.

    1. Open Command Prompt
    2. Type NSLOOKUP and hit enter
    3. Type Set Type=all and press enter
    4. At NSLOOKUP prompt, type _LDAP._TCP.DC._MSDCS.Domain_Name.com and hit enter.

    How to Verify the Creation of SRV Records for a Domain Controller
    http://support.microsoft.com/kb/241515

    How To Reregister SRV records of a Domain Controller In DNS Zone
    http://support.microsoft.com/kb/556002

    Brent


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Thursday, February 03, 2011 6:00 AM
    Moderator
  • Thank you!

    This helped me to fix setting SQL Server to run under a domain account, as I previously could not select the user from the domain due the DNS pointing to the router and not the DC.

    Thursday, September 19, 2013 2:07 PM