Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, November 25, 2009 4:13 PM
My setup:
2003 AD Domain
2000/XP clients
1 DHCP server (running on a Domain Controller) with multiple scopes
All scopes are setup to Enable DNS dynamic updates according to the settings: Always dynamically update DNS A and PTR records, Discard A and PTR records when lease is deleted and Dynamically update DNS A and PTR records for DHCP clients that do not request updates
The DHCP server is listed in the DNSUpdate Proxy group and is using a domain account (which is also in the DNSUpdate Proxy group) for DNS dynamic update registration credentials
2 DNS servers (running on both Domain Controllers): All forward and Reverse lookup zones are AD intergrated, Allow only Secure updates and replicate to all Domain Controllers in the AD Domain
DHCP handles DNS client registration
I am having sporadic issues with clients not being registered in DNS. This is happening no matter what scope a client gets its IP setting from.
I have once entire Reverse Lookup zone that has no records at all in it while there are some associated A records in the Forward lookup zone.
In the DHCP scope that is associated with the empty reverse Lookup zone, the DHCP leases all have the "pen" icon on them.
The DHCP log shows DNS records sucessfully updating at various times during the day but also failing to update:
31,11/23/09,15:54:28,DNS Update Failed,192.168.253.20,PC1.DOMAIN.COM,2,
30,11/23/09,15:54:28,DNS Update Request,20.253.168.192,PC1.DOMAIN.COM,,
31,11/23/09,15:54:28,DNS Update Failed,192.168.253.21,PC2.DOMAIN.COM,2,
30,11/23/09,15:54:28,DNS Update Request,21.253.168.192,PC2.DOMAIN.COM,,
31,11/23/09,15:54:28,DNS Update Failed,192.168.253.23,PC3.DOMAIN.COM,2,
30,11/23/09,15:54:28,DNS Update Request,23.253.168.192,PC3.DOMAIN.COM,,
31,11/23/09,15:54:28,DNS Update Failed,192.168.253.24,PC4.DOMAIN.COM,2,
30,11/23/09,15:54:28,DNS Update Request,24.253.168.192,PC4.DOMAIN.COM,,
-The security in the zone is the default
-No failed logons on the DNS server which is also a DC and a DHCP server
-The IPs listed above are legit. They come from a DHCP scope of 192.168.253.18-192.168.253.111
When trying to run ipconfig/registerdns on a PC that is having issues, here are the DHCP and DNS logs:
DHCP:
31,11/24/09,00:00:35,DNS Update Failed,192.168.253.20,PC1.Domain.COM,2,
30,11/24/09,00:00:35,DNS Update Request,20.253.168.192,PC1.Domain.COM,,
DNS:
20091124 08:33:11 28F0 PACKET 020BAD60 UDP Rcv 192.168.253.20 4a8a Q [0001 D NOERROR] A (10)DC1(3)DOMAIN(2)COM(0)
UDP question info
Socket = 500, recvd on port (65535)
Remote addr 192.168.253.20, port 55587
Time Query=1443102, Queued=0, Expire=0
Buf length = 0x0500 (1280)
Msg length = 0x0023 (35)
Message:
XID 0x4a8a
Flags 0x0100
QR 0 (QUESTION)
OPCODE 0 (QUERY)
AA 0
TC 0
RD 1
RA 0
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 0
NSCOUNT 0
ARCOUNT 0
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(10)DC1(3)DOMAIN(2)COM(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
empty
AUTHORITY SECTION:
empty
ADDITIONAL SECTION:
empty
20091124 08:33:11 28F0 PACKET 020BAD60 UDP Snd 192.168.253.20 4a8a R Q [8085 A DR NOERROR] A (10)DC1(3)DOMAIN(2)COM(0)
UDP response info
Socket = 500, recvd on port (65535)
Remote addr 192.168.253.20, port 55587
Time Query=1443102, Queued=0, Expire=0
Buf length = 0x0200 (512)
Msg length = 0x0033 (51)
Message:
XID 0x4a8a
Flags 0x8580
QR 1 (RESPONSE)
OPCODE 0 (QUERY)
AA 1
TC 0
RD 1
RA 1
Z 0
RCODE 0 (NOERROR)
QCOUNT 1
ACOUNT 1
NSCOUNT 0
ARCOUNT 0
QUESTION SECTION:
Offset = 0x000c, RR count = 0
Name "(10)DC1(3)DOMAIN(2)COM(0)"
QTYPE A (1)
QCLASS 1
ANSWER SECTION:
Offset = 0x0023, RR count = 0
Name "[C00C](10)DC1(3)DOMAIN(2)COM(0)"
TYPE A (1)
CLASS 1
TTL 3600
DLEN 4
DATA 172.16.8.10
AUTHORITY SECTION:
empty
ADDITIONAL SECTION:
empty
All replies (18)
Monday, November 30, 2009 2:01 PM
Still stumped here. Anyone with any incite?
Wednesday, December 2, 2009 1:39 AM
Hi Daveyd123,
Is the "DHCP client service" running on the DHCP server and clients ?Thana
Thursday, December 3, 2009 9:29 PM
Hi Daveyd123,
Is the "DHCP client service" running on the DHCP server and clients ?
Thana
Yes. The DHCP client is running on all clients and the DHCP server.
In today's DHCP log, there are several hundred failures. I took the DCHP server out of the DNSUpdateProxy group. We have 3 DCHP servers but they are in different locations and do not update each others DNS records.
