I have a freshly setup AD forest with a single DC. I have successfully joined many clients to the DC. I am wanting to add an additional DC that is connected to the first network via IPSec. The IPSec is handled by the routers at each site. All traffic is trusted between these networks. I have set the primary DNS of the new server to the IP address of the established DC. I am able to ping by both FQDN, and IP to and from both servers. DCDIAG and NETDIAG both report no errors on the DC. I have tried reinstalling DNS on the primary DC, and it was successful, and once again passed DCDIAG and NETDIAG. Have also restarted both servers multiple times after this. There is a working reverse zone setup as well on the primary DC. When I try to add the additional DC I receive this error: DNS was successfully queried for the service location (SRV) resource record used to locate a domain controller for domain domain.com: The query was for the SRV record for _ldap._tcp.dc._msdcs.domain.com The following domain controllers were identified by the query: fortmyers.domain.com Common causes of this error include: - Host (A) records that map the name of the domain controller to its IP addresses are missing or contain incorrect addresses. - Domain controllers registered in DNS are not connected to the network or are not running. The A record does exist, and is setup properly. Can anyone assist with this issue? Thanks.

- are both networks definied and assigned in "sites and services"? - can you ping the hostname of each server (not fqdn)? - are you able to access the admin shares of both servers? e.g. \\server\c$ - have you tried dcdiag /test:dns for a deeper dns check? on both systems? (and could you post its output here?)

I haven't configured sites and services yet because the second server has not joined the domain yet. However, I did just try configuring the proper subnets of each network with no change in the error. I can ping hostnames from each side after manually creating an A record on the first DC pointing to the second server. I can access the admin shares on each side by using the correct passwords as the second server isn't part of the domain yet. Here are the results of the DNS check you requested: Domain Controller Diagnosis Performing initial setup: Done gathering initial info. Doing initial required tests Testing server: FortMyers\FORTMYERS Starting test: Connectivity ......................... FORTMYERS passed test Connectivity Doing primary tests Testing server: FortMyers\FORTMYERS DNS Tests are running and not hung. Please wait a few minutes... Running partition tests on : ForestDnsZones Running partition tests on : DomainDnsZones Running partition tests on : Schema Running partition tests on : Configuration Running partition tests on : domain Running enterprise tests on : domain.com Starting test: DNS ......................... domain.com passed test DNS I also have tried joining the domain from the second server with the same error. Prior I was just running dcpromo trying to add the domain as an additional directly.

Are you sure you can resolve _ldap._tcp.dc._msdcs.domain.com on the new/remote server? If true, try to connect to the the ldap port via telnet or portqry. (Default Port is 389)? Does it succeed? You can also run rping to verify that rpc communication is working between these two machines. downloads: Portqry: http://www.microsoft.com/downloads/details.aspx?familyid=89811747-c74b-4638-a2d5-ac828bdc6983&displaylang=en rping: http://www.microsoft.com/downloads/details.aspx?FamilyID=9D467A69-57FF-4AE7-96EE-B18C4790CFFD&displaylang=en

portqry responded with the following: C:\PortQryV2>PortQry.exe -n domain.com -e 389 Querying target system called: domain.com Attempting to resolve name to IP address... Name resolved to 59.5.0.5 querying... TCP port 389 (ldap service): LISTENING Using ephemeral source port Sending LDAP query to TCP port 389... LDAP query response: currentdate: 05/09/2010 13:13:53 (unadjusted GMT) subschemaSubentry: CN=Aggregate,CN=Schema,CN=Configuration,DC=domain,DC=com dsServiceName: CN=NTDS Settings,CN=FORTMYERS,CN=Servers,CN=FortMyers,CN=Sites,CN=Configuration,DC=domain,DC=com namingContexts: DC=domain,DC=com defaultNamingContext: DC=domain,DC=com schemaNamingContext: CN=Schema,CN=Configuration,DC=domain,DC=com configurationNamingContext: CN=Configuration,DC=domain,DC=com rootDomainNamingContext: DC=domain,DC=com supportedControl: 1.2.840.113556.1.4.319 supportedLDAPVersion: 3 supportedLDAPPolicies: MaxPoolThreads highestCommittedUSN: 442503 supportedSASLMechanisms: GSSAPI dnsHostName: fortmyers.domain.com ldapServiceName: domain.com:fortmyers$@DOMAIN.COM serverName: CN=FORTMYERS,CN=Servers,CN=FortMyers,CN=Sites,CN=Configuration,DC=domain,DC=com supportedCapabilities: 1.2.840.113556.1.4.800 isSynchronized: TRUE isGlobalCatalogReady: TRUE domainFunctionality: 2 forestFunctionality: 2 domainControllerFunctionality: 2 ======== End of LDAP query response ======== Also note I tried dcpromo from another server on the second network, and it all looked good. I believe there might be something else to play on this second server.

Since I wasn't to far into this server setup, and had a colleague setup the OS initially I decided to reformat, and reinstall over KVM/IP. After the reinstall everything is working as expected. I am guessing something might of been corrupted during the initial install. Thanks for your suggestions!