Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

MS 2003 Server - System Event ID 11166 Source  DnsApi  Errors since change of DNS server

Posted on 2009-06-30
7
Medium Priority
?
1,707 Views
Last Modified: 2012-06-21
Recently die to harware faikure
Due to hardware failure a Microsoft 2003 Domain, it was reqiured to create a new DC/DNS server. A secondary DC was built and all roles switched i.e. DC-01 is now GC abd holds FSMO roles new DC is a GC but holds no FSMO roles. All servers in the domain are configured to use DC-01 and DC-01 as their DNS servers.
Since this introdiction of the new DC (dc-02) we have been getting entries on some server eventlogs - I donot think it is an issue but would like to confirm this and how do I remove these entries .
 
SYSTEM LOG entires as follows :-
 
Sourec : DnsApi Event IT : 11166
 
The system failed to register host (A) resource records (RRs) for network adapter
with settings:
 
   Adapter Name : {CC5D224C-4A45-47EF-845C-BF0701AAB485}
   Host Name : inta-iag-db-01
   Primary Domain Suffix : inta.iag.sydney.com.au
   DNS server list :
     	192.168.10.8, 192.168.10.12
   Sent update to server : 192.168.10.8
   IP Address(es) :
     192.168.10.19
 
 The reason the system could not register these RRs was because of a security related problem. The cause of this could be (a) your computer does not have permissions to register and update the specific DNS domain name set for this adapter, or (b) there might have been a problem negotiating valid credentials with the DNS server during the processing of the update request.
 
 You can manually retry DNS registration of the network adapter and its settings by typing "ipconfig /registerdns" at the command prompt. If problems still persist, contact your DNS server or network systems administrator. For specific error code, see the record data displayed below.
 
 
Thanks

Open in new window

0
Comment
Question by:ccfcfc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
7 Comments
 
LVL 4

Expert Comment

by:astrochimp
ID: 24744440
All of your old records' security settings only allow the old DNS server to modify them. Look at a sample A DNS record's security settings and see who the owner is and what kind of permissions your new server has.

You may want to use DNS dynamic registration credentials in your DHCP properties so that all DNS records are owned by a central account which will stay the same as you switch servers in the future.
0
 

Author Comment

by:ccfcfc
ID: 24744499
But why are these not happening on all the servers. Amongs 10 servers only 2 servers are complainging ?
Are you saying that the failed DC has permssions to ONLY change A records on the existing and NEW DNS servers ?
IS this error a problem or as it says a WARNING ? How do I remove this issue ?

Dont have DHCP being used at all.
0
 
LVL 4

Expert Comment

by:astrochimp
ID: 24744593
This is not an immediate problem but it will get worse with time as some your DNS records may get out of date. Anything that relies on accurate DNS names will start to fail.

Take a look at the servers which are complaining. Isolate the records for which you get the warnings and take a look at their permissions. Do the DNS servers OR clients (depending on your setup) have the correct permissions to update the A records?

Since you don't have DHCP used, by guess is that DNS relies on clients to register their own DNS names. In this case you're looking for the "Authenticated Users" group's permissions and/or the "Everyone" permissions.

For testing purposes you can give the "Everyone" group full control to a problematic A record and then to an "ipconfig/registerdns" on the client. Make a note of any error messages being generated in your logs. If this works, your problem is permissions based. If it still doesn't work, we will need to keep looking.

Are you using AD integrated DNS?
0
 

Author Comment

by:ccfcfc
ID: 24745480
Of the servers with entries in the event logs the permissions on the A record has no entry for the Server/Client to update. i.e. have looked at the A record of a server/client with no entries in the event log  and it has an entry in permissions by its name.

But,  in a live network and as we use static IP and records dont change, what is the knock on effect if any of adding the server/client in the permissions ?
As A records dont change , what is the effect if I dont change these settings ?

0
 
LVL 4

Accepted Solution

by:
astrochimp earned 2000 total points
ID: 24745608
If you use static addresses, this will just be an annoying message you see in your logs. The clients will try to register themselves in DNS as a matter of course, but even if they fail, everything will keep working. The only thing you need to worry about if when you either change an IP address of an existing client or add a new client. You will have to double check the DNS entry manually to ensure that it's current. Since you do the IP addresses manually, it won't be that much more work to double check DNS settings.
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam® is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question