DNS Registration failing for workstations running in Azure?

Simon Gadsby 26

Hi,

We have:

DNS servers running in Azure. Scavenging is enabled with default settings 7/7
AVD workstations running Windows 11 in Azure. These machines pick up their IP address via DHCP from Azure

According to the docs Windows is supposed to re-register DNS every 24 hours, however we are finding that DNS entries are not being refreshed, and scavenging eventually removes them from DNS.

If we run ipconfig /registerdns on the machine then it re-registers correctly and prevents any issue for another few weeks.

The fault appears to be intermittent, suggesting that some machines do refresh correctly.

Has anyone else seen this? Any suggestions? ipconfig output below.

Thanks,
Simon.

C:\>ipconfig /all

Windows IP Configuration
   Host Name . . . . . . . . . . . . : MYSERVERNAME
   Primary Dns Suffix  . . . . . . . : mydomain.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : mydomain.local
                                       reddog.microsoft.com
Ethernet adapter Ethernet 2:
   Connection-specific DNS Suffix  . : reddog.microsoft.com
   Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter #2
   Physical Address. . . . . . . . . : 00-0D-3A-D1-57-4F
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 10.146.8.6(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Wednesday, 7 August 2024 4:20:28 PM
   Lease Expires . . . . . . . . . . : Saturday, 13 September 2160 11:42:55 PM
   Default Gateway . . . . . . . . . : 10.146.8.1
   DHCP Server . . . . . . . . . . . : 168.63.129.16
   DNS Servers . . . . . . . . . . . : 10.144.8.40
                                       10.160.8.40
   NetBIOS over Tcpip. . . . . . . . : Enabled


PS C:\> Get-DnsServerResourceRecord -ZoneName mydomain.local -ComputerName dnservername -Name MYSERVERNAME | fl

DistinguishedName : DC=MYSERVERNAME,DC=mydomain.local,cn=MicrosoftDNS,DC=DomainDnsZones,DC=mydomain,DC=local
HostName          : MYSERVERNAME
RecordType        : A
Type              : 1
RecordClass       : IN
TimeToLive        : 00:20:00
Timestamp         : 24/07/2024 12:00:00 AM
RecordData        : 10.146.8.6

1 answer

KapilAnanth-MSFT 44,931 Reputation points Microsoft Employee

2024-08-08T10:52:46.03+00:00
@Simon Gadsby ,

Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.

Running DHCP Servers on Azure is more of a recent addition.

See : Can I deploy a DHCP server in a virtual network?

DHCP Server in Azure was previously marked not feasible since the traffic to port UDP/67 was rate limited in Azure. However, recent platform updates have removed the rate limitation, enabling this capability.

Also, You can't use DHCP via Unicast (source port UDP/68, destination port UDP/67). UDP source port 65330 is reserved for the host.

Can you please confirm if the above condition is met?

From your verbatim,

I see the DHCP server is listed as "168.63.129.16"

This is Azure's Wireserver IP which enables the VM to obtain a dynamic IP address from the DHCP service in Azure.

While you may run the DHCP VMs , did you also update the VMs to use these VMs for DHCP?

See : To enable DHCP or change other TCP/IP settings

Can you confirm this has been updated?

Cheers,

Kapil
Please sign in to rate this answer.
Simon Gadsby 26 Reputation points

2024-08-08T13:30:41.37+00:00

Hi Kapil, yes I have read that we can now deploy DHCP servers, however in our case we do not have any DHCP servers deployed. The machine gets its IP from Azure DHCP (wireserver).

The IP is allocated correctly by Azure and everything works except for the re-registration. I believe it may be attempting to re-register to Microsoft public DNS servers instead of our private mydomain.local DNS servers, even though mydomain.local is set as the primary DNS suffix.

Perhaps of relevance is that we do have the following GPO enabled:

Register DNS records with connection-specific DNS suffix
Software\Policies\Microsoft\Windows NT\DNSClient\RegisterAdapterName = 1

however my assumption is that this would not cause any trouble because:

If you enable this policy setting, a computer will register A and PTR resource records with its connection-specific DNS suffix, in addition to the primary DNS suffix.

