Solved

Domain clients not showing in DNS

Posted on 2008-06-23
23
591 Views
Last Modified: 2010-05-18
I have a windows 2003 Domain. My clients used to show up in DNS but recently, no clients are registering their addresses anymore in DNS. The servers are listed in DNS but not the clients. Any help to begin troubleshooting this would be great.

Thank you!
0
Comment
Question by:dsheltzel
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 6
  • 4
  • +1
23 Comments
 
LVL 13

Expert Comment

by:TheCapedPlodder
ID: 21847185
Is your DNS active directory integrated?

Are you looking at the DNS zone on the clients primary DNS server?

Try running ipconfig/registerdns from a client, does it appear on the primary DNS server?
0
 

Author Comment

by:dsheltzel
ID: 21847250
Yes
Yes
I tried - the client addresss does not show up in DNS.
0
 
LVL 13

Expert Comment

by:TheCapedPlodder
ID: 21847277
How odd.

Can you ping the client by FQDN from the DNS server?

Do you have any errors in the System Event log of either the client of DNS server relating to DNS?
0
Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

 

Author Comment

by:dsheltzel
ID: 21847324
I can ping clients just by name without FQDN from the DNS Server, yet they are not listed in DNS. There are no DNS server erros  in the event log either.
0
 
LVL 13

Expert Comment

by:TheCapedPlodder
ID: 21847340
How about with FQDN though or by using NSLOOKUP?
0
 

Author Comment

by:dsheltzel
ID: 21847413
no, i cannot ping it via FQDN from the DNS server.
0
 
LVL 13

Expert Comment

by:TheCapedPlodder
ID: 21847444
Have you enabled Secure Dynamic Updates on the Zone in question?

If so, try relaxing this setting and running ipconfig /registerdns again - just for troubleshooting purposes.
0
 

Author Comment

by:dsheltzel
ID: 21847462
Do I change it to Nonsecure and Secure or to none for troubleshooting?
0
 
LVL 13

Expert Comment

by:TheCapedPlodder
ID: 21847471
Try nonsecure and secure first and if you don't get a result, set it to none for the second pass!
0
 

Author Comment

by:dsheltzel
ID: 21847503
ok they showed up in DNS now when it is set to Nonsecure and Secure. So what does this mean?
0
 

Author Comment

by:dsheltzel
ID: 21847709
So now all of my clients including print servers, WAP's, POC's are all updating in DNS. What would be blocking secure updates? Is there somewhere I should start?
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 21847755
Take a look at this article - setting up the DHCP Proxy user/group may resolve your issues; particularly read the section labeled "Use the DnsUpdateProxy security group":

http://support.microsoft.com/kb/816592/en-us

0
 

Author Comment

by:dsheltzel
ID: 21847851
One of my DC's is actually running DHCP and it is a member of the server is a member of the DnsUpdateProxy security group.
0
 

Author Comment

by:dsheltzel
ID: 21847972
So If I have the DHCP service run under a service account, what permissions does this account need. I cannot find the answer to this question. The other article I read said that using the proxy group was not secure. Any suggesstions?
0
 

Author Comment

by:dsheltzel
ID: 21848147
ok - interesting news. Under my DHCP options, I had a service account that no longer existed as the credentials for my DNS Update Credentials. I have now created a new service account in AD and used this as the settings here. The question is, what group does this user need to be a member of for this to work successfully?
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 21848184
The account used to start the DHCP service doesn't have anything to do with the DNS dynamic updating procedure.  If you don't use a special DHCP proxy user account, then I believe the updates are done using the machine account itself.  

The article I cited has a procedure in it to make the updates secure using a special DHCP proxy user ID and password.  This is how I have mine set up.  You create the user name and password and then set it in the properties of your DHCP server - in the DHCPmgmt.msc, right-click the "DHCP" object, go to Properties, Advanced tab, Credentials button.
0
 

Author Comment

by:dsheltzel
ID: 21848203
That is how I set it up now. I have created a user and set the credentials in the DHCP properties under the DNS Dynamic update registration credentials. My question is, does this user account need to be a member of any groups? The article I couldnt find if it said it needed to be in any groups in AD.

Thanks!
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 21848268
It has to be a member of the DNSUpdateProxy group only.
0
 

Accepted Solution

by:
dsheltzel earned 0 total points
ID: 21848310
OK - I have made these changes and now I need to wait it out for a few days to see how it all flows. I will post in a couple days. Thanks for the help guys.
0
 
LVL 17

Expert Comment

by:kadadi_v
ID: 21848483
Did you check with netdig.exe utility....?


Regards,
VIjay Kadadi
0
 
LVL 13

Expert Comment

by:TheCapedPlodder
ID: 23721894
Split between http:#a21847471 and http:#a21848268

Cheers,

Plod
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 23722874
I agree.
0

Featured Post

Resolve Critical IT Incidents Fast

If your data, services or processes become compromised, your organization can suffer damage in just minutes and how fast you communicate during a major IT incident is everything. Learn how to immediately identify incidents & best practices to resolve them quickly and effectively.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There have been a lot of times when we have seen the need to enter a large number of DNS entries in a forward lookup zone. The standard procedure would be to launch the DNS Manager console, create the Zone and start adding new hosts using the New…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question