Here are some of todays failures...
25,12/03/09,15:56:59,0 leases expired and 0 leases deleted,,,,
25,12/03/09,15:56:59,0 leases expired and 0 leases deleted,,,,
31,12/03/09,15:56:59,DNS Update Failed,172.16.1.88,PC1.domain.local,-1,
31,12/03/09,15:56:59,DNS Update Failed,172.16.1.89,PC2.domain.local,-1,
31,12/03/09,15:56:59,DNS Update Failed,172.16.1.92,PC3.domain.local,-1,
31,12/03/09,15:56:59,DNS Update Failed,172.16.1.93,PC4.domain.local,-1,
31,12/03/09,15:56:59,DNS Update Failed,172.16.1.94,PC5.domain.local,-1,
31,12/03/09,15:56:59,DNS Update Failed,172.16.1.95,PC6.domain.local,-1,
31,12/03/09,15:56:59,DNS Update Failed,172.16.1.101,PC7.domain.local,-1,
Friday, December 4, 2009 1:54 AM
Hi,
What is your DC's sevice pack level?
And Did you have set the DHCP option for option "015 DNS Domain Name"?Thana
Friday, December 4, 2009 4:26 PM
Hi,
What is your DC's sevice pack level?
And Did you have set the DHCP option for option "015 DNS Domain Name"?
Thana
2003 SP2
Yes. My set DHCP options are 003,006,015,044,045
Wednesday, December 9, 2009 2:57 PM
Hi,
Do you have reverse lookup zone configured? It could be that the failure comes from DHCP not being able to update the PTR record.
Tuomo
Thursday, December 17, 2009 5:45 PM
I am encountering the same problems in my domain. We have the same configuration that you listed.
Two DC Windows 2003 SP2
Active Directory Integration
Forward and reverse lookup configured
Not sure how long this has been happening. We started to notice clients not registering in DNS earlier this week and found the errors in the DHCP log. If we restart the DHCP service the clients update and register in DNS for about an hour with no errors. After an hour the database cleanup runs and the clients start to fail.
Did you resolve your problem and if so how?
Tuesday, December 22, 2009 3:27 PM
Nope. Still have the same issue. Yes, I have Reverse Zones setup. There are even some clients registered int he Reverse zones while some fail. Its hit or miss.
Thursday, January 21, 2010 10:51 PM
Same problem here. I've got two DHCP servers. One works fine, on the other, clients update until the database cleanup runs, then they start to fail. Anybody ever find anything out on this?
Friday, January 22, 2010 4:07 AM
My issue was a result of a couple missing reverse zones in DNS. We have 32 sites and 4 sites were missing. After adding the missing zones all issues cleared up on the next db cleanup.
Tuesday, March 2, 2010 9:09 PM
Did anyone ever resolve this? I am having the same issue. All of the reverse lookup zones are there. I have a case open with Microsoft but it has been a few days and we have not gotten anywhere.
Thursday, August 12, 2010 11:38 AM
Hi
Did you solve this Diaz?
We are having the same problem...
Rgds
/Jan Denmark...
Tuesday, September 7, 2010 6:20 PM
Hello,
Wondering if there was every any update of solution for this issue?
ZT
Tuesday, December 7, 2010 2:04 AM
I am having the same problem. Did anyone locate a fix?
Tuesday, December 7, 2010 4:18 AM
Hi NetGuy,
Did you try configuring DHCP to own all records (by either using credentials or adding the DHCP server to the DnsUpdateProxy group) and configure DHCP to update all clients, whether they can or not, into the zone, as I suggested in your thread in this link?
Ace
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
This posting is provided AS-IS with no warranties or guarantees and confers no rights.
Tuesday, December 7, 2010 4:41 AM
My setup:
2003 AD Domain
2000/XP clients
1 DHCP server (running on a Domain Controller) with multiple scopes
All scopes are setup to Enable DNS dynamic updates according to the settings: Always dynamically update DNS A and PTR records, Discard A and PTR records when lease is deleted and Dynamically update DNS A and PTR records for DHCP clients that do not request updatesThe DHCP server is listed in the DNSUpdate Proxy group and is using a domain account (which is also in the DNSUpdate Proxy group) for DNS dynamic update registration credentials
2 DNS servers (running on both Domain Controllers): All forward and Reverse lookup zones are AD intergrated, Allow only Secure updates and replicate to all Domain Controllers in the AD Domain
DHCP handles DNS client registration
Hey,
In first point, Right click on DHCP Scope and in DNS tab select
"dynamically update DNS A and PTR records only if requested by DHCP clients".
And in Second Point, on DNS Zone in DNS server, select both secure and non-secure updates.
Let me know if that worked.
Thanks
Dinesh
Monday, December 27, 2010 9:30 PM | 1 vote
Just checking back in. For us, the issue was that we had a couple of guest wireless scopes that were set to point to external dns servers. The guest scopes were inhertiting the setting from the server to automatically register with DNS - which they could not do. Instead of just failing, after a time all of our scopes - even those pointing to the internal dns servers would start trying to register with the external servers. We disabled dns updates for the guest scopes and the issue went away. We discovered what was happening after capturing the traffic with netmon. Hope this helps!
Thursday, January 24, 2013 9:22 PM
Crystal, this was exactly our problem here. Thanks!