none
DNS issue while adding computer to domain - windows server 2008 RRS feed

  • Question

  • I have a feeling that my DNS server is having some issues and I need to torubleshoot to find out the root cause. We noticed these issues while trying to add computers to the domain. We get the below error:

    An Active Directory Domain Controller for the domain 'xyz.com' could not be found.

    An error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller (AD DC) for domain "win2008.com".

    The error was: "No records found for given DNS query."
    (error code 0x0000251D DNS_INFO_NO_RECORDS)

    The query was for the SRV record for _ldap._tcp.dc._msdcs.win2008.com

    As a workaround we added the IP of the DNS server on the preferred DNS of the computer and yes we successfully added the computer to the domain.

    I did a NSLOOKUP and please find the output

    C:\Users\administrator.AE>nslookup dc2.ax.abc.com
    Server:  dc2.ax.abc.com
    Address:  192.168.36.31

    DNS request timed out.
        timeout was 2 seconds.
    DNS request timed out.
        timeout was 2 seconds.
    Name:    dc2.ax.abc.com
    Address:  192.168.36.31

    Microsoft Windows [Version 6.0.6002]
    Copyright (c) 2006 Microsoft Corporation.  All rights reserved.

    C:\Users\administrator.AE>DCDIAG /TEST:DNS

    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = DC2
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\DC2
          Starting test: Connectivity
             ......................... DC2 passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\DC2

          Starting test: DNS

             DNS Tests are running and not hung. Please wait a few minutes...
             ......................... DC2 passed test DNS

       Running partition tests on : ForestDnsZones

       Running partition tests on : DomainDnsZones

       Running partition tests on : Schema

       Running partition tests on : Configuration

       Running partition tests on : ae

       Running enterprise tests on : ax.abc.com
          Starting test: DNS
             Test results for domain controllers:

                DC: DC2.ax.abc.com
                Domain: ax.abc.com


                   TEST: Basic (Basc)
                      Warning: The AAAA record for this DC was not found

                   TEST: Dynamic update (Dyn)
                      Warning: Failed to delete the test record _dcdiag_test_record
    in zone ax.abc.com

                   TEST: Records registration (RReg)
                      Network Adapter [00000012] Microsoft Hyper-V Network Adapter:
                         Warning:
                         Missing AAAA record at DNS server 192.168.36.31:
                         DC2.ax.abc.com

                         Warning:
                         Missing AAAA record at DNS server 192.168.36.31:
                         gc._msdcs.ax.abc.com

                         Warning:
                         Missing AAAA record at DNS server 192.168.36.30:
                         DC2.ax.abc.com

                         Warning:
                         Missing AAAA record at DNS server 192.168.36.30:
                         gc._msdcs.ax.abc.com

                   Warning: Record Registrations not found in some network adapters

                   DC2                       PASS WARN PASS PASS WARN WARN n/a
             ......................... ax.abc.com passed test DNS

    C:\Users\administrator.AE>dcdiag

    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = DC2
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\DC2
          Starting test: Connectivity
             ......................... DC2 passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\DC2
          Starting test: Advertising
             ......................... DC2 passed test Advertising
          Starting test: FrsEvent
             ......................... DC2 passed test FrsEvent
          Starting test: DFSREvent
             There are warning or error events within the last 24 hours after the
             SYSVOL has been shared.  Failing SYSVOL replication problems may cause
             Group Policy problems.
             ......................... DC2 passed test DFSREvent
          Starting test: SysVolCheck
             ......................... DC2 passed test SysVolCheck
          Starting test: KccEvent
             ......................... DC2 passed test KccEvent
          Starting test: KnowsOfRoleHolders
             ......................... DC2 passed test KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... DC2 passed test MachineAccount
          Starting test: NCSecDesc
             ......................... DC2 passed test NCSecDesc
          Starting test: NetLogons
             ......................... DC2 passed test NetLogons
          Starting test: ObjectsReplicated
             ......................... DC2 passed test ObjectsReplicated
          Starting test: Replications
             ......................... DC2 passed test Replications
          Starting test: RidManager
             ......................... DC2 passed test RidManager
          Starting test: Services
             ......................... DC2 passed test Services
          Starting test: SystemLog
             An Error Event occurred.  EventID: 0x00000457
                Time Generated: 10/19/2016   08:49:15
                EvtFormatMessage failed, error 15100 Win32 Error 15100.
                (Event String (event log = System) could not be retrieved, error
                0x3afc)
             An Error Event occurred.  EventID: 0x00000457
                Time Generated: 10/19/2016   08:49:18
                EvtFormatMessage failed, error 15100 Win32 Error 15100.
                (Event String (event log = System) could not be retrieved, error
                0x3afc)
             An Error Event occurred.  EventID: 0xC0002719
                Time Generated: 10/19/2016   09:06:19
                EvtFormatMessage failed, error 15100 Win32 Error 15100.
                (Event String (event log = System) could not be retrieved, error
                0x3afc)
             An Error Event occurred.  EventID: 0xC0002719
                Time Generated: 10/19/2016   09:06:44
                EvtFormatMessage failed, error 15100 Win32 Error 15100.
                (Event String (event log = System) could not be retrieved, error
                0x3afc)
             An Error Event occurred.  EventID: 0xC0002719
                Time Generated: 10/19/2016   09:07:09
                EvtFormatMessage failed, error 15100 Win32 Error 15100.
                (Event String (event log = System) could not be retrieved, error
                0x3afc)
             ......................... DC2 failed test SystemLog
          Starting test: VerifyReferences
             ......................... DC2 passed test VerifyReferences


