Solved

New Windows 2008 DC in an existing Windows 2003 Domain:  DHCP Clients do not update their DNS entry

Posted on 2010-08-17
11
405 Views
Last Modified: 2012-05-10
We got an existing Windows 2003 domain with 3 DC's and 2 DHCP Server (running on two DC's), so pure Microsoft and nothing else.  Everything was working fine until we installed a fourth DC which is a Windows 2008 Server.

Since we got the Windows 2008 Domain Controller, some DHCP Clients cannot register their DNS entries.  Please note that the Windows 2008 DC is configured standard we didn't change anything.  The clients are linux thin clients which receive an IP from one of the two DHCP Servers and then should register their IP in DNS, but they don't.

We started to realize this issue 3 days ago, as some thinclients can register their IP in DNS.  We assume that this problem started since the new 2008 DC.

Looking forward to your input.  I enabled DNS debug loggin in the meantime.
0
Comment
Question by:NEXPERT-AG
  • 6
  • 5
11 Comments
 
LVL 8

Expert Comment

by:SGrossmann
ID: 33453463
Does you Domain run in Windows 2003 native mode?If not your DNS-Zones willes be in the domain partition and not within the DNS Applicatoin Partitions.This causes DNS problems with 2008 DNS-Servers.This would suggest that you DHCP provides the IP from this 2008 Server as DNS-Server
0
 

Author Comment

by:NEXPERT-AG
ID: 33453550
Our current domain functional level is Windows Server 2003.  

0
 
LVL 8

Expert Comment

by:SGrossmann
ID: 33453579
Did you configure the DnsUpdateProxy or was the registration done without it?
0
The Eight Noble Truths of Backup and Recovery

How can IT departments tackle the challenges of a Big Data world? This white paper provides a roadmap to success and helps companies ensure that all their data is safe and secure, no matter if it resides on-premise with physical or virtual machines or in the cloud.

 

Author Comment

by:NEXPERT-AG
ID: 33453764
I see that there is an AD Group called DnsUpdateProxy but to be honest, I don't remember if I added the server in manually or if it was done by the system.  All 4 DC's are member of the DnsUpdateProxy group ...

C:\>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = ADS005
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: ***********\ADS005
      Starting test: Connectivity
         ......................... ADS005 passed test Connectivity

Doing primary tests

   Testing server: ***********\ADS005

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... ADS005 failed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : domain1

   Running enterprise tests on : domain1.local
      Starting test: DNS
         Test results for domain controllers:

            DC: ADS005.domain1.local
            Domain: domain1.local


               TEST: Basic (Basc)
                  Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running)

               ADS005                       PASS WARN n/a  n/a  n/a  n/a  n/a
         ......................... domain1.local passed test DNS
0
 
LVL 8

Expert Comment

by:SGrossmann
ID: 33453799
See this article, it's written for 2003 but equal for 2008http://support.microsoft.com/kb/816592You linux system wont update the DNS themself and dhcp needs to do this for them. If the zonepermission has changed you need to authorize a user to do this. As written in the document if one dhcp has added the entry the other server would not be allowed to change this entry aslong as you don't configure the dnsupdateproxy.
0
 

Author Comment

by:NEXPERT-AG
ID: 33454490
Thank you SGrossmann, but all DNS and DHCP Servers are already member of the group DNSUpdateProxy.

DHCP is also configured as recommended:


DHCP-config.jpg
0
 
LVL 8

Expert Comment

by:SGrossmann
ID: 33454557
Your Servers are member of that group, but each server updates the dns-records with his machine account.You can configure a user to update the dns-records so all servers have permission to change the records.This can be done within the advance tab of the posted console.
0
 

Author Comment

by:NEXPERT-AG
ID: 33455231
Thank you for the hint, I checked the credentials and re-entered the password.

The DHCP leases also look very weired.  Do you know what that means?
DHCP-credentials.jpg
0
 

Author Comment

by:NEXPERT-AG
ID: 33455243
What does these "brushes" mean?
wiredicon.jpg
0
 
LVL 8

Accepted Solution

by:
SGrossmann earned 500 total points
ID: 33455440
This pencil sais:"Active lease, DNS dynamic update pending. This address is not available for lease by the DHCP server." There are several issues for this:1) User ist not the member of the dnsupdateproxy group2) "Always dynamically update A and PTR records" in DHCP Scope properties is not set3) The client DNS suffix does not match the domain name4) You don't have a reverse lookup zone for this ip-range
0
 

Author Comment

by:NEXPERT-AG
ID: 33501632
Hi SGrossmann

Thank you for all your hints, finally we rebooted one domain controller which did not update DNS records and, voilà, issue was fixed.

Cheers
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question