Unable to Contact, Connect to, or Manage, a DNS Server from DNS Management Console

KB ID 0000559 

Problem

If you open the DNS Management console on a server running an older OS than 2008 R2, then attempt to connect to a 2008 R2 DNS Server you will see this error.

cannot conenct to 2008 DNS Server

You will also see this error on a 2012 Server, whilst attempting to add another DNS Server

cannot conenct to 2008 DNS Server

Error:
Dnsmgmt
Cannot Contact the DNS Server

The specified DNS server cannot be contacted. Some possible reasons include; the DNS server may not be running, there may be network problems, or the computer associated with the specified name or IP address could not be found.

To retry connection, either press F5. or on the Action menu, click refresh.

For more information about troubleshooting a DNS server, see help.

Why this happens

This is normal, 2008 R2 introduced a more secure DNS Management authentication system to prevent “Man in the middle DNS attacks” that had been exploited in earlier versions of Windows.

Solution

The correct way to approach this problem is to accept it, your 2008 R2 Servers are more secure, if you need to manage them do so from the DNS management console on the 2008 R2 server itself. Or install the RSAT tools on a client machine.

You can also change the way it works so you can see and manage it from an older version of Windows. (Note: Be advised Microsoft recommend you do not do this, they turned this on for a reason).

1. Launch a command window (Right click and select run as administrator, or select the cmd icon and press CTRL+SHIFT+ENTER).

connat conenct to 2008 DNS Server

2. Execute the following four commands.

dnscmd.exe /Config /RpcProtocol 7

dnscmd.exe /Config /RpcAuthLevel 0

net stop “DNS Server”

net start “DNS Server”

Note: If you see an Access Denied error, you are probably NOT running the command window as an administrator.

3. You should now be able to connect to and manage the 2008 R2 DNS Server from an older Windows OS DNS Management console.

To Do the same by Directly Editing the Registry

Run the following .reg file

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetservicesDNSParameters] “RpcAuthLevel”=dword:00000000

“RpcProtocol”=dword:00000007

Related Articles, References, Credits, or External Links

Thanks to Noel Reynolds for his patience, and for putting up with my terrible typing 🙂

Original Article Written 20/01/12

Author: Migrated

Share This Post On