A client of mine attempted to "troubleshoot" their DC's DNS by wildly adding/removing a bunch of conditional forwarders, stub zones, and forward lookup zone records to the DNS server, writing/erasing each addition/removal from Active Directory (ADDS uses itself as the DNS server). 4 days of no issues later, users who have logged off cannot log back in due to "no logon servers available". Users who stay logged in to their sessions has had intermittent difficulty accessing mapped drives as well.
Logged into the DC and attempted to open dsa.msc and was met with ADDS error dialog stating "Naming information cannot be located because: The specified domain either does not exist or could not be contacted". I was however able to open and access dnsmgmt.msc.
dcdiag /test:dns came back with passing all around with a warning that I didn't have a AAAA record (no IPv6 so this is understandable). I am also able to ping the server's hostname and am also able to ping the domain name as well without issue.
I noticed that SYSVOL and NTDS were not shared, and likewise noticed DfsSvc error in the event log (ID:14550) "The DFS Namespace service could not initialize cross forest trust information on this domain controller, but it will periodically retry the operation. The return code is in the record data" along with event ID 7009 "A timeout was reached (120000 milliseconds) while waiting for the File Replication service to connect." Lo and behold, File Replication service cannot be started because of Error 1053: The service did not respond to the start or control request in a timely fashion".
I hit a brick wall. If anyone has any suggestions or questions, anything would be helpful as I'm at a roadblock here.
Best Answer
My guess is that the issues are a result of all the DNS monkey business that's been going on. My suggestion would be to recreate the AD DNS zones from scratch.
If the AD DNS zones have been mangled beyond hope then you can do this to recreate them from scratch. This answer assumes that the _msdcs.yourdomain.com and yourdomain.com zones are separate, individual zones. Make note of the zone names before following this procedure.
Change the zones from AD integrated zones to standard primary zones (uncheck the "Store the zone in Active Directory" checkbox for the zone type).
Copy (don't move) the zone files to a safe destination (the zone files can be found at %systemroot%\system32\dns).
Change the zones back to AD integrated zones.
Delete the zones.
Recreate the zones.
Create a new delegation in the yourdomain.com zone for the _msdcs zone.
Reboot the server.
Wait.
Recreate any static DNS records from the text copies of the zones.
Your _msdcs.yourdomain.com and yourdomain.com zones should then have been fully and correctly recreated.
If for some reason this doesn't work you have two alternatives:
Perform an authoritative restore of the DC, if you have a backup.
Recreate the original zones from the copies of the zone files that you made.