Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Tuesday, August 13, 2019 11:58 PM
My issue is similar to the one posted here at the link below.
However, unlike the poster in the link above, this event ID occurs on all of our Windows 10 machines (1709 and 1809 is what we have). It has since we started rolling out Win 10. We are a single domain\forest with 2 domain controllers (2008 R2). Our clients do not have DNS issues (Internet, mail, etc. all work). The machines register in our forward and reverse zones just fine......so I don't know why the event log indicates the refusal. Some machines have more frequent instances of this event (several per day) while others only have 1 per day.
So, I don't know if this is a Windows 10\Domain Controller functional level "issue" (our Windows 7 machines do not have this message in their event logs). Our DNS only accepts Secure updates.....is this Windows 10 trying a non-secure update first? I don't want to untick "Register this connection's addresses in DNS" as I don't see that as a fix, rather a band aid.
Our clients get their IP addresses from our Windows DHCP server. Maybe I need to post in the server forum as well?
All replies (3)
Thursday, August 15, 2019 8:47 AM ✅Answered
Hi,
Thanks for your update.
In the first link, the steps to troubleshoot the problem are this:
Try to set the zone to non-secure to see if it works. If it works, it is a Kerberos authentication problem on the client. Of course, it is not recommended to change the Kerberos settings. To solve this problem, the solution is to increase the domain functional level.
“but the scenario was a bit different (2012 DC's, windows 8.1 clients, etc.)”—>
About the issue you mentioned, in this link, although DC is Windows server 2012, the domain functional level is Windows server 2008 r2, so I would suggest that you can try this method to see if the problem can be solved.
Best regards,
Abby
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, August 14, 2019 5:33 AM
Hi,
Thanks for posting here.
The warning is recorded because Windows 10 is configured to register its IP address in DNS and the DNS server responsible for the computer’s host name does not accept dynamic updates for that name from the computer’s current IP address.
I found a similar post in the forum.
For your reference:
In addition, “Our DNS only accepts Secure updates.....is this Windows 10 trying a non-secure update first? “—> Secure dynamic update process is described as follows:
- Client queries local DNS server to locate authoritative server
- Client queries authoritative server to confirm
- Client attempts non-secure update, which is refused by a server configured for secure updates
- Security Context negotiation using the TKEY RR to verify each other’s identify
More information about secure dynamic update please refer to the following article:
Hope it helps.
Best regards,
Abby
Please remember to mark the replies as answers if they help and unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact [email protected].
Wednesday, August 14, 2019 2:13 PM
Hello and thank you for responding. I read that article as well (the 1st one you referenced) but the scenario was a bit different (2012 DC's, windows 8.1 clients, etc.) so I didn't pay attention to it (the "fix" was raising his DFL). Regarding the 2nd link\article, I wasn't sure if it is still valid given its age, it is from 2010 and is discussing Windows 2000. So, if I understand the article correctly, the Warnings that I am seeing in the System Event logs of my Windows 10 machines is due to the fact that they try to perform a nonsecure update first...which fails?
Jason