Verification of replica failed. Active directory domain controller for the domain XYZ could not be contacted. Ensure that you supplied the correct DNS domain name


  • I am getting following error while I was trying to add secondary AD server to my domain:

    "Verification of replica failed. Active directory domain controller for the domain XYZ could not be contacted. Ensure that you supplied the correct DNS domain name"

    What I already tried:

    ipconfig /resgisterdns and ipconfig /flushdns on both old Primary Active Directory DNS server 2008 and brand new 2012 server (Clean install of AD DS, to which I am configuring)

    adprep of forest and domain on server 2008

    resolved all connection issues and 2008 is pinging properly

    Firewalls off on both 2008 and 2012

    tried disabling IPv6

    Started all Computer Browser related services and are set to automatic

    Time settings

    I can nslookup from both servers easily and IP seems to be correct

    DNS server (2008) has only one itself's IP in primary DNS server

    DNS has records in domain name (In DNS manager) and Dynamic Updates, click secure only.

    net stop "net logon" 

    net start "net logon"


    What was the reason to update to 2012?

    ---> My old secondary 2008 DNS server had BSOD because its Active directory was broken

    ----> I already followed steps given at to delete that server. which is now deleted

    Saturday, July 06, 2013 7:08 AM


All replies

  • Hello,

    please post the following output here:

    "ipconfig /all" from the existing DC/DNS server and the new server.

    "netdom query fsmo" from the existing DC

    Does the existing DC have the forward lookup zones:

    "" and "msdcs_" listed where the first one contains the existing machines and also have the folder structure for DNS and all records listed for the existing DC/DNS server and an A record for the new machine(please post a screenshot)?

    Best regards

    Meinolf Weber
    Microsoft MVP - Directory Services
    My Blog:

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Sunday, July 07, 2013 5:39 PM
  • checkout the DCPROMO.LOG file in C:\Windows\Debug

    what is it saying?

    Jorge de Almeida Pinto [MVP-DS] | Principal Consultant | BLOG:

    Sunday, July 07, 2013 9:18 PM
  • There can be multiple reason like your security software being the one of the cause, high latency in the network, fault in the cable/port etc which is blocking. I would also be interested to see the information requested by Meinolf to get the better picture.

    Active Directory Replication Status Tool Released

    Troubleshooting AD replications.

    Awinish Vishwakarma - MVP

    My Blog:

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Monday, July 08, 2013 2:53 AM
  • Hi,

    Any updates?

    Please feel free to let us know if you need further assistance.


    If you have any feedback on our support, please click here

    Vivian Wang
    TechNet Community Support

    Wednesday, July 10, 2013 6:08 AM
  • I ran into this in my virtual box lab, and as suggested above found that the machines had their domain firewall turned on at some point; perhaps when they were joined to the domain.

    I also made sure they were pointed to DC1 for DNS and it seemed to help to turn off my pfsense virtual router before completing the promotion. 

    • Edited by marzellab Monday, January 18, 2016 4:28 PM Correction
    Monday, January 18, 2016 4:27 PM