Hi,I am currently setting up a remote office which will have 4-5 server published behind an ISA server which will be linked to our main office using ISA site > site VPN.One of the remote office servers is the DC + DNS.At present, I am trying to configure everything before connecting the site > site VPN, so as to make sure it all works should the VPN fail/link go down.All of the machines can see each other, and DNS functions in that NSLOOKUP returns expected results.Problem is, when I try to join one of my machines to the domain, I get this error:'An active directory domain controller for the domain <mydomain> could not be contacted'I had a look at c:\windows\debug\dcdiag.txt, which I have pasted the contents of below.So, from what I can work out, if I connect to my main office, this will work. However, this raises a few questions:a) How will I know what DC it is authenticating against?b) If this needs to be connected to my main office to work, I have no resiliance should the link go downI believe from this that there is some configuration error on my remote office DNS server, quite what I don't know!Any help/advise will be much appreciated.Many Thanks. The domain name perspicuity might be a NetBIOS domain name. If this is the case, verify that the domain name is properly registered with WINS. If you are certain that the name is not a NetBIOS domain name, then the following information can help you troubleshoot your DNS configuration. The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller for domain <mydomain>: The error was: "DNS server failure."(error code 0x0000232A RCODE_SERVER_FAILURE) The query was for the SRV record for _ldap._tcp.dc._msdcs.<mydomain> Common causes of this error include the following: - The DNS servers used by this computer contain incorrect root hints. This computer is configured to use DNS servers with the following IP addresses: 10.0.0.5 - One or more of the following zones contains incorrect delegation: <mydomain>. (the root zone) For information about correcting this problem, click Help.

You use Active Directory Sites and Services to control which DC the clients use for login. Create a second site and link it to the subnet used at the branch office. Then move the branch DC into the new site. It is a good idea to set up a secondary zone on the DNS server in the branch to hold a copy of the primary zone at the main office. Machines in the branch office can then resolvenames locally rather than over the VPN link.Bill