Troubleshooting Invalid Domain Errors

This topic discusses resolving the "The specified domain is not a valid domain" error.

Troubleshooting Procedure

1. Verify that you are entering the fully qualified domain name in the domain field and that the domain username and password fields are correct.

2. Ensure that the ports used for LDAP (389) or LDAPS (389 and 636) are open. For more information about the ports used by Secret Server, see Ports Used by Secret Server.

3. Ensure that your server is connecting to the correct DNS server:

   1. Open the command console as an administrator (Start > Run > cmd).

   2. Type ipconfig /all.

   3. Press <Enter>.

   4. Find your primary ethernet adapter and look in the DNS Servers section. Verify that the DNS server is correct.

4. If the DNS server is incorrect, then follow these steps to configure the DNS server:

   1. Open up your control panel (Start > Control Panel).

   2. Click on Network and Sharing Center.

   3. Click Manage Network Connections on the left.

   4. Right click on your primary network adapter and select Properties.

   5. Click Internet Protocol Version 4 (TCP/IPv4).

   6. Click Properties.

   7. Click to select the Use the following DNS server addresses selection button.

   8. Type your primary DNS server in the first row.

   9. If you have a secondary DNS server, put it in the second row.

      Both DNS servers must contain the SRV record for your domain controller.

5. Check that your server is retrieving domain controller DC records correctly:

   1. Open up your control panel (Start > Control Panel).

   2. Type nslookup.

   3. Press <Enter>.

   4. Type set q=srv

   5. Press <Enter>.

   6. Type _ldap._tcp.dc._msdcs.<Fully_Qualified_Active_Directory_Domain_Name>.

   7. Press <Enter>.

   8. If you get a result that looks like:

      _ldap._tcp.dc._msdcs.<Fully_Qualified_Active_Directory_Domain_Name> SRV service location: priority = 0 weight = 100 port = 389 svr hostname = *Domain_Controller_Host_Name*

      Then you are retrieving the DNS record correctly. Otherwise, your DNS records are not correctly configured.

Configuring the DNS Record on Your Server

1. If you are not using a Windows DNS server, contact your vendor to ask how to add SRV records. You will need to add a SRV record pointing _ldap._tcp.dc._msdcs.<Fully_Qualified_Active_Directory_Domain_Name> to your primary DNS server.

2. Connect to your Windows DNS server.

3. Open the DNS control panel (Start >Administrative Tools > DNS).

4. Expand the node corresponding to your server.

5. Expand the Forward Lookup Zones node.

6. Expand the node corresponding to your domain.

7. Delete the _msdcs node if it exists.

8. Right click on the domain node and select New Domain...

9. Type_msdcs as the name.

10. Right click on the new _msdcs node, and select New Domain...

11. Type dc as the name.

12. Right click on the new dc node and select Other New Records...

13. Select Service Location (SRV) as the record type.

14. Click the Create Record button.

15. Select _ldap as the service.

16. Select _tcp as the protocol.

17. Type 389 as the port.

18. Type the fully qualified host name of your DC or the IP address in the Host offering this service: text box.

19. Click the OK button.

20. Click the Done button.

21. Open up the services console (Start > Run > services.msc)

22. Right click on the DNS Server service and select Restart. Your domain DNS record should now be set up.

Resolving Other DNS Issues

Secret Server requires that the DNS is correctly configured to add a domain. For additional tips on tracking down DNS Issues, see this Troubleshooting Active Directory Installation Wizard Problems.

Also ensure the domain controller is using the appropriate DNS. The ipconfig /registerdns command (as per the link above) is frequently helpful for entering the correct DNS entries in for a given domain.