You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: support/windows-server/active-directory/error-0xa8b-resolve-dns-fail.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,7 +1,7 @@
1
1
---
2
2
title: An Attempt to Resolve the DNS Name of a DC in the Domain Being Joined Has Failed
3
3
description: Provides troubleshooting steps for resolving the Domain Name System (DNS) error code 0xa8b when you join a workgroup computer to a domain.
4
-
ms.date: 03/19/2025
4
+
ms.date: 03/25/2025
5
5
manager: dcscontentpm
6
6
audience: itpro
7
7
ms.topic: troubleshooting
@@ -39,7 +39,7 @@ This error occurs for one or more of the following reasons:
39
39
- The workgroup computer being joined points to an invalid DNS server.
40
40
- The DNS server used by the joining computer is invalid, is missing the required zones, or is missing the required records for the target domain.
41
41
- The target Active Directory (AD) domain contains a problematic DNS name.
42
-
- Network problems exist on either the workgroup computer, the target domain controller (DC), or the network used to connect the client and target DC.
42
+
- Network problems exist on the workgroup computer, the target domain controller (DC), or the network used to connect the client and target DC.
43
43
44
44
## Troubleshooting steps
45
45
@@ -48,7 +48,7 @@ To resolve this error, follow these steps:
48
48
1. Verify that the computer being joined points to valid DNS server IP addresses. Invalid examples include:
49
49
50
50
- Invalid Internet Service Provider (ISP)-provided DNS servers.
51
-
- ISP-provided DNS servers that doesn't host the AD domain zone.
51
+
- ISP-provided DNS servers that don't host the AD domain zone.
52
52
- A stale or nonexistent DNS server on the corporate intranet.
53
53
- A corporate network DNS server that doesn't host the AD domain zone.
54
54
- A corporate network DNS server in an error state that prevents it from loading the `_msdcs.<forest root domain>` or target AD domain zones, or from resolving queries for those zones. Event ID 4521 might be logged.
@@ -58,8 +58,8 @@ To resolve this error, follow these steps:
58
58
- Forward lookup zone for the target AD domain is missing.
59
59
- The `_msdcs` forward lookup zone is missing.
60
60
- The `_msdcs.<forest root domain>` zone doesn't contain a Lightweight Directory Access Protocol (LDAP) SRV record for a DC in the target domain.
61
-
-Host A record is missing from the target AD domain zone.
62
-
-Host A record is present but contains the wrong IP address for the target DC.
61
+
-The host A record is missing from the target AD domain zone.
62
+
-The host A record is present but contains the wrong IP address for the target DC.
63
63
- The host A record is present but was registered by a network interface that isn't accessible to the client computer.
64
64
65
65
3. Check for special names in the target Active Directory domain that require other configuration:
@@ -73,4 +73,4 @@ To resolve this error, follow these steps:
73
73
- A broken Network Interface Card (NIC) on the client computer or the target DC.
74
74
- A broken network link.
75
75
76
-
You can use tools like [nslookup](/windows-server/administration/windows-commands/nslookup) to verify availability and content of DNS records from the client end, and use tools like [ping](/windows-server/administration/windows-commands/ping) or [tracert](/windows-server/administration/windows-commands/tracert) to check reachability of IP addresses. You can use [PortQry](../networking/portqry-command-line-port-scanner-v2.md) to try specific DC UDP and TCP server ports. A starting point for DC server ports is [Configure firewall for AD domain and trusts](config-firewall-for-ad-domains-and-trusts.md).
76
+
You can use tools like [nslookup](/windows-server/administration/windows-commands/nslookup) to verify the availability and content of DNS records from the client end, and use tools like [ping](/windows-server/administration/windows-commands/ping) or [tracert](/windows-server/administration/windows-commands/tracert) to check the reachability of IP addresses. You can use [PortQry](../networking/portqry-command-line-port-scanner-v2.md) to try specific DC UDP and TCP server ports. A starting point for DC server ports is [Configure firewall for AD domain and trusts](config-firewall-for-ad-domains-and-trusts.md).
0 commit comments