Forum Discussion
BPA Errors: DNS can't resolve GC, Kerberos, PDC Resource Record, etc.
Yeah all of that returns the proper server... The only DC1 I have. Decided just for kicks to try ipconfig stuff again as well as restarting netlogon... I've done that before... Re-ran BPA no changes...
I have done all these things with the loopback and the IP address of the server. No difference with either.
If everything work find with DCDIAG /TEST:DNS /V /E, i don't know why BPA tell us something else. Look in the event viewer in the DNS and active directory category and check if you find some error or warning.
did you try BPA via command line ?
In powershell:
Import-Module BestPractices
Get-BpaModel -> give all model available
Invoke-BpaModel -ModelId "Model BPA" -> example: Invoke-BpaModel -ModelId "Microsoft/Windows/DHCPServer"
I didn't read all your first message but perhaps, you did put some modification on your local policy. You can check via rsop.msc, if you have the good setting ?
Access this computer from the network - security policy setting - Windows 10 | Microsoft Learn
Thanks for that AD Replication Status tool... That's helpful for testing. I decided to try all the test and that were all successful for testing...
BPA still gives errors for everything previously stated and the links to resolve the issues don't really help because they just state to make sure DNS IP is correct on the network adapter.
At a loss at this point on what do to moving forward.
when you run the command Get-BPAResult you should have more information who should guide you, like the example below
What you can do to is to test the port of the global catalog. Use the software GitHub - ryanries/ADReplStatus: AD Replication Status Tool and test the port
Quite alright... I figured that part out...
Too much to paste here but it shows all the same errors that the BPA GUI in Server Manager does.
Oups, Sorry i just forgot to tell you, you have to run the last command line:
mport-Module BestPractices
Get-BpaModel -> give all model available
Invoke-BpaModel -ModelId "Model BPA" -> example: Invoke-BpaModel -ModelId "Microsoft/Windows/DHCPServer"Get-BpaResult -ModelId "Model BPA" -> example: Get-BpaResult -ModelId "Microsoft/Windows/DNSServer"
Sorry I'm stupid... Realized I needed to do Get-BPAResult
That still returns the same errors.
No warnings in DNS or Active Directory in Event Viewer.
Trying BPA using Command line returns:
Invoke-BpaModel -ModelId "Microsoft/Windows/DNSServer" ModelId : Microsoft/Windows/DNSServer SubModelId : Success : True ScanTime : 2/15/2025 3:41:01 PM ScanTimeUtcOffset : -05:00:00 Detail : {Name of DC, Name of DC}Runnings BPA in Server manager after this, still returns the errors.