Q. When you configure the Primary DNS Suffix Group Policy setting on a Windows Server 2003-based domain controller or CA (Certification Authority) server you experience difficulty?

Jerold Schulman

July 16, 2006

1 Min Read
ITPro Today logo in a gray background | ITPro Today

Windows Server 2003 experiences problems when you configure the
Computer Configuration / Administrative Templates / Network / DNS Client / Primary DNS Suffix Group Policy setting and apply it to a domain controller or CA server.

On a domain controller, you may have problems when you log onto the domain controller.

On a CA server, the issued certificates may no longer work, the server may not be able to issue new certificates, and subordinate CA servers may no longer be able to connect to the CA server.

This behavior occurs because the DNS client policy engine fails to check the computer's role before applying policy settings to the local TCP/IP stack.

To fix this problem, perform the following steps on the domain controller or CA server:

1. Delete the Primary DNS Suffix Group Policy setting.

2. Open a CMD.EXE window.

3. Type GPUpdate /Force and press Enter.

4. Shutdown and restart the server.


NOTE: See Event ID 5788 and event ID 5789 occur when the DNS domain name and the Active Directory domain name differ?


Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like