Windows 2000 Professional Cannot Join Windows NT 4.0 Domain with Third-Party DNS Server

A computer that is running Windows 2000 Professional cannot join a Microsoft Windows NT 4.0-based domain using a third-party Domain Name System (DNS) server if the SRV resource records are not supported.

This is a new feature in Windows 2000 DNS server and in newer third-party servers that enables the ability to specify a server on a network that provides a particular service. In Windows 2000, SRV records are checked during logon for the location on the network of the Active Directory servers (the LDAP server).

If the SRV record is returned by the DNS server, Windows 2000-based logon clients attempt to log on to the Active Directory-based domain. If there is no DNS server specified for that computer, or if an SRV record for that service does not exist, Windows 2000 instead attempts to log on to a Windows NT-based network (this is performed by using a WINS lookup or a broadcast for a domain controller).

Windows NT 4.0 DNS servers return an error code that is explicitly checked and recognized by the Windows 2000 Logon service (Netlogon.dll) which instructs Netlogon to attempt to log on to a Windows NT-based domain. However, some third-party DNS servers may return a different error code when a request is made for a resource record that is not supported. In this case, "NOT IMPLEMENTED" is returned by the third-party DNS server, whereas the Windows 2000 Logon service checks for the "REFUSED" error code.

RFC 1035 provides the definition of the DNS message format. Response codes "NOT IMPLEMENTED" and "REFUSED" are defined as follows:

• Not Implemented - The name server does not support the requested kind of query.
• Refused - The name server refuses to perform the specified operation for policy reasons.

According to the RFC, returning "NOT IMPLEMENTED" is the correct response code when querying an unsupported type of resource record.

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language. The English version of this fix should have the following file attributes or later:

Use Windows NT 4.0 DNS, not specifying a DNS server on the client, or use Netdom.

Microsoft has confirmed that this is a problem in the Microsoft products that are listed at the beginning of this article.

For additional information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the article number below to view the article in the Microsoft Knowledge Base: