I was assisting a client of mine on their issue with a new DC that they have install on a remote site. Suffice to say that the new DC is not properly deployed causing a lot of issues such as replication and AD DB inconsistent.
So, I assisted them to make it right. One of the thing that I did was to demote the remote site DC and repromote it back. It should be a quick fix. AD replication was working fine, SYSVOL is shared and NTDS files is synced with other DC. But when we did a test, the remote site user aren’t able to authenticate to the local DC.
To check which site is the user machine in using command prompt
To get which Domain Controller the user/machine is authenticating to
In our case, the user is in the correct site but it’s authenticating to a HQ Domain Controller. When we check the DNS under Forward Lookup > zone_name > _msdsc there is no record for the new DC. same goes in Forward Lookup > zone_name > _msdsc > _tcp.
After googling around, some community member suggest to restart the Netlogon service but it doesn’t work for us.
The search continue for a few hours but I then came to social.technet.microsoft.com (https://social.technet.microsoft.com/Forums/windowsserver/en-US/52675ea9-e4ce-4b46-9994-3ecd37dd61e6/srv-records-are-missing-with-dns-issues?forum=winserverDS) and someone suggested to add a DNS suffix on the NIC card. and check the “Register this connection in DNS” box and restart Netlogon. Voila! The missing SRV record is now has been added correctly in DNS!
- Add DNS suffix under the NIC card IPV4 advanced TCP/IP settings. If your AD domain is abc.com, the put abc.com in the text box.
- Make sure “Register this connection’s addresses in DNS” is check.
- Click OK
- Restart NetLogon service.
- “net stop netlogon” to stop Netlogon service and “net start Netlogon” to start Netlogon service.
- Verify SRV, _ldap records in DNS.