Background

all Server 2012 VMs...1 domain controller, multiple member servers.  I have only one member server that is having DNS issues.  The problem was first discovered while trying to gpupdate /force, which failed stating there's a lack of network connectivity with the domain controller, event ID 1129.  I looked in the event logs further and there were event ID 8020 "the system failed to register host (A AAA) resource records for network adapter with settings....", there were also events where the time service could not sync with the DC. 

From there I dropped the server from the domain, and then rejoined it without issue.  It still was having the same errors.  I looked in the DNS Manager on the DC, and the record with that IP address had the wrong host name.  I deleted it, and attempted to have the server register the record.  I followed ipconfig /flushdns, and ipconfig /registerdns. Still having the same issues. 

It is part of the domain, trust relationships seem fine.  Any thoughts?  I can't find anything anywhere on that event ID. 

Seems like too few info to decide what is your problem. My very first guess is that there is error in VM settings. Make sure that VMs has disabled time synchronization with host. Secon problem may stem from possible port blocking (try without fw) and third problem in VM may be caused by wrongly setting IP DNS in NIC parameters.

Also start with dcdiag to find the health of AD. Do not remember to delete DNS cache whenever you do any chnages is DNS settings.

Here are references that may help:

https://technet.microsoft.com/en-us/library/cc727335(v=ws.10).aspx

If you use DHCP from network router (which is wrong configuration):

https://support.microsoft.com/en-us/kb/2459530

HTH

Milos

Digging deeper, I'm thinking that i may be an issue with dynamic updates.  The client is configured to register the connections addresses in DNS, and the dynamic updates is set to "Secure Only" in the general tab of the properties box of the forward lookup zone...  In Server 2008 there was a dynamic updates tab for adding IP's to an allow dynamic updates list...but I don't see this anywhere in Server 2012. 

Currently the server that is having the issue is the only server that's in a different subnet, so i'm thinking that this particular subnet's ip range isn't in the allow list...if that still exists. 

Please make sure that required ports to reach the DC: https://msdn.microsoft.com/en-us/library/bb727063.aspx

As for DNS updates, you can read the WIki I started here: http://social.technet.microsoft.com/wiki/contents/articles/21984.how-to-secure-dns-updates-on-microsoft-dns-servers.aspx

I believe I'm getting somewhere now.  I had another server drop from being able to work with the DC, so that caused me to dig around.  As it turns out, the Domain Controllers system drive was nearly full, and throwing all kinds of erros with NTP, SYSVOL, Group Policy, etc.   So I expanded the drive and no more error messages on the DC.  Now my issue is that DNS is throwing the error message "name resolution policy table has been corrupted".

This is infuriating now....I can't for the life of me get to the bottom of this. This is now occurring on two member servers as follows.

- can't logon with a domain account "the sign-in method you're trying to use isn't allowed"

         I had the "allow log on locally" policy set to allow domain-admins, can't change this due to GPO failing anyway.

- Group Policy fails

In the GroupPolicy event log, i get a "Error: Retrieved account information.  Error code 0x5"

In the System event log, i get a GroupPolicy failed because of lack of network connectivity to the domain controller.

If I run RSOP, I get an error: Access denied

It would appear that I'm able to register the DNS now, but the GPO failing seems to be related

Hi Mike__M,

>>Now my issue is that DNS is throwing the error message "name resolution policy table has been corrupted

Please try to fix the problem with registry.  Try to browse HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DnsClient, and make the related settings

For more information you could check the article below:

https://technet.microsoft.com/en-us/library/ee649182(WS.10).aspx

Before you make changes to a registry key or subkey, we recommend that you export, or make a backup copy, of the key or subkey. You can save the backup copy to a location you specify, such as a folder on your hard disk or a removable storage device.Before you make changes to a registry key or subkey, we recommend that you export, or make a backup copy, of the key or subkey. You can save the backup copy to a location you specify, such as a folder on your hard disk or a removable storage device.

>>Group Policy fails: In the GroupPolicy event log, I get an Error: Retrieved account information.  Error code 0x5". In the System event log, i get a GroupPolicy failed because of lack of network connectivity to the domain controller. If I run RSOP, I get an error: Access denied

As you said, it may be still a DNS problem.  Could you please have a try to ping the DC to check whether DNS can resolve the DC or not. Whats more, please show the setting of DNS to us.

Best Regards

Mary Dong