Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, November 28, 2019 6:04 AM
Good morning
Please see the multiple BPA errors I get below on my PDC which is also a DNS and DHCP server.
I can guess that for the one warning, I should manually add an exclusion to every scope for the server IP.
The one error message (the IPv4 address should be reachable) I was getting was when there were unresolved forwarders. That problem has been resolved by removing unresolved forwarders, and no DHCP BPA messages came up, but then these popped up recently.
I do not understand why these have cropped up all of a sudden when the results pane was clear. And I am unsure of the control permissions and credentials settings.
Kindest regards
Darren
All replies (10)
Monday, December 2, 2019 6:20 AM âś…Answered
Hi Darren,
The error message means DNS server defined in DHCP scope is not reachable.
>>I've gone through the various scopes for scope options, and see only two scopes that have two unfamiliar DNS entries each.
Based on your description, I think we find the main cause.
Since these DNS IP cannot be resolve, DHCP BPA shows the above error message.
Please remove these unresponsive DNS entries under the option, it will not effect your environment.
For example, if I configure a unreachable IP in the option. The same error messages will show in DHCP BAP.
Best Regards,
Candy
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Thursday, November 28, 2019 8:10 AM
Hi ,
**>>**Credentials for DNS update should be configured if secure dynamic DNS update is enabled and the domain controller is on the same host as the DHCP server.
If you have the DHCP service installed on your domain controller without a service account configured, by default, DNS registrations from DHCP clients will be prevented from being registered and will log event 1056 in event viewer.
Please enter in the User name, domain, password, and confirmation password to the user and click OK.
For your reference:
Here is an good article talking about DHCP Server in DCs and DNS Registrations, you could have a look:
DHCP Server in DCs and DNS Registrations
**>>*****The server should have Full Control permissions to the DHCP registry parameters. ***
The info link will take you to a Microsoft doc with instructions for a simple registry fix.
DHCP: The server should have Full Control permissions to the DHCP registry parameters
Assign the DHCPServer service full control permissions to the DHCP registry:
Best Regards,
Candy
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Friday, November 29, 2019 7:35 AM
Good morning Candy
Thank you very much! I have implemented the registry fix as well as updating the relevant user account for DHCP credentials.
I tried excluding the server address, but could only do it for one scope, as other scopes threw out an error ("The IP address range is not a subset of the overall range"). I have scopes that have in excess of 10 different IP ranges.
I re-ran the BPA scan, and all the errors bar the "IPv4 address of the DNS server should be reachable". I checked my forwarders and following the fix from the other thread you helped me solve, there are no unresolved forwarders.
Where else could I check to resolve that last remaining BPA error? And was that dns server exclusion in the one scope I could enter sufficient to wipe out the relevant exclusion from scopes error, considering there are so many scopes?
You're really helping me whack these errors! Thank you!
Kindest regards
Darren
Friday, November 29, 2019 8:34 AM
Hi Darren,
Thanks for your updating.
Which DNS server you have configured as server option in DHCP?
According to error message, it seems that the DNS server defined in DHCP scope is not reachable.Please change it to PDC itself to do a test.
Best Regards,
Candy
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Friday, November 29, 2019 8:39 AM
Hi there Candy
I don't follow where I am supposed to check for that? Is that under the general server option, the actual server NIC, or within each scope?
Kindest regards
Darren
Friday, November 29, 2019 8:49 AM
Hi ,
Where did you configure the option? In general server option or within each scope ?
If you configure within each scope, please check each scope.
Best Regards,
Candy
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Monday, December 2, 2019 2:02 AM
Hi Darren,
Did you have any updates on this error?
Best Regards,
Candy
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]
Monday, December 2, 2019 6:14 AM
Good morning Candy
I've gone through the various scopes for scope options, and see only two scopes that have two unfamiliar DNS entries each. I've tried NSLOOKUP to both of those addresses but get the non-existent domain return message. One of those addresses was removed recently as an unresponsive DNS forwarder for my other thread.
Will there be any effect if these addresses are removed from the DNS entries under scope options?
Kindest regards
Darren
Monday, December 2, 2019 6:29 AM
Hi there Candy
I've just removed those two addresses from the two scopes and reran the BPA scan, and it shows up clean now.
Thank you very much!
Kindest regards
Darren
Monday, December 2, 2019 6:31 AM
Hi Darren,
You are welcome! Have a nice day!
Best Regards,
Candy
Please remember to mark the replies as an answers if they help.
If you have feedback for TechNet Subscriber Support, contact [email protected]