I'll begin with a cold-start with some background at the end.
While adding a computer to domain 'MyDomain.local' an error occurred:
An Active Directory Domain Controller (AD DC) for the domain
"mydomain.local" cound not be contacted. Ensure that the domain name
is typed correctly. If the name is correct, click Details for
troubleshooting information.
The details message:
DNS was successfully queried for the service location (SRV) resource
record used to locate a domain controller for domain "MyDomain.local":
The query was for the SRV record for
_ldap._tcp.dc._msdcs.MyDomain.local
The following domain controllers were identified by the query:
dc02.MyDomain.local
dc01.MyDomain.local
However no domain controllers could be contacted.
Common causes of this error include:
Host (A) or (AAAA) records that map the names of the domain controllers to their IP addresses are missing or contain incorrect
addresses.
Domain controllers registered in DNS are not connected to the network or are not running.
Using the computer that failed to join the domain, I ran pings, NSLookup, and did a DNS flush. Names and address match. The domain is reachable and DNS is serving up names. I also checked DC01 & DC02 for DNS issues as described in the error details. Nothing found amiss.
While on DC01 & DC02 tests running dcdiag.exe and an error was found on DC02. From dcdiag:
Running enterprise tests on : mydomain.local
Starting test: LocatorCheck
Warning: DcGetDcName(PDC_REQUIRED) call failed, error 1355
A Primary Domain Controller could not be located.
The server holding the PDC role is down.
............................. mydomain.local failed test LocatorCheck
DC01 is the PDC. If running dcdiag on DC01 - no error. Running dcdiag on DC02 - error occurs. Everything says DNS. But I'm not finding anything or just overlooking it.
Checked Active Directory settings: Operations Masters... DC01 has all roles including PDC. Moved PDC role from DC01 to DC02. Tested again. Same error. Doesn't matter which one is PDC.
In DNS Manager, checked IPs and name in MSDCS.mydomain.local (dc_tcp).
Host names match IP addresses.
Name Servers are correctly listed.
Used nltest /dsgetdc:mydomain.local - no errors
Used resolve-dnsname - both DCs are there
I've been at it awhile so I've started to forget some steps/testing.
Requesting help. I am not sure how to focus on communication issues for just the PDC. Or if this is a DNS issue.
A little background info on MyDomain.local...
Build six months ago.
Tested with no errors noted. Definitely could add computers to the domain back then.
Changes since MyDomain.local was built:
- DCs were on a different VLAN and moved to current
- They are using the same IP addresses, but the subnet mask has changed from /22 to /16
- Network Gateway IP was changed on both DCs
- A two-way domain trust was established between MyDomain.local and another domain.
- The trust is between separate forests.
- DNS changes had to be made for trust. Secondary Zone added. DCs from trust added.
- Both MyDomain and trusted domain live on the same subnet.
- MyDomain has DHCP disabled
- MyDomain currently has no computers joined to it
Since the DC IP addresses were not changed, I don't know of any issues that can occur changing the subnet size. Maybe there is setting I missed for the DC's? They still sync with each other.
Enough rambling. Any help will be welcomed. Thank you.
