You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: support/windows-server/active-directory/error-0xa8b-resolve-dns-fail.md
+6-2Lines changed: 6 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -38,7 +38,7 @@ This error occurs for one or more of the following reasons:
38
38
39
39
- The workgroup computer being joined points to an invalid DNS server.
40
40
- The DNS server used by the joining computer is invalid, is missing the required zones, or is missing the required records for the target domain.
41
-
- The target Active Directory domain contains a problematic DNS name.
41
+
- The target Active Directory (AD) domain contains a problematic DNS name.
42
42
- Network problems exist on either the workgroup computer, the target domain controller (DC), or the network used to connect the client and target DC.
43
43
44
44
## Troubleshooting steps
@@ -48,8 +48,10 @@ To resolve this error, follow these steps:
48
48
1. Verify that the computer being joined points to valid DNS server IP addresses. Invalid examples include:
49
49
50
50
- Invalid Internet Service Provider (ISP)-provided DNS servers.
51
+
- ISP-provided DNS servers that don't host the AD domain zone.
51
52
- A stale or nonexistent DNS server on the corporate intranet.
52
-
- A DNS server in an error state that prevents it from loading the `_msdcs.<forest root domain>` or target AD domain zones, or from resolving queries for those zones. Event ID 4521 might be logged.
53
+
- A corporate network DNS server that don't host the AD domain zone.
54
+
- A corporate network DNS server in an error state that prevents it from loading the `_msdcs.<forest root domain>` or target AD domain zones, or from resolving queries for those zones. Event ID 4521 might be logged.
53
55
54
56
2. Verify that all DNS servers configured on the client host the required zones and valid records for a DC in the target domain. Check for the following misconfigurations:
55
57
@@ -70,3 +72,5 @@ To resolve this error, follow these steps:
70
72
71
73
- A broken Network Interface Card (NIC) on the client computer or the target DC.
72
74
- A broken network link.
75
+
76
+
You can use tools like [nslookup](/windows-server/administration/windows-commands/nslookup) to verify availability and content of DNS records from the client end, and use tools like [ping](/windows-server/administration/windows-commands/ping) or [tracert](/windows-server/administration/windows-commands/tracert) to check reachability of IP addresses. You can use [PortQry](../networking/portqry-command-line-port-scanner-v2.md) to try specific DC UDP and TCP server ports. A starting point for DC server ports is [Configure firewall for AD domain and trusts](config-firewall-for-ad-domains-and-trusts.md).
0 commit comments