Hand a few problems with this error on a new hosted domain controller that uses a VPN to connect back to the head office. Got some tips from Expert Exchange, but to summarise the various steps you should check are simple but effective (and as usual mostly DNS related):
- Check there are no external DNS servers listed
- Checked the localhost DNS server is not listed
- Check that NETBIOS is only enabled over the internal NIC
- Check that the other domain controllers FQDN’s are pingable
- Check that the SRV records under the domain and _msdcs forward lookup zones include all your domain controllers (and only their internal IP addresses)
- Manually trigger the domain controller replication connections through “Active Directory Sites and Services”, expand the server, right click “NTDS Settings” and do “All Tasks” and then “Check Replication Topology”. Make sure you click the Refresh button to see if all the replication links are listed.
- Use netdiag -v and dcdiag -v to isolate any other problems
- Keep restarting the Netlogon service 🙂
I really wish the DNS lookup that Active Directory did was a little more resilient (i.e. if the first DNS server lookup fails then use the secondary).