The process used by Windows computers to find a domain controller to authenticate to is one that is not completely problem fee. In the case that you experience this, here are a couple of quick steps you can do to track down where the problem lies.
- Verify that you have network connectivity, and IP address, and can ping the domain controller you are trying to authenticate to.
- Use the command: nltest /dsgetdc:domainname to ensure that the domain controller can be found for the domain specified.
- Ensure that the server can be found in DNS with the command: nslookup servername.rootdomain.com.
- Ensure that the SRV records for the domain controller are registered in DNS correctly with the command: nslookup guid._msdcs.rootdomain.com.
- Use the Microsoft network monitor utility or another packet analysis application to see the exact step the domain controller locater process is failing on.
***
Chris Sanders is a network consultant for KeeFORCE, one of the most popular network consulting firms in western Kentucky. Chris is the author of the book Practical Packet Analysis as well as several technical articles. His personal website at www.chrissanders.org contains a great deal of information, articles, and guides related to network administration, network security, packet analysis, and general information technology.
