Walt Forbes
asked on
How do resolve "DNS Update failed" errors in DHCP Log
Points of My Scenario
1. I run a Windows 2003 domain
2. I have a DHCP member server (Windows Server 2003) that is authorized and working
3. This DHCP server is configured to ALWAYS register clients with DNS automatically and to delete A & PTR records when leases are expired.
4. All DHCP clients run Windows XP (SP2) - this shouldn't matter
5. Both forward and reverse lookup zones are AD-Integrated and configured for secure updates only.
PROBLEM: the DHCPSrv-day.log file (DHCP log file) persistently displays DNS Update failed errors - such as: "31,03/27/10,00:00:57,DNS Update Failed,1.2.3.4,hostname.do mainname.c om,-1,"
QUESTION: How do I resolve these errors so that DHCP can update DNS?
1. I run a Windows 2003 domain
2. I have a DHCP member server (Windows Server 2003) that is authorized and working
3. This DHCP server is configured to ALWAYS register clients with DNS automatically and to delete A & PTR records when leases are expired.
4. All DHCP clients run Windows XP (SP2) - this shouldn't matter
5. Both forward and reverse lookup zones are AD-Integrated and configured for secure updates only.
PROBLEM: the DHCPSrv-day.log file (DHCP log file) persistently displays DNS Update failed errors - such as: "31,03/27/10,00:00:57,DNS Update Failed,1.2.3.4,hostname.do
QUESTION: How do I resolve these errors so that DHCP can update DNS?
is there a windows error in the event log that you can post?
The dns servers you have specified thru dhcp are not allowing your dhcp client to register. You turned this on under dhcp. You may not have the permission set on your dns server to allow clients to update these records. I assume you are running this dns server.
Here is an article that explains the process in more detail
http://support.microsoft.com/kb/932464
Here is an article that explains the process in more detail
http://support.microsoft.com/kb/932464
ASKER
To ZombieAutopsy: I found no related eventviewer errors, except a good number of DHCP warnings stating the percentage depletion of my scopes. I also got this single repeated Dnsapi error from the DHCP server event logs (see attached file named "Dnsapi-eventlog-error.txt ")
----
To sfosupport:
1. Workstation clients were registering directly to DNS, but not updating (they got stale and thus useless).
2. I am also admin for all DNS servers (& all Windows devices in the enterprise): you have no restrictions!
3. If the DHCP server appears not to have permission to update DNS, how can I give it permission?
4. I don't want clients (workstations) to update DNS anymore: I want only DHCP to do it.
Dnsapi-eventlog-error.txt
----
To sfosupport:
1. Workstation clients were registering directly to DNS, but not updating (they got stale and thus useless).
2. I am also admin for all DNS servers (& all Windows devices in the enterprise): you have no restrictions!
3. If the DHCP server appears not to have permission to update DNS, how can I give it permission?
4. I don't want clients (workstations) to update DNS anymore: I want only DHCP to do it.
Dnsapi-eventlog-error.txt
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Problem solved: I deleted all client (workstation) records from DNS - both in the Forward and Reverse Lookup zones.
Within 20 minutes of doing this, records from DHCP appeared in Forward and Reverse Lookup zones. Additionally, the DHCPSrvr log showed the "DNS updated sucessfully" status message for each record.
Within 20 minutes of doing this, records from DHCP appeared in Forward and Reverse Lookup zones. Additionally, the DHCPSrvr log showed the "DNS updated sucessfully" status message for each record.
ASKER
Sfossupport: I do not have a single-label DNS name. Dynamic update does occur on our DNS server.
Do you have an idea why DHCP record updating was failing?
Do you have an idea why DHCP record updating was failing?
The only other option I see is that the service account used to register the dns records
expired. It should automatically regenerate a new password. This option is set on the dhcp server. This service account should also be a member of the dnsupdateproxy(?) group.
Glad you got it working
expired. It should automatically regenerate a new password. This option is set on the dhcp server. This service account should also be a member of the dnsupdateproxy(?) group.
Glad you got it working
ASKER
To Sfossupport: I will close this case & award you the points immediately after the answer my query, "How & where in DHCP console do I configure a service account to register DNS record?"
ASKER
This didn't solve the problem, however it was insightful. Additionally, I'm closing this case since it's not getting any further attention.