Need to add DCs to host file

Question

Need to add DCs to host file

Steph 1

Hello,
My servers (Windows Server 2016 and 2019) are hosted on a private cloud, that I don't manage.
There are multiple VLANs: DCs are not on the same VLAN as servers.
Servers are joined to the domain and are showing from time to time, several time a day error 0XC000005E – “There are currently no logon servers available to service the logon request.” and EventID 5719, NETLOGON - "This computer was not able to set up a secure session with a domain controller". During this, DNS resolution stops.
If I add DCs to the hosts file of each server, errors almost disappear and we are able to use RDP, SQL, ISS, shared folder without issues.
Team in charge of the private cloud tells me there is no issue on domain side, neither on network side.
I highly doubt it :)

Time synchronization is good.
Network card are manually configured and have been checked.
Is there anything i can test to pin point the issue (I've already send a lot of log extract showing 0XC000005E or EventID 5719 errors)?
Thanks,
Steph

Answer 1

Dave Patrick 341.7K MVP

I'd confirm the VPN connectivity is good, also check the required ports are flowing between networks.
https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/config-firewall-for-ad-domains-and-trusts#windows-server-2008-and-later-versions
https://www.microsoft.com/en-us/download/details.aspx?id=24009

--please don't forget to upvote and Accept as answer if the reply is helpful--

Steph 1 Reputation point

2022-02-08T08:51:26.423+00:00

Hi DSPatrick,
There is no VPN between VLANs, only a firewall.
I've tested ports listed in the given link using PortQuery.
Every single port is listening, with a doubt for UDP obvisously. For each TCP/UDP pair, TCP is listening, and the one only on UDP is time service, for which there is no issue (time sync works fine).
Regarding the dynamic client port range, I've tested a few of them (reported when testing port TCP/135 with PortQuery) and each port tested is listening.
Regards,
Steph
Dave Patrick 341.7K Reputation points MVP

2022-02-08T13:35:41.177+00:00

Please run;

Dcdiag /v /c /d /e /s:%computername% >C:\dcdiag.log
repadmin /showrepl >C:\repl.txt
ipconfig /all > C:\dc1.txt
ipconfig /all > C:\dc2.txt
ipconfig /all > C:\dc3.txt

then put unzipped text files up on OneDrive and share a link.
Steph 1 Reputation point

2022-02-08T14:19:41.097+00:00

This is where it gets complicated. I don't have access to DCs, only to client servers.
Is there anything else I can do?
Else, I will ask again the private cloud provider to open a case with Microsoft.
Thanks
Dave Patrick 341.7K Reputation points MVP

2022-02-08T14:26:39.497+00:00

That's an odd and maybe risky situation where you don't have access to your own domain controllers. May want to consider moving to Azure or some other situation. As to microsoft support yes, you can always start a case here with product support.
https://support.serviceshub.microsoft.com/supportforbusiness

--please don't forget to upvote and Accept as answer if the reply is helpful--
Dave Patrick 341.7K Reputation points MVP

2022-02-10T14:18:41.667+00:00

Just checking if there's any progress or updates?

--please don't forget to upvote and Accept as answer if the reply is helpful--

Need to add DCs to host file

1 answer

Activity