It’s a common best practice to run the DCDIAG tool in all DC in your forest whenever a significant change has been made, i.e. a new DC has been added or deleted in the forest. With this you are testing if the change you just made was done correctly.

It’s also common that if you have at least two domains in your forest (and the trust relationships in place), when you run dcdiag in any DC you get a message indicating that when the test of replication on a specific server applies, it fails indicating that the “RPC Server is unavailable”.

Well, if you see this message you probably check if that the RPC service is up and running on the server… running in cmd “net start rpcss”. But the command prompt answers you, “don’t worry dude, the service was already running”.

“Alright then…” you say, “Let’s try DCDIAG again”… and you get the same error like the first time…

And then you go like “Hmmmm… why do I keep getting the same “RPC Server is unavailable” error?”

And then I say “I know why dude!”… And then you “You do? Is there any way I can solve it?”…
“Of course, why I’ll be posting something that I don’t know the answer!”… and then…

OK, enough with the theatre…

This issue appears when the configurations between the different DNS servers are not compatible. It’s something like this: you have a correct configuration in a DNS server that forwards any requests that does not belong to his domain ; but in the second domain, the DNS server does not forward the requests that ask for the first domain… was it clear? Let’s do a picture then!

In this graphic, a contoso domain member it’s trying to get something from fabrikam, the DNS Server from contoso receive the request and see that it belongs to fabrikam and forwards the request to the correct DNS Server. But in the other side, a fabrikam user wants to get something from contoso but when it gets the requests, see that it’s not for fabrikam and it does not have anything that says that the request must be forward it to another DNS Server, so can’t solve the user’s request.

After naming “forward” several times you probably know where the problem is: The forwarders on your DNS servers are not set correctly. The most like problem is that having different domains in the same forest, the DNS servers from each domain don’t know were to direct the requests for all the other domains.

Let’s take one server to solve this problem: Access the DNS snap-in of your DNS Server, on “Properties” select the “Forwarders” option and select “New” in DNS Domain and add all the domains in your forest; and put the IP address to the DNS server holding that domain.

In this case, LEONARDO is DNS Server for CORPNET and I’m adding in the Forwarders configuration that any request for EXTRANET, my second domain in the forest, are been forwarded to its DNS Server. In EXTRANET the same configuration must be set, of course

Also there’s another way to solve this problem. You can add an EXTRANET zone in CORPNET Forward Lookup Zones that holds all of the DNS records for this domain. In this case you must also set, in EXTRANET DNS, the properties for this zone, to “Allow Zone Transfers”, letting another DNS server, CORPNET, to also have the records for this zone. But, in my opinion, is also a good idea to not over charge your DNS server with all kind of request, so if it’s not for his domain, forward to the correct DNS server for resolution.

If the error keeps appearing, then you should check the trust relationships between domains. And any other error message that DCDIAG shows in all DCs.

Cheers!