search cancel

Unable to add a new domain in Symantec ClientNet Portal


Article ID: 161496


Updated On:




You are having a problem adding a new domain to the Email Service.


The domain validation stuck in ‘Checking DNS’ status

Make sure that you have added the required TXT record in your DNS zone. Depending on the DNS manager you use, you will need some or all of the following details:

  • Record Type - This should be TXT
  • TTL (Time to live) - This is the time in seconds that other servers should cache the information, 3600 is a common choice
  • Host - This is the domain you want to add the record for (depending on who hosts your DNS, it is common that you might use an @ to represent the master domain and any text entry will mean a subdomain)
  • Value - This is the validation string you receive from the domain addition wizard

A common mistake is adding the validation string to the Host field which means you end up creating a sub-domain with a TXT record, like

You can perform TXT record lookups using public DNS lookup sites. If there is no result then the DNS servers responsible for your domain have not published the record yet.  This may be a matter of propagation on the DNS system or the entry may have been done incorrectly.

These sites can also be used to verify the TTL (time to live) value for the existing TXT record. If the correct TXT string is showing up in the DNS look ups and the domain is still not validated after TTL has elapsed, please contact Support for investigation.

The domain is stuck in inactive status and under registered addresses it shows ‘Sync Now’

This portion of the check will turn green as soon as you sync the addresses using the Schemus tool or add at least one address manually under the Platform menu.  There is no option to add a domain in the portal without registering addresses either manually or via the Schemus sync tool.

The domain is stuck in inactive status and the MX Record section shows as ‘Working’

This may have happened if you pointed the MX records to clusters prior to DNS TXT validation code being added. Domain should not have been pointed to our clusters until the last step (as instructed from the domain addition wizard). Please point the MX records away from our Clusters (for instance to your mail server). Our tech checks run every 30 - 60 minutes. Once the TTL of the MX Records expire and we can detect the change, it should proceed past the working stage and instruct the customer to then point their MX to us.

The domain is stuck in inactive state and under MX records it shows ‘Update Now’

Please change the MX Records to what the wizard has specified. A confirmation email containing the following subject 'Domain MX record and outbound scanning instructions' will be sent to the contact email address specified during the initial wizard setup. Once the domain has completed registration, you can change them to whatever you desire, if for some reason you do not want to leave them directed at the cluster. If you have already changed your MX record to our cluster and the wizard is still showing ‘Update Now’, please contact Support for investigation.

The domain is stuck in inactive state and Inbound Route shows ‘Failed’

It is likely that we are unable to connect to your intended server from our entire infrastructure. Please ensure that we are allowed to connect to your mail server from all our IP ranges (found HERE) and that the server is configured to accept mail for the new domain.

The domain is stuck in inactive status and MX records shows ‘Checking’

At this last stage, the domain should already be provisioned and be visible in Inbound routes, so the mail flow should work. However, until the system sees clusters in the MX records for the domain it will show the domain in the inactive screen. Depending on what the TTL was for the MX record entry, it may take some time for it to see the updated MX record entry, but it will eventually be moved to the Active Domains section.

The option to add a Domain is not available for you

If your services have been purchased through a reseller you must contact the reseller to add new domains for you.  If you have purchased the services directly you may be using a secondary account that has not been given permissions to Manage Domains.  This User Role would need to be added under Administration User Management using the primary login.  If you have been given this role or you are using the primary login and are still unable to access the Add New Domain wizard, please contact Support for investigation.

You have not received the email containing your validation key

Please note that email validation is the recommended option to verify domain ownership, as it is much quicker to provision a new domain and does not rely on DNS propagation for TXT record entries.

The validation email is sent using the current MX Records for the new domain.  If these have already been changed to point to the cluster then the email will fail.  The MX Records should point to your server that accepts mail for the new domain. Even if you have the system locked down to our ranges because you use it for already provisioned domains, the connection will be accepted because it is sent from one of our IPs. You can request to resend the validation email in the domain wizard.  For reference, validation emails containing the key are sent from the following address: [email protected]

You can't add a domain. Error shown: "You cannot add this sub-domain because its parent domain is registered to a different account."

This means that the parent domain, ie, is a registered domain to an existing Email Security.Cloud customer. As such, yourself, also an Email customer, in order to add the domain, permission by the owner of the parent domain would be required.

This restriction is place for security purposes and to ensure only the legit owner of the domain or someone with strict permission of the owner makes use of the subdomain, understand that generally a subdomain falls under the control of the owner of the parent domain.

TLD: com
Domain: mydomain
Subdomain: sub

Create a support case after acquiring required permission, and we'll process the domain on your behalf.