Hi All,
Another strange one.
I have a functioning DA setup based on 2012R2 server, and two out of about 100 clients have a strange fault.
The two clients are both Windows 8.1 x64 and fully patched (Dec 2015). Both clients have valid certs from our internal PKI and are receiving DA GPO just like the functioning clients. NRPT entries under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\DnsPolicyConfig are the same as functioning clients.
The clients are NOT effectively able use DA, but are (1) able to browse the internet, (2) launch DNS queries against the DA server for CorpNet resources in the form of "nslookup -q=aaaa sui0ntda02.corpnet.net fd3a:c413:822f:4444::1". If I plug the IPv6 IP address in to a program, it connects fine to internal CorpNet resources. However, DNS queries for internal resources for regular program, such out Outlook, IE, Firefox, RDP just fail and do no return a value. Eg, "Firefox can't find the server at sui0-wiki.corpnet.net"
98 other workstations connect just find from outside the Corporate network, and both problem workstations work fine on the internal network.
It's as if the DNS service is just flat out refusing to use the NRPT and pushing everything to the local DNS on LAN of the workstation.
No clues in the EventLogs.
Where next might I be able to go digging for gold?