How do resolve "DNS Update failed" errors in DHCP Log

Points of My Scenario
1. I run a Windows 2003 domain
2. I have a DHCP member server (Windows Server 2003) that is authorized and working
3. This DHCP server is configured to ALWAYS register clients with DNS automatically and to delete A & PTR records when leases are expired.
4. All DHCP clients run Windows XP (SP2) - this shouldn't matter
5. Both forward and reverse lookup zones are AD-Integrated and configured for secure updates only.
PROBLEM: the DHCPSrv-day.log file (DHCP log file) persistently displays DNS Update failed errors - such as: "31,03/27/10,00:00:57,DNS Update Failed,1.2.3.4,hostname.domainname.com,-1,"
QUESTION: How do I resolve these errors so that DHCP can update DNS?
waforbes100Senior IT SpecialistAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ZombieAutopsyCommented:
is there a windows error in the event log that you can post?
0
sfossupportCommented:
The dns servers you have specified thru dhcp are not allowing your dhcp client to register. You turned this on under dhcp. You may not have the permission set on your dns server to allow clients to update these records. I assume you are running this dns server.  

Here is an article that explains the process in more detail

http://support.microsoft.com/kb/932464
0
waforbes100Senior IT SpecialistAuthor Commented:
To ZombieAutopsy: I found no related eventviewer errors, except a good number of DHCP warnings stating the percentage depletion of my scopes. I also got this single repeated Dnsapi error from the DHCP server event logs (see attached file named "Dnsapi-eventlog-error.txt")
----
To sfosupport:
1. Workstation clients were registering directly to DNS, but not updating (they got stale and thus useless).
2. I am also admin for all DNS servers (& all Windows devices in the enterprise): you have no restrictions!
3. If the DHCP server appears not to have permission to update DNS, how can I give it permission?
4. I don't want clients (workstations) to update DNS anymore: I want only DHCP to do it.
Dnsapi-eventlog-error.txt
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

sfossupportCommented:
I don't know what dns name you have. See the following about registering single label dns names. DNS names that do not contain a suffix such as .com, .net, ... are considered to be single-label DNS names.

http://support.microsoft.com/kb/300684

By default, Windows Server 2003-based domain members, Windows XP-based domain members, and Windows 2000-based domain members do not perform dynamic updates to single-label DNS zones.

http://www.chicagotech.net/server/singlelabledns1.htm
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
waforbes100Senior IT SpecialistAuthor Commented:
Problem solved: I deleted all client (workstation) records from DNS - both in the Forward and Reverse Lookup zones.
Within 20 minutes of doing this, records from DHCP appeared in  Forward and Reverse Lookup zones. Additionally, the DHCPSrvr log showed the "DNS updated sucessfully" status message for each record.
0
waforbes100Senior IT SpecialistAuthor Commented:
Sfossupport: I do not have a single-label DNS name. Dynamic update does occur on our DNS server.
Do you have an idea why DHCP record updating was failing?
0
sfossupportCommented:
The only other option I see is that the service account used to register the dns records
expired. It should automatically regenerate a new password. This option is set on the dhcp server. This service account should also be a member of the dnsupdateproxy(?) group.
Glad you got it working
0
waforbes100Senior IT SpecialistAuthor Commented:
To Sfossupport: I will close this case & award you the points immediately after the answer my query, "How & where in DHCP console do I configure a service account to register DNS record?"
0
waforbes100Senior IT SpecialistAuthor Commented:
This didn't solve the problem, however it was insightful. Additionally, I'm closing this case since it's not getting any further attention.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
DHCP

From novice to tech pro — start learning today.