active directory controller not contacted hero

When your users report that they see “an active directory domain controller for the domain could not be contacted” there could be a few different causes for this issue. Most likely, there aren’t any shenanigans happening, which makes this blog different from my usual writing. Users that can’t contact the Domain Controller are most likely having network or hardware issues. A good hacker wouldn’t want to call that kind of attention to their activity –  unless they want to try to steal an administrator login ticket… anyway, this is most likely an easy fix.

active directory controller not contacted 1

In this blog, we will go through the troubleshooting steps and fixes to resolve the “DC can’t be contacted” issue in Windows.

Check If Your Computer Has the Correct IP Address

Step one to troubleshoot the “unreachable DC” issue is to verify that the client has a valid IP address for the network.

The Windows command to print the current IP address and other relevant information is “ipconfig –all.” The output will look like this:

active directory controller could not be contacted 2

First, verify the IP address, does it look correct? If not, reboot the client to get a new IP address and refresh the network stack. If that doesn’t work you might have to go down the hardware rabbit hole, cause not being able to get a DHCP address could be a cable issue or a network card issue.

Once you have the IP address issues squared away, check that the client can ping the DC. From the command prompt enter “ping domain.com” where the domain is the domain you are trying to check.

ping domain

You can also use the “tracert domain.com” command to see all the hops between the client and the DC – it should be very quick.

tracert domain active directory controller

If the DC isn’t reachable from the client, and other clients don’t have the same problem, there could be a bad cable or hardware issue on the client or some device in between. Try a different network jack or use wireless to narrow down the problem.

You can use PowerShell to get the same results with different commands.

Display IP address: Get-NetIPConfiguration –All

display IP

Ping the DC: Test-NetConnection domainname

ping domain controller

Trace the routes to the DC: Test-NetConnection –TraceRoute domainname

trace routes DC

If none of those things work, it could be a configuration issue on the network (DC, DNS) that you need to check – keep reading.

Check If the DNS Zone of the Domain Controller Has an SRV Record

If you made it this far down in the troubleshooting of the “unreachable DC” issue, then you might need to fix your DNS configuration.

In DNS, there is a thing called an SRV record that defines specific services. The SRV record we need is the pointer to the DC, which lives in the Forward Lookup Zone -> domain -> _tcp folder. The entry is named _ldap.Here are a few commands you can run to retrieve this SRV record if you prefer that to the DNS Configuration GUI.

From the cmd prompt on the DC:

nslookup

set type=all

ldap._tcp.dc.msdcs.your_domain_name.com

You should see the name of your DC in the output.

You can also run the following PowerShell to see the same output from any machine on the network here.

check for SRV

If you get a name that isn’t a proper DC, that explains why you are getting the “unreachable DC” error. The system is looking for the DC on the wrong computer. Update this SRV record to point to the correct computer.

active directory controller could not be contacted cheat sheet

Hopefully, one of these solutions helps you resolve the “unreachable DC” issue without having to replace any hardware.  Usually, these issues are client-side network issues and easily diagnosed.

For more troubleshooting tips and tricks, check out Adam Bertram’s PowerShell and Active Directory Essentials course. It’s free, on-demand, and worth 3 CPE credits!

Jeff Petters

Jeff Petters

Jeff has been working on computers since his Dad brought home an IBM PC 8086 with dual disk drives. Researching and writing about data security is his dream job.