How do resolve "DNS Update failed" errors in DHCP Log

Points of My Scenario
1. I run a Windows 2003 domain
2. I have a DHCP member server (Windows Server 2003) that is authorized and working
3. This DHCP server is configured to ALWAYS register clients with DNS automatically and to delete A & PTR records when leases are expired.
4. All DHCP clients run Windows XP (SP2) - this shouldn't matter
5. Both forward and reverse lookup zones are AD-Integrated and configured for secure updates only.
PROBLEM: the DHCPSrv-day.log file (DHCP log file) persistently displays DNS Update failed errors - such as: "31,03/27/10,00:00:57,DNS Update Failed,,,-1,"
QUESTION: How do I resolve these errors so that DHCP can update DNS?
Who is Participating?
sfossupportConnect With a Mentor Commented:
I don't know what dns name you have. See the following about registering single label dns names. DNS names that do not contain a suffix such as .com, .net, ... are considered to be single-label DNS names.

By default, Windows Server 2003-based domain members, Windows XP-based domain members, and Windows 2000-based domain members do not perform dynamic updates to single-label DNS zones.
is there a windows error in the event log that you can post?
The dns servers you have specified thru dhcp are not allowing your dhcp client to register. You turned this on under dhcp. You may not have the permission set on your dns server to allow clients to update these records. I assume you are running this dns server.  

Here is an article that explains the process in more detail
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

waforbes100Author Commented:
To ZombieAutopsy: I found no related eventviewer errors, except a good number of DHCP warnings stating the percentage depletion of my scopes. I also got this single repeated Dnsapi error from the DHCP server event logs (see attached file named "Dnsapi-eventlog-error.txt")
To sfosupport:
1. Workstation clients were registering directly to DNS, but not updating (they got stale and thus useless).
2. I am also admin for all DNS servers (& all Windows devices in the enterprise): you have no restrictions!
3. If the DHCP server appears not to have permission to update DNS, how can I give it permission?
4. I don't want clients (workstations) to update DNS anymore: I want only DHCP to do it.
waforbes100Author Commented:
Problem solved: I deleted all client (workstation) records from DNS - both in the Forward and Reverse Lookup zones.
Within 20 minutes of doing this, records from DHCP appeared in  Forward and Reverse Lookup zones. Additionally, the DHCPSrvr log showed the "DNS updated sucessfully" status message for each record.
waforbes100Author Commented:
Sfossupport: I do not have a single-label DNS name. Dynamic update does occur on our DNS server.
Do you have an idea why DHCP record updating was failing?
The only other option I see is that the service account used to register the dns records
expired. It should automatically regenerate a new password. This option is set on the dhcp server. This service account should also be a member of the dnsupdateproxy(?) group.
Glad you got it working
waforbes100Author Commented:
To Sfossupport: I will close this case & award you the points immediately after the answer my query, "How & where in DHCP console do I configure a service account to register DNS record?"
waforbes100Author Commented:
This didn't solve the problem, however it was insightful. Additionally, I'm closing this case since it's not getting any further attention.
All Courses

From novice to tech pro — start learning today.