New Windows 2008 DC in an existing Windows 2003 Domain:  DHCP Clients do not update their DNS entry

Posted on 2010-08-17
Last Modified: 2012-05-10
We got an existing Windows 2003 domain with 3 DC's and 2 DHCP Server (running on two DC's), so pure Microsoft and nothing else.  Everything was working fine until we installed a fourth DC which is a Windows 2008 Server.

Since we got the Windows 2008 Domain Controller, some DHCP Clients cannot register their DNS entries.  Please note that the Windows 2008 DC is configured standard we didn't change anything.  The clients are linux thin clients which receive an IP from one of the two DHCP Servers and then should register their IP in DNS, but they don't.

We started to realize this issue 3 days ago, as some thinclients can register their IP in DNS.  We assume that this problem started since the new 2008 DC.

Looking forward to your input.  I enabled DNS debug loggin in the meantime.
Question by:NEXPERT-AG
  • 6
  • 5

Expert Comment

ID: 33453463
Does you Domain run in Windows 2003 native mode?If not your DNS-Zones willes be in the domain partition and not within the DNS Applicatoin Partitions.This causes DNS problems with 2008 DNS-Servers.This would suggest that you DHCP provides the IP from this 2008 Server as DNS-Server

Author Comment

ID: 33453550
Our current domain functional level is Windows Server 2003.  


Expert Comment

ID: 33453579
Did you configure the DnsUpdateProxy or was the registration done without it?

Author Comment

ID: 33453764
I see that there is an AD Group called DnsUpdateProxy but to be honest, I don't remember if I added the server in manually or if it was done by the system.  All 4 DC's are member of the DnsUpdateProxy group ...

C:\>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = ADS005
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: ***********\ADS005
      Starting test: Connectivity
         ......................... ADS005 passed test Connectivity

Doing primary tests

   Testing server: ***********\ADS005

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... ADS005 failed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : domain1

   Running enterprise tests on : domain1.local
      Starting test: DNS
         Test results for domain controllers:

            DC: ADS005.domain1.local
            Domain: domain1.local

               TEST: Basic (Basc)
                  Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running)

               ADS005                       PASS WARN n/a  n/a  n/a  n/a  n/a
         ......................... domain1.local passed test DNS

Expert Comment

ID: 33453799
See this article, it's written for 2003 but equal for 2008 linux system wont update the DNS themself and dhcp needs to do this for them. If the zonepermission has changed you need to authorize a user to do this. As written in the document if one dhcp has added the entry the other server would not be allowed to change this entry aslong as you don't configure the dnsupdateproxy.
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.


Author Comment

ID: 33454490
Thank you SGrossmann, but all DNS and DHCP Servers are already member of the group DNSUpdateProxy.

DHCP is also configured as recommended:


Expert Comment

ID: 33454557
Your Servers are member of that group, but each server updates the dns-records with his machine account.You can configure a user to update the dns-records so all servers have permission to change the records.This can be done within the advance tab of the posted console.

Author Comment

ID: 33455231
Thank you for the hint, I checked the credentials and re-entered the password.

The DHCP leases also look very weired.  Do you know what that means?

Author Comment

ID: 33455243
What does these "brushes" mean?

Accepted Solution

SGrossmann earned 500 total points
ID: 33455440
This pencil sais:"Active lease, DNS dynamic update pending. This address is not available for lease by the DHCP server." There are several issues for this:1) User ist not the member of the dnsupdateproxy group2) "Always dynamically update A and PTR records" in DHCP Scope properties is not set3) The client DNS suffix does not match the domain name4) You don't have a reverse lookup zone for this ip-range

Author Comment

ID: 33501632
Hi SGrossmann

Thank you for all your hints, finally we rebooted one domain controller which did not update DNS records and, voilà, issue was fixed.


Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
What is this Task? 4 84
Moving to a Virtual from an SQL cluster, best practices? 5 71
Hyper V cluster 2 31
what is file ADS_ERR.adm on windows server 2008 4 33
Recently, I was asked to look into SCCM 2007 by my employer, having a degree of experience of earlier versions of SMS and some previous SCCM knowledge I didn't expect the procedure to involve to much time. I read a number of guides concerning it…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now