Troubleshooting 'RPC Server is unavailable errors'

It is important to understand the internal name resolution configuration of the environment. Verify which servers are authoritative for the zone and how the client is configured to retrieve the DNS records. In most cases, the client should only point to DNS servers that can resolve the internal domain name.

1. Verifying proper client configuration

• Check local DNS settings under the TCP/IP settings of the network adapter. For more information on verifying TCP/IP settings, see Knowledge Base (KB) article 308199.
• In most cases, the client should not be pointing to an Internet service provider (ISP) for either their Preferred or Alternate DNS server. ISPs commonly do not register the service resource records (SRV) records that are required to locate a domain controller. For more information see KB article 261968.
• Clients should only point to internal DNS servers that can resolve the internal domain, and the internal DNS server should resolve names on the Internet for the clients, which is often done by configuring forwarders on the internal DNS server.

2. Verifying proper DNS server configuration

• In an Active Directory domain, typically a DNS server in a child domain should forward to a DNS server in the parent or root domain. For more information, see KB article 300202.
• As an alternative to forwarding from child to parent, the child DNS server may be configured with a secondary zone for the parent domain. For more information see KB article 313563.
• Microsoft® Windows Server™ 2003 can be configured to forward queries for a specific domain to specific DNS servers (conditional forwarding), and allow normal name resolution for all other domains if desired. In the DNS management tool, right-click the name of the DNS server in the left pane, select Properties, select the Forwarders tab, and then add the domain name under DNS domain, typing the IP addresses of the servers under Selected domain’s forwarder IP list. For more information see article 304491.
• Check for improperly configured forwarders.

1. If a forwarder that the domain name system (DNS) server is using is unable to resolve records for the zone, query it directly using a tool such as Nslookup to verify that the forwarder itself is the problem. For more information see KB article 200525.
2. Verify the DNS server is not configured to forward to non-recursive DNS server. This can be verified by viewing the response from the forwarder in a network trace and checking the DNS Flags field.

3. Verifying proper zone delegation

• Ensure the child zone is properly delegated from the parent. There should be a name server (NS) record in the parent domain for the child domain. The exception is if both child and parent domains are part of the same zone on the same DNS server. For more information see KB article 255248.
• Make sure the zone has not been delegated to a DNS server that is not authoritative for that zone. For more information see the section on delegation in KB article 255248.

4. Verifying configuration of internal root servers

• Windows 2000 has some definite steps that need to be followed besides just modifying the Cache.dns file on the DNS server. For more information see KB article 249868.

5. Verifying proper registration of DNS records

• After verifying settings in client and zone configuration sections, delete the Netlogon.dns and Netlogon.dnb files on the domain controller and restart the Net Logon service. For more information see KB article 259277.
• Verify that the domain controller does not have a disjointed namespace. For more information see KB article 257623.
• Verify Net Logon dynamic updates are not disabled in the registry by checking that the UseDynamicDNS value in the registry key below is not set to 0.
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
• If SRV records are properly registering, and Net Logon A records are not, verify the RegisterDnsARecords value in the registry key below is not set to 0.
  HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
• If a domain controller is not registering a globally unique identifier (GUID),  Net Logon event 5774 referencing the SRV record. Check for an MX (Mail Exchange) wildcard entry. For more information see KB article 325208. Also see KB article 259277 for additional information on Event ID 5774, 5775 and 5781.
• Verify domain controllers that are replication partners in the domain have their GUID registered in the forest root zone.
  Example of domain GUID record:
  Name: e99e82d5-deed-11d2-b15c-00c04f5cb503._msdcs.contoso.com
  Type:  CNAME
  Data:  dc01.contoso.com
  Records for global catalog servers are registered in the forest root domain, regardless of whether the domain controller is in a child domain or a different tree of the forest. The forest root domain is the first domain created in the forest.
  Domain controllers attempting to replicate will initiate a query to Active Directory for their configured replication partner and GUID. They then initiate a DNS query for the CNAME record for the GUID, similar to the record in the example above. If the GUID is not present in the DNS zone, the domain controller will not replicate with that partner.
• Each domain controller must also have a host record registered for their name (CNAME) in the DNS zone.
• Verify that both domain controllers involved in the replication can resolve the above DNS records for each other.
• If there are replication problems in the forest root zone, verify that domain controllers are not pointing to themselves for DNS. As a rule, only one domain controller in the forest root domain should be pointed to itself for either Preferred or Alternate DNS server in their TCP/IP properties setting. All other domain controllers should be pointed to DNS servers other than themselves. For more information see KB article 275278.