You run DCDiag and it returns a failure that names can not be resolved.

   testing server: default-first-site-name\mydomain
      starting test: connectivity
         the host 7397e120-1c8d-4f2d-b8cb-d829d16d949a._msdcs.mydomain.local could not be resolved to an
         ip address.  check the dns server, dhcp, server name, etc
         although the guid dns name
         (7397e120-1c8d-4f2d-b8cb-d829d16d949a._msdcs.mydomain.local) couldn't be
         resolved, the server name (myhost.mydomain.local) resolved to the ip
         address ( and was pingable.  check that the ip address
         is registered correctly with the dns server. 
         ......................... myhost failed test connectivity


This is mainly due to bad or non existent DNS records on your AD server. Here are the steps to run through to make sure your Active Directory DNS has the correct records needed to allow Active Directory to function correctly in a Windows 2003 or Windows 2008 environment.


Steps to resolve:

  1. Verify SRV Records

  2.  SRV Records missing after Promo
  3. Verify All DC’s are point to one as “master”, Second to them self or another is better.
  4. Verify DHCP Client Service is running (needed for Dynamic DNS updates)
  5. Run at cmd prompt -> net stop netlogon && net start netlogon
  6. Run at CMD prompt -> netdiag /fix

  7. Re run at CMD prompt ->  DCDiag.exe 
You should now get a passing test when you run dcdiag.exe. You may see the following response to the dcdiag.exe execution.
Testing server: Default-First-Site-Name\MYDOMAIN
Starting test: Connectivity
*** Warning: could not confirm the identity of this server in
the directory versus the names returned by DNS servers.
If there are problems accessing this directory server then
you may need to check that this server is correctly registered
with DNS
……………………. MYHOST passed test Connectivity

Cubert  😎
Tagged with:

3 Responses to “DCDiag fails with the host could not be resolved to an IP address check the DNS server, DHCP, server name, etc although the guid dns name couldn’t be resolved.”

  1. Had Robinson says:

    Nice work – very helpful!

  2. Paul Tassell says:

    Nice article, well put together.

    I had exactly the same problem and had been scratching my head for a while – two existing DCs (2008 R2 & 2012 R2) and I was adding a new 2016 DC – everything seemed to go well, but “Dcdiag /e /test:sysvolcheck /test:advertising” throwing the above error. In my case, stopping and starting netlogon wasn’t enough to create the missing SRV records, I also had to go into DNS for my domain zone and set dynamic updates to “secure and insecure” temporarily – only then would a netlogon restart create the records. Once the changes had propagated round, dynamic updates have been set back to “secure” and all appears well.

    This and the link to the 2nd MS article pointed me in the right direction – so many thanks !

  3. Brad says:

    Nice. I was going crazy trying to figure out why one of my sites wasn’t in DNS. Turns out the Netlogon service was stopped on one of my DCs.

Leave a Reply