We help IT Professionals succeed at work.

Automated Way to Update DNS in SBS 2008?

nometa
nometa asked
on
This started as a question on how to turn off a warning in SBS 2008's logs regarding turning off DHCP warnings (Found here).

In short, turning off DHCP completely broke the server - several Automatic services, including AD, didn't start with the machine, which meant no one could connect to the domain. I manually started them, and the machine is now limping along.

But there are now loads of errors in the logs, mostly related to Exchange:

Process MSEXCHANGEADTOPOLOGY (PID=2380). The site monitor API was unable to verify the site name for this Exchange computer - Call=DsctxGetContext Error code=8007077f. Make sure that Exchange server is correctly registered on the DNS server.

I also get the following error with DCDiag.exe:
"The host could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc."

Digging around in DNS, there are a couple of issues. I see it only listening on (what I think is) an IPv6 IP - we're using IPv4, but that IP isn't checked. I can switch to "listen on all IPs" but I'm gunshy after the explosion with DHCP.

There are also several A records for an IP on a completely different subnet (10.x.x), but no references for the actual IP of the server (192.168.1.2).

So I think the issue is with DNS needing to be updated: somehow turning off DHCP caused a cascade of DNS-related errors.

So am I on the right track? If so, is there an automated way to update DNS, and get it listening on / reflecting the correct IP? I can manually change the IPs in the DNS forwards, but the reverses are doing my head in - and I'd rather not make manual changes if possible.

ipconfig is as follows:

Windows IP Configuration

   Host Name . . . . . . . . . . . . : GSERVER
   Primary Dns Suffix  . . . . . . . : gc.local
   Node Type . . . . . . . . . . . . : Unknown
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : gc.local

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Broadcom BCM5709C NetXtreme II GigE (NDIS VBD Client)
  DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5d22:da1:19ca:8135%10(Preferred)
   Link-local IPv6 Address . . . . . : fe80::a92e:823b:e0a:eb4b%10(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 251668153
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-A7-75-2E-00-26-B9-48-8B-E2

   DNS Servers . . . . . . . . . . . : fe80::5d22:da1:19ca:8135%10
                                       192.168.1.2
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : isatap.{77C7F1A3-4243-4EF4-A254-59E2B526F3E2}
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Any help would be HUGELY appreciated. I'm afraid to even reboot the machine right now.
Comment
Watch Question

Distinguished Expert 2018

Commented:
Honestly, this sounds like an unstable installation. What I'd do is take a weekend and perform a "swing" migration (which means you can swing back to same hardware.) So you will be keeping the important stuff: files, Exchange data, Active Directory accounts, and Sharepoint, but killing the OS-specific hacks that have made this installation unstable.
Commented:
Check the Local Area Connection TCP/IP properties for the adapter and verify that Register this Connection in DNS is check for the IPv6 and IPv4 protocols.  This can be found on the DNS tab in Advanced TCP/IP Settings.

I would change the DNS Server interface setting to listen on all IP addresses.  I would also change the preferred DNS address to 127.0.0.1 for IPv4 and ::1 for IPv6.

Worst case you can always add an entry for the server netbios name and fqdn to your hosts file for a quick fix, but you really need to make sure that your DNS is configured properly.
Chris DentPowerShell Developer
Top Expert 2010
Commented:

I would make it listen on all interfaces first.

If DHCP is having trouble I would stop it from updating DNS. Clients are prefectly capable of registering their own records provided they are running Windows 2000 or above.

Verify that DNS has Dynamic Updates enabled and set to Secure Only (properties for your Forward Lookup Zone). Then run these on your SBS server:

net stop netlogon
net start netlogon
ipconfig /registerdns

Check the zone in DNS for the servers records, and / or check Event Viewer for errors from DNSAPI.

If you want to test a client, they only need run "ipconfig /registerdns", provided DHCP is no longer updating on their behalf.

HTH

Chris

Author

Commented:
Thanks for the responses everyone - to be clear, I'd prefer to NOT have DHCP on the server. Have had nothing but problems with WinDHCP.

Do any of these fixes actually clear out the incorrect subnet in DNS (the 10.x.x.x) and update with the correct subnet?

@cgaliher:that may be an option, but I'd prefer to try updating DNS first. The machine was very stable until I tried to stop DHCP from reporting errors.

@Chris-Dent:what does Secure Only do? And the /registerdns?

Thanks everyone - appreciated.

Commented:
No, none of these fixes will clear out the 10.x.x.x records.  You can try to Scavenge Stale Resource Records in the DNS Manager, but you may need to remove them manually.  

The fixes I suggested should correctly register the server in DNS, which seems like the issue.

To rehash, I would definatly try this first:

Change the DNS Server interface setting to listen on all IP addresses.  I would also change the preferred DNS address to 127.0.0.1 for IPv4 and ::1 for IPv6 in the local area connection properties for the network adapter.

ipconfig /registerdns refreshes the DHCP lease and registers the connection in DNS.  This command is run at a workstation.

Chris DentPowerShell Developer
Top Expert 2010

Commented:


> @Chris-Dent:what does Secure Only do? And the /registerdns?

Only allows domain members (effectively) to register DNS records.

RegisterDNS tells the system to attempt a dynamic update request. Doesn't do all that much if DHCP is looking after the record, but if it's registering directly it will force an update attempt.

ron0110 is right about the 10.x.x.x records, I forgot to touch on those. If you don't want to clear them manually aging / scavenging is your only choice. If that's not already configured it will take time to come into effect.

Chris

Author

Commented:
Will try both and report back - thanks for the help!