Domain Controller not connecting to WSUS 8024402C - most likely caused by DNS

Question

I'm trying to configure WSUS on a domain. All of the clients are working and connecting to WSUS with the exception of the Domain Controller (running Server 2012).

When i check for updates I get the Error Code 8024402C.

Looking at the Windowsupdate log it is trying to get its update from the wsus server, but gets a mixture of 80072ee7 and 8024402C errors.

It seems to be that the Domain Controller is unable to resolve the name of the wsus server.

THe Domain controller is also the DNS server, and has the follwing DNS config in its network settings: Primary: 8.8.8.8 ; Secondary: 4.2.2.2 ; Third: 127.0.0.1

I can ping the WSUS server name from the DC, but cannot look it up with nslookup (nslookup just points at the google dns server 8.8.8.8).

Could the internal DNS server being third priority be causing this issue?

Answer 1

The Domain controller is also the DNS server, and has the follwing DNS config in its network settings: Primary: 8.8.8.8 ; Secondary: 4.2.2.2 ; Third: 127.0.0.1

The domain controller must only use itself and other domain controllers for DNS servers in the network adapter configuration.

Answer 2

You may have configured Google's public DNS servers in the NIC properties of the DC thinking that you needed to do that in order for the DC to resolve external DNS names. If so, what you need to do is to configure Google's public DNS servers as forwarders for the DNS server running on the DC, in the properties of the DNS server from within the DNS management console. Note that the use of forwarders is optional. In the absence of forwarders the DNS server will use the root hint servers for external DNS name resolution.

And as Greg stated, the DC should only use itself and other DC's for DNS, as configured in the NIC properties of the DC.