Avatar of RTM2007
RTM2007Flag for Afghanistan asked on

Strange - Server will not perform DNS update of it's new IP address (DR scenario) to the domain

We are testing a failover of services for a number of servers. One of those portions is bringing up our Lotus Notes server at a remote office. In our main branch office we have our mail server as and when it comes up in our transatlantic remote office it is on a different IP scheme ( The failover is fine and all services work however, the DNS A record does not update for the domain (even if you do a /flushdns /registerdns manually from the server (which has not taken the same hostname).

The strange thing is that there is even a active DC (GC/DNS/DHCP) at the remote office (

The only way we've gotten this to work is to manually go into DNS management and update the A and PTR record manually.
DNSActive Directory

Avatar of undefined
Last Comment

8/22/2022 - Mon

Is your DNS server setup for only Secure Dynamic updates?  Try to change it to Nonsecure and Secure or change the security permissions on the A record itself.

Are there any errors in the DC's DNS event log?

No errors in the DC's DNS event log.

How do I check if the DNS servers are setup for only Secur Dynamic updates or not?

Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy

In the server's DNS console, right-click the appropriate forward lookup zone and select Properties.  Under the General tab of the properties window, you'll see a dropdown for dynamic updates.  The three options are Secure only, Nonsecure and secure, and None.

It is set to secure only.

Changing to to nonsecure - won't this present a security problem/limitation?

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question

Ok tried that just to test it out. Looks like the problem is still there even though we had both DCs on Nonsecure and secure updates.

Actually, I just checked the event logs and there was a DNSAPI error saying that the computer failed to update the A record and to run a /registerdns manually... I'm a little curious to find out why though. Any ideas on how to troubleshoot?
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.

Post the text of the DnsApi error, if you don't mind.  There may be something in there that indicates why the registration failed.