[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

New Windows 2008 DC in an existing Windows 2003 Domain:  DHCP Clients do not update their DNS entry

Posted on 2010-08-17
11
Medium Priority
?
414 Views
Last Modified: 2012-05-10
We got an existing Windows 2003 domain with 3 DC's and 2 DHCP Server (running on two DC's), so pure Microsoft and nothing else.  Everything was working fine until we installed a fourth DC which is a Windows 2008 Server.

Since we got the Windows 2008 Domain Controller, some DHCP Clients cannot register their DNS entries.  Please note that the Windows 2008 DC is configured standard we didn't change anything.  The clients are linux thin clients which receive an IP from one of the two DHCP Servers and then should register their IP in DNS, but they don't.

We started to realize this issue 3 days ago, as some thinclients can register their IP in DNS.  We assume that this problem started since the new 2008 DC.

Looking forward to your input.  I enabled DNS debug loggin in the meantime.
0
Comment
Question by:NEXPERT-AG
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 8

Expert Comment

by:SGrossmann
ID: 33453463
Does you Domain run in Windows 2003 native mode?If not your DNS-Zones willes be in the domain partition and not within the DNS Applicatoin Partitions.This causes DNS problems with 2008 DNS-Servers.This would suggest that you DHCP provides the IP from this 2008 Server as DNS-Server
0
 

Author Comment

by:NEXPERT-AG
ID: 33453550
Our current domain functional level is Windows Server 2003.  

0
 
LVL 8

Expert Comment

by:SGrossmann
ID: 33453579
Did you configure the DnsUpdateProxy or was the registration done without it?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:NEXPERT-AG
ID: 33453764
I see that there is an AD Group called DnsUpdateProxy but to be honest, I don't remember if I added the server in manually or if it was done by the system.  All 4 DC's are member of the DnsUpdateProxy group ...

C:\>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = ADS005
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: ***********\ADS005
      Starting test: Connectivity
         ......................... ADS005 passed test Connectivity

Doing primary tests

   Testing server: ***********\ADS005

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... ADS005 failed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : domain1

   Running enterprise tests on : domain1.local
      Starting test: DNS
         Test results for domain controllers:

            DC: ADS005.domain1.local
            Domain: domain1.local


               TEST: Basic (Basc)
                  Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running)

               ADS005                       PASS WARN n/a  n/a  n/a  n/a  n/a
         ......................... domain1.local passed test DNS
0
 
LVL 8

Expert Comment

by:SGrossmann
ID: 33453799
See this article, it's written for 2003 but equal for 2008http://support.microsoft.com/kb/816592You linux system wont update the DNS themself and dhcp needs to do this for them. If the zonepermission has changed you need to authorize a user to do this. As written in the document if one dhcp has added the entry the other server would not be allowed to change this entry aslong as you don't configure the dnsupdateproxy.
0
 

Author Comment

by:NEXPERT-AG
ID: 33454490
Thank you SGrossmann, but all DNS and DHCP Servers are already member of the group DNSUpdateProxy.

DHCP is also configured as recommended:


DHCP-config.jpg
0
 
LVL 8

Expert Comment

by:SGrossmann
ID: 33454557
Your Servers are member of that group, but each server updates the dns-records with his machine account.You can configure a user to update the dns-records so all servers have permission to change the records.This can be done within the advance tab of the posted console.
0
 

Author Comment

by:NEXPERT-AG
ID: 33455231
Thank you for the hint, I checked the credentials and re-entered the password.

The DHCP leases also look very weired.  Do you know what that means?
DHCP-credentials.jpg
0
 

Author Comment

by:NEXPERT-AG
ID: 33455243
What does these "brushes" mean?
wiredicon.jpg
0
 
LVL 8

Accepted Solution

by:
SGrossmann earned 2000 total points
ID: 33455440
This pencil sais:"Active lease, DNS dynamic update pending. This address is not available for lease by the DHCP server." There are several issues for this:1) User ist not the member of the dnsupdateproxy group2) "Always dynamically update A and PTR records" in DHCP Scope properties is not set3) The client DNS suffix does not match the domain name4) You don't have a reverse lookup zone for this ip-range
0
 

Author Comment

by:NEXPERT-AG
ID: 33501632
Hi SGrossmann

Thank you for all your hints, finally we rebooted one domain controller which did not update DNS records and, voilà, issue was fixed.

Cheers
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question