Recently I was cleaning up our DNS system after adding new NICs to the server and during this process I accidentally disabled DNS service on IPv6 protocols. I am perfectly aware of dangers of disabling IPv6 in recent Windows versions(2008 and up) but somehow I decided that DNS servers shouldn’t listen or respond on this addresses. This almost immediately led to an error like below:
PS C:\Windows\system32> repadmin /syncall CALLBACK MESSAGE: Error contacting server ee56bf77-bed1-4c9e-9e7e-147c804e4482._msdcs.domain.local (network error): 1722 (0x6ba): The RPC server is unavailable. CALLBACK MESSAGE: Error contacting server b01a3622-303d-4ac0-b293-556605b6a5cd._msdcs.domain.local (network error): 1722 (0x6ba): The RPC server is unavailable. SyncAll exited with fatal Win32 error: 8440 (0x20f8): The naming context specified for this replication operation is invalid.
Replication of DNS entries was working but GPOs etc. had problems.
What I did was:
- Note the IPv6 address of interfaces that should handle DNS requests on DNS servers and from DCs
- Make sure that IPv6 DNS for each interface that should be on the network has DNS registration enabled(for DCs and DNS at least)
- Enabled interfaces from #1 in the DNS Server properties in all servers so they handle DNS requests for IPv4 and IPv6
Now everything seems to work correctly, repadmin /syncall returns success. Happy days!