Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 617
  • Last Modified:

Domain clients not showing in DNS

I have a windows 2003 Domain. My clients used to show up in DNS but recently, no clients are registering their addresses anymore in DNS. The servers are listed in DNS but not the clients. Any help to begin troubleshooting this would be great.

Thank you!
0
dsheltzel
Asked:
dsheltzel
  • 11
  • 6
  • 4
  • +1
1 Solution
 
TheCapedPlodderCommented:
Is your DNS active directory integrated?

Are you looking at the DNS zone on the clients primary DNS server?

Try running ipconfig/registerdns from a client, does it appear on the primary DNS server?
0
 
dsheltzelAuthor Commented:
Yes
Yes
I tried - the client addresss does not show up in DNS.
0
 
TheCapedPlodderCommented:
How odd.

Can you ping the client by FQDN from the DNS server?

Do you have any errors in the System Event log of either the client of DNS server relating to DNS?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
dsheltzelAuthor Commented:
I can ping clients just by name without FQDN from the DNS Server, yet they are not listed in DNS. There are no DNS server erros  in the event log either.
0
 
TheCapedPlodderCommented:
How about with FQDN though or by using NSLOOKUP?
0
 
dsheltzelAuthor Commented:
no, i cannot ping it via FQDN from the DNS server.
0
 
TheCapedPlodderCommented:
Have you enabled Secure Dynamic Updates on the Zone in question?

If so, try relaxing this setting and running ipconfig /registerdns again - just for troubleshooting purposes.
0
 
dsheltzelAuthor Commented:
Do I change it to Nonsecure and Secure or to none for troubleshooting?
0
 
TheCapedPlodderCommented:
Try nonsecure and secure first and if you don't get a result, set it to none for the second pass!
0
 
dsheltzelAuthor Commented:
ok they showed up in DNS now when it is set to Nonsecure and Secure. So what does this mean?
0
 
dsheltzelAuthor Commented:
So now all of my clients including print servers, WAP's, POC's are all updating in DNS. What would be blocking secure updates? Is there somewhere I should start?
0
 
Hypercat (Deb)Commented:
Take a look at this article - setting up the DHCP Proxy user/group may resolve your issues; particularly read the section labeled "Use the DnsUpdateProxy security group":

http://support.microsoft.com/kb/816592/en-us

0
 
dsheltzelAuthor Commented:
One of my DC's is actually running DHCP and it is a member of the server is a member of the DnsUpdateProxy security group.
0
 
dsheltzelAuthor Commented:
So If I have the DHCP service run under a service account, what permissions does this account need. I cannot find the answer to this question. The other article I read said that using the proxy group was not secure. Any suggesstions?
0
 
dsheltzelAuthor Commented:
ok - interesting news. Under my DHCP options, I had a service account that no longer existed as the credentials for my DNS Update Credentials. I have now created a new service account in AD and used this as the settings here. The question is, what group does this user need to be a member of for this to work successfully?
0
 
Hypercat (Deb)Commented:
The account used to start the DHCP service doesn't have anything to do with the DNS dynamic updating procedure.  If you don't use a special DHCP proxy user account, then I believe the updates are done using the machine account itself.  

The article I cited has a procedure in it to make the updates secure using a special DHCP proxy user ID and password.  This is how I have mine set up.  You create the user name and password and then set it in the properties of your DHCP server - in the DHCPmgmt.msc, right-click the "DHCP" object, go to Properties, Advanced tab, Credentials button.
0
 
dsheltzelAuthor Commented:
That is how I set it up now. I have created a user and set the credentials in the DHCP properties under the DNS Dynamic update registration credentials. My question is, does this user account need to be a member of any groups? The article I couldnt find if it said it needed to be in any groups in AD.

Thanks!
0
 
Hypercat (Deb)Commented:
It has to be a member of the DNSUpdateProxy group only.
0
 
dsheltzelAuthor Commented:
OK - I have made these changes and now I need to wait it out for a few days to see how it all flows. I will post in a couple days. Thanks for the help guys.
0
 
kadadi_vCommented:
Did you check with netdig.exe utility....?


Regards,
VIjay Kadadi
0
 
TheCapedPlodderCommented:
Split between http:#a21847471 and http:#a21848268

Cheers,

Plod
0
 
Hypercat (Deb)Commented:
I agree.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 11
  • 6
  • 4
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now