       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test
             CrossRefValidation

       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test
             CrossRefValidation

       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation

       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation

       Running partition tests on : ae
          Starting test: CheckSDRefDom
             ......................... ae passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ae passed test CrossRefValidation

       Running enterprise tests on : ax.abc.com
          Starting test: LocatorCheck
             ......................... ax.abc.com passed test LocatorCheck
          Starting test: Intersite
             ......................... ax.abc.com passed test Intersite

    Appreciate if someone here can help me find the issue at the root level and ensure my DNS is working perfectly.

    Thanks in advance.
    Wednesday, October 19, 2016 5:39 AM

Answers

  • Hi sphilip,

    >As a workaround we added the IP of the DNS server on the preferred DNS of the computer and yes we successfully added the computer to the domain.

    When we add a computer to a domain, we need to enable the computer could resolve the domain, generally, we'll configure the preferred DNS server with the IP address of the domain controller;

    >    Warning: Failed to delete the test record _dcdiag_test_record
    in zone ax.abc.com

    As for this warning, it might due to you check "secure and non-secure dynamic update" for the AD-integrated zone. It's recommended to use "secure only dynamic update" for AD-integrated zone. While it's also fine to use both secure and non-secure, if so, you can ignore the warning:

    >Warning: Missing AAAA record at DNS server 192.168.36.31:

    This might due to you do not have AAAA record for the DC, if you do not use IPv6 to communicate, we may also ignore this warning.

    >DC2                       PASS WARN PASS PASS WARN WARN n/a ......................... ax.abc.com passed test DNS

    It looks like no error for the DNS test.

    As for the client unable to resolve the SRV records, please restart netlogon service, it may help re-register SRV records.

    Besides, do you get any other errors with the DNS server?

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, October 20, 2016 5:50 AM
    Moderator

All replies

  • Hi sphilip,

    >As a workaround we added the IP of the DNS server on the preferred DNS of the computer and yes we successfully added the computer to the domain.

    When we add a computer to a domain, we need to enable the computer could resolve the domain, generally, we'll configure the preferred DNS server with the IP address of the domain controller;

    >    Warning: Failed to delete the test record _dcdiag_test_record
    in zone ax.abc.com

    As for this warning, it might due to you check "secure and non-secure dynamic update" for the AD-integrated zone. It's recommended to use "secure only dynamic update" for AD-integrated zone. While it's also fine to use both secure and non-secure, if so, you can ignore the warning:

    >Warning: Missing AAAA record at DNS server 192.168.36.31:

    This might due to you do not have AAAA record for the DC, if you do not use IPv6 to communicate, we may also ignore this warning.

    >DC2                       PASS WARN PASS PASS WARN WARN n/a ......................... ax.abc.com passed test DNS

    It looks like no error for the DNS test.

    As for the client unable to resolve the SRV records, please restart netlogon service, it may help re-register SRV records.

    Besides, do you get any other errors with the DNS server?

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, October 20, 2016 5:50 AM
    Moderator
  • Hi,

    Could the above replies be of help? If yes, you may mark it as answer, if not, feel free to feed back.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, November 3, 2016 6:31 AM
    Moderator