Share via

Clients can't join domain "MyDomain" and the only DC can't resolve it or nslookup it.

Javier Gonzalez 0 Reputation points
2025-10-10T19:16:21.2133333+00:00

This was working fine, then yesterday new pcs would not join domain "MyDomain".

Clients gets this error:

DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain "MyDomain":

The query was for the SRV record for _ldap._tcp.dc._msdcs.MyDomain

The following domain controllers were identified by the query:

calserver-nntc.MyDomain

However no domain controllers could be contacted.

  • DCdiag /test:DNS and Basic test show healthy DC and DNS
  • All Win updates up to date, I restarted server, flushed and register DNS at each change
  • DNS records seem correct. i have a same as parent record A pointing to 10.200.97.125 and NS and SOA pointing to calserver-nntc.MyDomain
  • IP4 on DC points to itself and alt to 127.0.0.1
  • I have done netsh int ip reset AND netsh winsock reset
  • Removed decomissioned server from DNS manager and AD
  • I even swaped NIC cards as these server has 2
  • DC itself still cant resolve NSlookup MyDomain 10.200.97.125

Last step to try is to demote and promote only DC and I want to avoid that if possible, don't want the risk of having to rejoin over 100 computers back to the domain, but i need to fix it or users may start getting non trust issues and getting disjoined from the domain or forced to rejoin and they wont be able too.

I think issue will be solved when i can successfully make DC server resolve the domain with a NSlookup MyDomain

Any more pointers are appreciated.

Windows for business | Windows Server | Directory services | Active Directory
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Domic Vo 22,685 Reputation points Independent Advisor
    2025-10-10T19:49:26.5466667+00:00

    Hi Javier,

    Based on your description, it appears that while DNS queries for SRV records are successful, the domain controller cannot be contacted, and nslookup fails to resolve "MyDomain" from the DC itself. This suggests a potential DNS resolution or network binding issue on the domain controller.

    Here are a few steps we recommend:

    1. Verify DNS Binding on the DC Ensure that the DNS service is bound to the correct NIC and IP address. You can check this in the DNS Manager under Properties > Interfaces.
    2. Clear and Rebuild DNS Cache Run ipconfig /flushdns and ipconfig /registerdns again, followed by restarting the DNS Client and Netlogon services.
    3. Check Hosts File and Firewall Rules Review the hosts file for any incorrect entries and confirm that no firewall rules are blocking LDAP or Kerberos traffic.
    4. Run nltest /dsgetdc:MyDomain This can help identify whether the DC is discoverable and reachable from the client perspective.
    5. Review Event Logs Check Event Viewer > System and DNS logs for any recent errors or warnings that may provide additional clues.

    If this guidance proves helpful, feel free to click “Accept Answer” so we know we’re heading in the right direction 😊. And of course, I’m here if you need further clarification or support. T&B, Domic

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.