Symptoms
Instant clones fail to complete customization and fail on the DNS Lookup in Active Directory:The following error is seen on the horizon consoleError during Provisioning Initial publish failed: Fault type is AD_FAULT_FATAL - com.vmware.daas.cloneprep.ldap.LdapException$DnsException: Unable to DNS lookup for _kerberos._tcp.domain.name using DNS provider(s) [dns:]Instant Clone Provisioning fails with a Log Line entry similar to the below in a Connection Server debug file: Location of Horizon (VDM) log files (1027744)
Impact / Risks
In order for a client to authenticate with a Kerberos realm, it needs to be able to resolve the Kerberos realm's DNS name to a Kerberos Key Distribution Center (KDC).The Kerberos protocol uses DNS to locate the KDCs for a realm. The KDCs are identified by a specific DNS record type called a Service Location (SRV) record. The SRV record includes information about the KDC's hostname and the port number it listens on.
Unable to DNS lookup for _kerberos._tcp.domain.name using DNS provider(s) [dns:]
A failure to resolve will impact the domain join process
Resolution
Ensure all basic connectivity checks are performed between the components involved :Horizon agent machine, Horizon Server and Domain Controller Infrastructure
Check the network connection utilizing tools such as ping , telnet. Make sure that the hostnames and IP addresses are correct and can be resolved properly.Check network device settings: Verify that any firewall, load balancer, every network device in the path of each component allows a consistent and permanent connection path to the dns serverDNS server issues: The DNS server you're using may be experiencing issues. You can try changing your DNS server to a different one or examining the logs, events and general health of this DNS server.Verify that the DNS records for the Kerberos realm are set up correctly.Verify that the client can resolve the Kerberos realm's DNS name to a list of KDCs with nslookup.
Related Information
This is a child article of AD_FAULT_FATAL: An Index of Instant Clone Creation Errors returned by Active Directory (91065)
