Firstly verify any DNS servers:
ipconfig /all
Sample output: 10.1.1.1
and ensure they are (all) responding with e.g.:
cmd
nslookup
server 10.1.1.1
google.com
if fails check with telnet e.g. (assuming the DNS server is running over TCP):
cmd
telnet 10.1.1.1 53
and verify you get a response.
We can check if the netlogon service is able to communicate with our DNS server with:
nltest /query
we can also verify the last state of the secure channel created between the client and DC with:
nltest /sc_query:yourdomain.internal
(This will also inform you of which DC the channel was created with.)
We can also attempt to reset this with:
nltest /sc_reset:yourdomain.internal
or alternatively use sc_verify (this won't break the exisiting secure channel unless it's not established):
nltest /sc_verify:yourdomain.internal
If the issue is related to more than one client it could be due to loss of network connectivity or a DC related issue - to check the DC we can issue:
dcdiag /a
No comments:
Post a Comment