I have a Windows Server 2019 AD/DHCP/DNS/SQL server running on an ESXi host. Recently, I have been having trouble with domain trust dying to client machines, and now I am completely unable to join new devices to the domain. The issue appears to be resolving the SRV record for '_ldap._tcp.dc._msdcs.[domain]'.
I have been digging around for some time now, but nothing has been working. I confirmed that:
- The record exists in the DNS host
- The client PC is resolving queries from the DC
- The client PC can ping the domain, the hostname of the server, and the FQDN of the server
- DCDIAG reports no issues with DNS
- There are no issues in the DNS Event Viewer
What is most interesting, is that the DC itself can not resolve this host. I am using:
nslookup
set type=ANY
_ldap._tcp.dc._msdcs.[domain]
I can ping '_ldap._tcp.dc._msdcs.[domain]' as an A record, and it does resolve. It seems that it only will not resolve as a SRV record.
This is from a Windows 10 Pro VM I am using as a clean-slate test: VM PowerShell
Here is the record in the DC: DNS Manager
TY in advance :)
Update: Randomly, the DC decided it could now see the SRV record. Client workstations can not
unable to join new devices to the domain
what occurs when the domain join is attempted? Messages?