Simon Gadsby 26 Reputation points

2024-08-09T01:54:13.9733333+00:00

Ok, it looks like the 24 hour re-registration only applies to static IP addresses. The below can be found here but comes from the explain text in Group Policy for "Registration refresh interval":

By default, client computers configured with a static IP address attempt to update their DNS resource records once every 24 hours and DHCP clients will attempt to update their DNS resource records when a DHCP lease is granted or renewed.

Azure leases expire in 136+ years, so it seems that it is per-design that Windows will not re-register!

The answer would therefore seem to be that we have to explicitly schedule the updates via GPO, ie:

Computer Configuration \ Network \ DNS Client \ Registration refresh interval

Enabled

A value of 86400 seconds will cause Windows to re-register once per day as expected.

KapilAnanth-MSFT 44,931 Reputation points Microsoft Employee

2024-08-09T10:03:51.35+00:00

@Simon Gadsby ,

I have limited expertise on GPO however I am glad that you were able to resolve your issue and thank you for posting your solution so that others experiencing the same thing can easily reference this!

Since the Microsoft Q&A community has a policy that "The question author cannot accept their own answer. They can only accept answers by others", I have summarized our discussion and post it as an answer.

I would greatly appreciate if you could Accept the answer and close this thread

Original posters help the community find answers faster by identifying the correct answer.

Thanks,

Kapil

Simon Gadsby 26 Reputation points

2024-08-12T06:17:44.2766667+00:00

That is fine Kapil however I can only see your original answer?

Also I am not 100% sure this is the resolution -- I wonder whether Windows may sometimes be attempting to register with the wrong DNS server (ie. Microsoft public DNS rather than my private DNS), therefore forcing the re-register interval with GPO might just mask the issue by running it more often such that it is more likely to work!

KapilAnanth-MSFT 44,931 Reputation points Microsoft Employee

2024-08-12T06:40:44.07+00:00

@Simon Gadsby ,

To get more clarity on Windows Configuration and GPO, you can consider creating a new thread with the appropriate tags, so that the community experts can address it.

I am afraid my expertise with GPO is limited as mentioned.

Wrt, "I wonder whether Windows may sometimes be attempting to register with the wrong DNS server (ie. Microsoft public DNS rather than my private DNS),"

I am not sure why you would have this observation.

The Windows machines in Azure, should use whatever DNS Servers you specified in the VNET Configuration as the DNS Server.

See : Change DNS servers of a virtual network using the Azure portal

And as long as DHCP settings is configured correctly, the VMs should use the appropriate DHCP servers

Cheers,

Kapil

Simon Gadsby 26 Reputation points

2024-08-12T07:22:35.98+00:00

Ok so Windows is definitely attempting to register with Microsoft Public DNS, resulting in 8003 warning events in the System log per below. I take it this is because the connection-specific suffix is reddog.microsoft.com and we have a GPO set to register using the connection-specific suffix.

Despite these warnings Windows 10 and 11 will sometimes successfully register correctly with the internal DNS servers, and sometimes it will not. Windows Server does not seem to exhibit the same fault. Given that it does not appear to be consistent I wondered whether Windows might be sometimes failing silently, so if we trigger re-registration more often then it is more likely to succeed.

Regardless, if you go ahead and post an answer with the refresh interval GPO I can mark that as answer.

The system failed to register network adapter with settings: Adapter Name : {FB69933F-525E-43AB-A2B8-50AA40043F09} Host Name : MYSERVERNAME Adapter-specific Domain Suffix : reddog.microsoft.com DNS Server list : 10.144.8.40, 10.160.8.40 Sent update to server : 13.107.222.39:53 IP Address(es) : 10.146.8.6 The cause of this DNS registration failure was because the DNS update request timed out after being sent to the specified DNS Server. This is probably because the authoritative DNS server for the name being updated is not running. You can manually retry registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your network systems administrator to verify network conditions.

KapilAnanth-MSFT 44,931 Reputation points Microsoft Employee

2024-08-13T04:41:01.45+00:00

@Simon Gadsby in that case, you can raise a support incident where a support engineer can do a Lab repo and check the logs.

Cheers,

Kapil
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

DNS Registration failing for workstations running in Azure?

1 answer

Your answer