Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, January 30, 2018 4:42 PM
Hello,
I have 2 DHCP Servers Windows 2012R2 (Failover) and 5 DCs (2 x 2012R2 and 3 x 2008R2). The DHCP servers are *not* DCs and are in the "DNSnsUpdateProxy" group. Both servers have the same account configured for DNS dynamic update registration. DHCP is configured to always update DNS. My problem is, that DNS Updates work *sometimes*. I checked DNS record permissions and everything seems to be all right (account for dynamic updates is owner of the record). PTR zone is in place. Even new records aren't created sometimes. In the DHCP logs, most errors have DnsRegError "2", but I can't find anything about these errorcodes anywhere.
31,01/30/18,16:36:04,DNS Update Failed,10.50.2.2,MV302684.<DNS-Suffix>,,,0,6,,,,,,,,,2
I also get
31,01/30/18,16:34:07,DNS Update Failed,10.30.243.11,C103008..<DNS-Suffix>,,,0,6,,,,,,,,,1460
but I think this is a special case...
I also see sometimes
1,01/30/18,15:36:18,DNS Update Failed,142.10.250.114,P305114.<DNS-Suffix>,,,0,6,,,,,,,,,9005
Anyone any idea?
__Leo
All replies (13)
Wednesday, January 31, 2018 9:42 AM ✅Answered | 3 votes
Hi ,
>> Do you have any info on how the DHCP server selects which DNS to use for the updates?
In DHCP option 006, you will see the DNS server IP address. DHCP will select the first DNS in option 006 to use for the updates.
Also ,This is where your clients get the list of DNS servers.
Best Regards,
Candy
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, January 31, 2018 5:47 AM | 2 votes
Hi ,
>>31,01/30/18,16:36:04,DNS Update Failed,10.50.2.2,MV302684.<DNS-Suffix>,,,0,6,,,,,,,,,2
As far as I know, this code means that an existing request has been terminated and a new well placed in the end of the queue.
>>31,01/30/18,16:34:07,DNS Update Failed,10.30.243.11,C103008..<DNS-Suffix>,,,0,6,,,,,,,,,1460
error code "1460" means that the DHCP server could not contact the DNS server to register the records, or a DNS server so the request was rejected. Usually such requests due to several communication attempts, to be taken by the DHCP server before considering a DNS server as unavailable, are the main reason for the formation of queues at the check and cause a significant delay on the registration records or even an infinite loop superseded by events.
>>1,01/30/18,15:36:18,DNS Update Failed,142.10.250.114,P305114.<DNS-Suffix>,,,0,6,,,,,,,,,9005
About events have error code "9005", which means the DHCP server cannot update the record as does not have sufficient rights to it. This can happen for records that were created by the client or DNS manually in the DNS console. They have an ACL that does not include an account for registration from the DHCP settings. However, we understand that such errors are not related to the registration of new records and do not affect the delay of registration.
Please run the command of "ipconfig /flushdns & ipconfig /registerdns " and then check if A and PTR records are created.
If it still doesn't work, please try to increase DynamicDNSQueueLength and reduce lease times.
Check the value of the registry key “DynamicDNSQueueLength”, increase it to see if it helps solve your issue.
Reduce the lease duration and decrease the cleanup interval. This can help to speed the reclaiming of expired scope IP addresses.
Best Regards,
Candy
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, January 31, 2018 7:57 AM
Candy,
thank you very much for your reply. Is there a list/document where you can look up the error codes? Would be quite helpful...
Concerning the error "2", I need to investigate what's going on. Is there a log or something where you can see the details? I don't even know, which DNS server the DHCP is talking to.
In regard of "9005", we had a lot of trouble the the DHCP servers couldn't update records that where created by the Windows clients themselves. We created a GPO so the clients don't manage their own DNS records. But we still have a couple of DNS entries where the DHCP "user" has not rights jet. I have a little script to correct this but the GPO is not jet active on all clients, so I have to re-run it occasionally.
The error "1460" is a special case. This error only occurs on special non-Windows hosts that get another, non-AD DNS server pushed by the DHCP options. I suspect that DHCPs are trying to update this DNS server which they can't. Could it be that DHCP is trying to update the DNS server which is pushed for the client by DHCP option?
Thank you!
__Leo
Wednesday, January 31, 2018 8:58 AM
Hi ,
>>*Is there a list/document where you can look up the error codes? *
>>I need to investigate what's going on. Is there a log or something where you can see the details?
There is no list/document to look up these error codes.
If you want to know the details, you might need to use network monitor to trace packet and enable the performance counters to collect data.
Best Regards,
Candy
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, January 31, 2018 9:25 AM
Thanx Candy!
I'm not too keen on sniffing and analyzing Wireshark logs... Do you have any info on how the DHCP server selects which DNS to use for the updates?
__Leo
Wednesday, January 31, 2018 10:01 AM
Ahhhh! Candy, you're great :-)
This explains a lot of things. That's why these "special" clients are never updated (foreign DNS server). They probably even fill up DynamicDNSQueueLength. As Option 6 is set as DHCP server option the same way on all DHCP servers, all registrations are going to the same single DNS server which also is used as primary source for all the clients. Need to think of a way to distribute this w/o the need to go through all the DHCP scopes (~600).
Thanx!!
__Leo
BTW, for anyone who also struggles with this, I found this also quite helpful:
Dynamic DNS registration process can cause queue build up and failures
Wednesday, January 31, 2018 10:15 AM
Hi Leo,
I am pleased to know that the information is helpful to you.
Also ,many thanks for your post and all the efforts so far.
You could mark the useful reply as answer to help other community members find the helpful reply quickly.
Thanks for your understanding.
Best Regards,
Candy
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Monday, March 18, 2019 3:38 PM
Candy, you have saved my life!
Thanks a lot, DNS order was the problem.
Monday, April 29, 2019 9:49 AM
I definitely have the DHCP/DNS configured correctly (DHCP Option 006 has DNS server IP) yet my mobile clients do NOT update DNS when swapping from wireless to wired!
Thursday, January 2, 2020 6:50 PM
Having the same problem. you ever figure anything out here?
Saturday, January 4, 2020 5:02 PM
Sadly not 100%.
It is hit&miss, often miss.
It seems to be behave better since moving to "Secure Only" DNS update
Friday, January 10, 2020 11:52 AM
Hi,
you can force the DHCP-Server to use e specific DNS-Server for updates:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DHCPServer\Parameters\AlternateDnsServer]
"IP_ADDRESS"="192.168.133.7"
(REG_SZ)
Sunday, January 12, 2020 5:07 PM
In my case DHCP & DNS are on the SAME DC server!