Today I installed a new Domain Controller and I got an interesting error which I’ve never had before on a couple of new Servers as I tried to put them in to the new and fresh created domain.
The Message was:
Note: This information is intended for a network administrator. If you are not your network’s administrator, notify the administrator that you received this information, which has been recorded in the file C:\Windows\debug\dcdiag.txt.The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller for domain example.com:
The error was: “DNS name does not exist.”
(error code 0x0000232B RCODE_NAME_ERROR)
The query was for the SRV record for _ldap._tcp.dc._msdcs.example.com
Common causes of this error include the following:
- The DNS SRV records required to locate a AD DC for the domain are not registered in DNS. These records are registered with a DNS server automatically when a AD DC is added to a domain. They are updated by the AD DC at set intervals. This computer is configured to use DNS servers with the following
- One or more of the following zones do not include delegation to its child zone:
. (the root zone)
For information about correcting this problem, click Help.
I went straight to the DNS console and got confused as I couldn’t see any of the common SRV records at the _msdcs and so on.
After reading some threads and looking around I got it fixed and here is how I done it.
First of all you should check your DNS Settings as described here:
If it isn’t helpful you can try to do the same as I did and hack into the cmd ipconfig /registerdns and dcdiag /fix.
After that I restarted the DNS Server and netlogon service. Another dcdiag /a run later it almost ran through as usual and the missing records appeared in the DNS console.
The Servers I tried to join the domain went through the procedure and the problem was solved.
I learned two things.
First … It doesn’t matter how often you’ve done something and you believe it’s going well as everytime, you have to check it to be safe.
In my case I thought I’m installing an ADC as I done it hundred times before. I don’t need the usual check list.
This time I forgot to check the DNS records after setting up the ADC and creating the Domain.
Half a day later after creating dozens of groups, OUs, users and all this … You can image. 😉
Second … The reason of the problem was made by myself as I forgot to set “Register this connection’s addresses in DNS” checkbox at the advanced TCP/IP Settings before I installed the AD.
I’ve done that to avoid an entry to an existing DNS Server. It’s not unchecked by default. 😉
One of the heaps of different threads I found: