Windows Server 2003 experiences problems when you configure the
Computer Configuration / Administrative Templates / Network / DNS Client / Primary DNS Suffix Group Policy setting and apply it to a domain controller or CA server.
On a domain controller, you may have problems when you log onto the domain controller.
On a CA server, the issued certificates may no longer work, the server may not be able to issue new certificates, and subordinate CA servers may no longer be able to connect to the CA server.
This behavior occurs because the DNS client policy engine fails to check the computer's role before applying policy settings to the local TCP/IP stack.
To fix this problem, perform the following steps on the domain controller or CA server:
1. Delete the Primary DNS Suffix Group Policy setting.
2. Open a CMD.EXE window.
3. Type GPUpdate /Force and press Enter.
4. Shutdown and restart the server.