Solved

New Windows 2008 DC in an existing Windows 2003 Domain:  DHCP Clients do not update their DNS entry

Posted on 2010-08-17
11
404 Views
Last Modified: 2012-05-10
We got an existing Windows 2003 domain with 3 DC's and 2 DHCP Server (running on two DC's), so pure Microsoft and nothing else.  Everything was working fine until we installed a fourth DC which is a Windows 2008 Server.

Since we got the Windows 2008 Domain Controller, some DHCP Clients cannot register their DNS entries.  Please note that the Windows 2008 DC is configured standard we didn't change anything.  The clients are linux thin clients which receive an IP from one of the two DHCP Servers and then should register their IP in DNS, but they don't.

We started to realize this issue 3 days ago, as some thinclients can register their IP in DNS.  We assume that this problem started since the new 2008 DC.

Looking forward to your input.  I enabled DNS debug loggin in the meantime.
0
Comment
Question by:NEXPERT-AG
  • 6
  • 5
11 Comments
 
LVL 8

Expert Comment

by:SGrossmann
ID: 33453463
Does you Domain run in Windows 2003 native mode?If not your DNS-Zones willes be in the domain partition and not within the DNS Applicatoin Partitions.This causes DNS problems with 2008 DNS-Servers.This would suggest that you DHCP provides the IP from this 2008 Server as DNS-Server
0
 

Author Comment

by:NEXPERT-AG
ID: 33453550
Our current domain functional level is Windows Server 2003.  

0
 
LVL 8

Expert Comment

by:SGrossmann
ID: 33453579
Did you configure the DnsUpdateProxy or was the registration done without it?
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:NEXPERT-AG
ID: 33453764
I see that there is an AD Group called DnsUpdateProxy but to be honest, I don't remember if I added the server in manually or if it was done by the system.  All 4 DC's are member of the DnsUpdateProxy group ...

C:\>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = ADS005
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: ***********\ADS005
      Starting test: Connectivity
         ......................... ADS005 passed test Connectivity

Doing primary tests

   Testing server: ***********\ADS005

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... ADS005 failed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : domain1

   Running enterprise tests on : domain1.local
      Starting test: DNS
         Test results for domain controllers:

            DC: ADS005.domain1.local
            Domain: domain1.local


               TEST: Basic (Basc)
                  Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running)

               ADS005                       PASS WARN n/a  n/a  n/a  n/a  n/a
         ......................... domain1.local passed test DNS
0
 
LVL 8

Expert Comment

by:SGrossmann
ID: 33453799
See this article, it's written for 2003 but equal for 2008http://support.microsoft.com/kb/816592You linux system wont update the DNS themself and dhcp needs to do this for them. If the zonepermission has changed you need to authorize a user to do this. As written in the document if one dhcp has added the entry the other server would not be allowed to change this entry aslong as you don't configure the dnsupdateproxy.
0
 

Author Comment

by:NEXPERT-AG
ID: 33454490
Thank you SGrossmann, but all DNS and DHCP Servers are already member of the group DNSUpdateProxy.

DHCP is also configured as recommended:


DHCP-config.jpg
0
 
LVL 8

Expert Comment

by:SGrossmann
ID: 33454557
Your Servers are member of that group, but each server updates the dns-records with his machine account.You can configure a user to update the dns-records so all servers have permission to change the records.This can be done within the advance tab of the posted console.
0
 

Author Comment

by:NEXPERT-AG
ID: 33455231
Thank you for the hint, I checked the credentials and re-entered the password.

The DHCP leases also look very weired.  Do you know what that means?
DHCP-credentials.jpg
0
 

Author Comment

by:NEXPERT-AG
ID: 33455243
What does these "brushes" mean?
wiredicon.jpg
0
 
LVL 8

Accepted Solution

by:
SGrossmann earned 500 total points
ID: 33455440
This pencil sais:"Active lease, DNS dynamic update pending. This address is not available for lease by the DHCP server." There are several issues for this:1) User ist not the member of the dnsupdateproxy group2) "Always dynamically update A and PTR records" in DHCP Scope properties is not set3) The client DNS suffix does not match the domain name4) You don't have a reverse lookup zone for this ip-range
0
 

Author Comment

by:NEXPERT-AG
ID: 33501632
Hi SGrossmann

Thank you for all your hints, finally we rebooted one domain controller which did not update DNS records and, voilà, issue was fixed.

Cheers
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Auto Login Script 3 42
what about DCpro 2 30
How to remove users in file list from specific AD group? 3 40
DNS Record - External Public IP (Sonicwall VPN) 9 29
I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question