0

I have a Windows Server 2019 AD/DHCP/DNS/SQL server running on an ESXi host. Recently, I have been having trouble with domain trust dying to client machines, and now I am completely unable to join new devices to the domain. The issue appears to be resolving the SRV record for '_ldap._tcp.dc._msdcs.[domain]'.

I have been digging around for some time now, but nothing has been working. I confirmed that:

  • The record exists in the DNS host
  • The client PC is resolving queries from the DC
  • The client PC can ping the domain, the hostname of the server, and the FQDN of the server
  • DCDIAG reports no issues with DNS
  • There are no issues in the DNS Event Viewer

What is most interesting, is that the DC itself can not resolve this host. I am using:

nslookup
set type=ANY
_ldap._tcp.dc._msdcs.[domain]

I can ping '_ldap._tcp.dc._msdcs.[domain]' as an A record, and it does resolve. It seems that it only will not resolve as a SRV record.

This is from a Windows 10 Pro VM I am using as a clean-slate test: VM PowerShell

Here is the record in the DC: DNS Manager

TY in advance :)

Update: Randomly, the DC decided it could now see the SRV record. Client workstations can not

Improve this question
4
  • unable to join new devices to the domain what occurs when the domain join is attempted? Messages?
    – Greg Askew
    Nov 5 at 5:52
  • "An Active Directory Domain Controller could not be contacted..." "The error was: "DNS name does not exist" "The query was for the SRV record for '_ldap._tcp.dc._msdcs.[domain]'" This is when trying to join a machine to the domain in the sysd,.cpl window.
    – shokoah
    Nov 5 at 5:57
  • LDAP is also required to logon. Are you logging on with cached credentials?
    – Greg Askew
    Nov 5 at 6:22
  • I am using a local admin account
    – shokoah
    Nov 5 at 13:02

0

Reset to default

You must log in to answer this question.