How to repair DCDiag Connectivity test on windows server 2012
We have two Domain controllers on our second domain. Both fail dcdiag connectivity test. Neither can update DNS records, AD won't start because a domain controller cannot be found and all of the certificates on this domain have expired.
When I restart the server it adds dc2001 to the dns zones, rather than dc2001.domain.local which is already there.
When I ping dc2001 I get a reply from fe80::1d61:f361:801a:bbfc%17 time<1ms.
When I ping dc2001.domain.local I get a reply from 10.93.41. with bytes=32 time<1ms TTL-128. I'm not sure why I'm getting the ipv6 address in response rather than the ipv4 address.
I've tried registering DNS and it fails. I've tried disconnecting the DNS zone from AD, and then registering DNS, but it's adding in dc2001 without the FQDN and still can't resolve DNS addresses.
I've tried to add that particular host that is failing the DNS test to the correct spot in DNS. I tried both a hostname and a cname, but the DNS server doesn't seem to be responding even to its own queries.
Any help on next steps, or how to fix this connectivity issue and our domain would be greatly appreciated.
Here is my ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : dc2001
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.local
Ethernet adapter Ethernet1 2:
Connection-specific DNS Suffix . : domain.local
Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter #2
Physical Address. . . . . . . . . : 00-50-56-01-17-08
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1d61:f361:801a:bbfc%17(Preferred)
IPv4 Address. . . . . . . . . . . : 10.93.41.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.93.41.254
DHCPv6 IAID . . . . . . . . . . . : 335564886
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-3C-C0-C4-00-50-56-01-05-9A
DNS Servers . . . . . . . . . . . : 10.93.41.1
10.93.41.3
127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Local Area Connection* 12:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.rwl.local:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domain.local
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Here's my dcdiag fails
Directory Server Diagnosis
Performing initial setup:
Trying to find home server...
Home Server = dc2001
* Identified AD Forest.
Done gathering initial info.
Doing initial required tests
Testing server: Default-First-Site\DC2001
Starting test: Connectivity
The host e9aff47f-e80d-4a27-a362-e790dd8dc3a6._msdcs.domain.local could
not be resolved to an IP address. Check the DNS server, DHCP, server
name, etc.
Got error while checking LDAP and RPC connectivity. Please check your
firewall settings.
......................... DC2001 failed test Connectivity
Doing primary tests
Testing server: Default-First-Site\DC2001
Skipping all tests, because server DC2001 is not responding to directory
service requests.
Running partition tests on : DomainDnsZones
Starting test: CheckSDRefDom
......................... DomainDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... DomainDnsZones passed test
CrossRefValidation
Running partition tests on : ForestDnsZones
Starting test: CheckSDRefDom
......................... ForestDnsZones passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... ForestDnsZones passed test
CrossRefValidation
Running partition tests on : Schema
Starting test: CheckSDRefDom
......................... Schema passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Schema passed test CrossRefValidation
Running partition tests on : Configuration
Starting test: CheckSDRefDom
......................... Configuration passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... Configuration passed test CrossRefValidation
Running partition tests on : rwl
Starting test: CheckSDRefDom
......................... rwl passed test CheckSDRefDom
Starting test: CrossRefValidation
......................... rwl passed test CrossRefValidation
Running enterprise tests on : domain.local
Starting test: LocatorCheck
Warning: DcGetDcName(GC_SERVER_REQUIRED) call failed, error 1355
A Global Catalog Server could not be located - All GC's are down.
Warning: DcGetDcName(TIME_SERVER) call failed, error 1355
A Time Server could not be located.
The server holding the PDC role is down.
Warning: DcGetDcName(GOOD_TIME_SERVER_PREFERRED) call failed, error
1355
A Good Time Server could not be located.
Warning: DcGetDcName(KDC_REQUIRED) call failed, error 1355
A KDC could not be located - All the KDCs are down.
......................... domain.local failed test LocatorCheck
Starting test: Intersite
......................... domain.local passed test Intersite
NSlookup returns:
Default Server: UnKnown
Address: 10.93.41.1
Answer
I was able to solve this by removing DNS zones, and then re-adding them as local zones, not AD zones. Then registering DNS. After that I restarted Netlogon. Then I rebuilt FRS and SYSVOL. AD finally started working, and connection errors were removed.