0

I have client with a server with four vm's One is primary dc and another backup dc. There was an error generated with windows time service. The recommendation was to add/ change the logon to NTauthority\ localservice. I believe it was changed from Windows Firewall.

Server Names:

LWWserver1 (PDC) LWWserver2 VMServ01 (Backup Domain controller) VMServ02

DCDIAG runs successfully on LWW server 1 and fails on VMserv01

There are the notes from event viewer:

Dynamic registration or deletion of one or more DNS records associated with DNS domain 'DomainDnsZones.WINSLOW.LOCAL.' failed. These records are used by other computers to locate this server as a domain controller (if the specified domain is an Active Directory domain) or as an LDAP server (if the specified domain is an application partition).

Possible causes of failure include:

  • TCP/IP properties of the network connections of this computer contain wrong IP address(es) of the preferred and alternate DNS servers
  • Specified preferred and alternate DNS servers are not running
  • DNS server(s) primary for the records to be registered is not running
  • Preferred or alternate DNS servers are configured with wrong root hints
  • Parent DNS zone contains incorrect delegation to the child zone authoritative for the DNS records that failed registration

USER ACTION
Fix possible misconfiguration(s) specified above and initiate registration or deletion of the DNS records by running 'nltest.exe /dsregdns' from the command prompt on the domain controller or by restarting Net Logon service on the domain controller.

The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

The DFS Replication service failed to contact domain controller to access configuration information. Replication is stopped. The service will try again during the next configuration polling cycle, which will occur in 60 minutes. This event can be caused by TCP/IP connectivity, firewall, Active Directory Domain Services, or DNS issues.

So now they are unable to access the active directory to login.

Improve this question
New contributor
docs is a new contributor to this site. Take care in asking for clarification, commenting, and answering. Check out our Code of Conduct.

0

Reset to default

You must log in to answer this question.