Trying to set up a windows domain controller behind a firewall we run into
a weird error message:
DNS was successfully queried for the service location (SRV) resource
record used to locate a domain controller for domain
zandbak.students.cs.uu.nl:
The query was for the SRV record for
_ldap._tcp.dc._msdcs.zandbak.students.cs.uu.nl
The following domain controllers were identified by the query:
BROADCAST.zandbak.students.cs.uu.nl
Common causes of this error include:
- Host (A) records that map the name of the domain controller to its IP
addresses are missing or contain incorrect addresses.
- Domain controllers registered in DNS are not connected to the network
or are not running.
Query successful and these are the common sources of this error. What?
Anyway, after some searching I dig out wireshark to look what is happening.
And the query
SRV? _ldap._tcp.dc._msdcs.zandbak.students.cs.uu.nl. and
answer is followed by traffic to port 389/
udp. Right. Anyway, the hopefully
correct firewall setup is documented by Microsoft:
How to configure Windows Server 2003 SP1 firewall for a Domain Controller.
Again, one of the cases where the actual error and the reported error message
differ.