DNSSEC Trust Points missing from DNS manager on Server 2016

For some odd reason I found myself lacking the Trust Points sub-directory on Windows Server 2016 on two of my three test domain controllers while configuring DNSSEC. Why? I have no idea. All three were deployed with the same image and I’ve configured all three side-by-side.

DNSSEC DNS Snap-InThe annoying part: even after zone signing on the FSMO role holder DC1 and ensuring propagation throughout the test domain, DNSSEC still reported as not enabled on two of the three DCs.

The fix (for me)?

I re-ran this elevated command on the two DC’s and Trust Points automagically appeared:

DnsCmd.exe [server name here] /Config /enablednssec 1

Leave a Reply

Your email address will not be published. Required fields are marked *