Solved

New Windows 2008 DC in an existing Windows 2003 Domain:  DHCP Clients do not update their DNS entry

Posted on 2010-08-17
11
402 Views
Last Modified: 2012-05-10
We got an existing Windows 2003 domain with 3 DC's and 2 DHCP Server (running on two DC's), so pure Microsoft and nothing else.  Everything was working fine until we installed a fourth DC which is a Windows 2008 Server.

Since we got the Windows 2008 Domain Controller, some DHCP Clients cannot register their DNS entries.  Please note that the Windows 2008 DC is configured standard we didn't change anything.  The clients are linux thin clients which receive an IP from one of the two DHCP Servers and then should register their IP in DNS, but they don't.

We started to realize this issue 3 days ago, as some thinclients can register their IP in DNS.  We assume that this problem started since the new 2008 DC.

Looking forward to your input.  I enabled DNS debug loggin in the meantime.
0
Comment
Question by:NEXPERT-AG
  • 6
  • 5
11 Comments
 
LVL 8

Expert Comment

by:SGrossmann
ID: 33453463
Does you Domain run in Windows 2003 native mode?If not your DNS-Zones willes be in the domain partition and not within the DNS Applicatoin Partitions.This causes DNS problems with 2008 DNS-Servers.This would suggest that you DHCP provides the IP from this 2008 Server as DNS-Server
0
 

Author Comment

by:NEXPERT-AG
ID: 33453550
Our current domain functional level is Windows Server 2003.  

0
 
LVL 8

Expert Comment

by:SGrossmann
ID: 33453579
Did you configure the DnsUpdateProxy or was the registration done without it?
0
 

Author Comment

by:NEXPERT-AG
ID: 33453764
I see that there is an AD Group called DnsUpdateProxy but to be honest, I don't remember if I added the server in manually or if it was done by the system.  All 4 DC's are member of the DnsUpdateProxy group ...

C:\>dcdiag /test:dns

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = ADS005
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: ***********\ADS005
      Starting test: Connectivity
         ......................... ADS005 passed test Connectivity

Doing primary tests

   Testing server: ***********\ADS005

      Starting test: DNS

         DNS Tests are running and not hung. Please wait a few minutes...
         ......................... ADS005 failed test DNS

   Running partition tests on : ForestDnsZones

   Running partition tests on : DomainDnsZones

   Running partition tests on : Schema

   Running partition tests on : Configuration

   Running partition tests on : domain1

   Running enterprise tests on : domain1.local
      Starting test: DNS
         Test results for domain controllers:

            DC: ADS005.domain1.local
            Domain: domain1.local


               TEST: Basic (Basc)
                  Warning: no DNS RPC connectivity (error or non Microsoft DNS server is running)

               ADS005                       PASS WARN n/a  n/a  n/a  n/a  n/a
         ......................... domain1.local passed test DNS
0
 
LVL 8

Expert Comment

by:SGrossmann
ID: 33453799
See this article, it's written for 2003 but equal for 2008http://support.microsoft.com/kb/816592You linux system wont update the DNS themself and dhcp needs to do this for them. If the zonepermission has changed you need to authorize a user to do this. As written in the document if one dhcp has added the entry the other server would not be allowed to change this entry aslong as you don't configure the dnsupdateproxy.
0
Do email signature updates give you a headache?

Do you feel like you are constantly making changes to email signatures? Are the images not formatting how you want them to? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today.

 

Author Comment

by:NEXPERT-AG
ID: 33454490
Thank you SGrossmann, but all DNS and DHCP Servers are already member of the group DNSUpdateProxy.

DHCP is also configured as recommended:


DHCP-config.jpg
0
 
LVL 8

Expert Comment

by:SGrossmann
ID: 33454557
Your Servers are member of that group, but each server updates the dns-records with his machine account.You can configure a user to update the dns-records so all servers have permission to change the records.This can be done within the advance tab of the posted console.
0
 

Author Comment

by:NEXPERT-AG
ID: 33455231
Thank you for the hint, I checked the credentials and re-entered the password.

The DHCP leases also look very weired.  Do you know what that means?
DHCP-credentials.jpg
0
 

Author Comment

by:NEXPERT-AG
ID: 33455243
What does these "brushes" mean?
wiredicon.jpg
0
 
LVL 8

Accepted Solution

by:
SGrossmann earned 500 total points
ID: 33455440
This pencil sais:"Active lease, DNS dynamic update pending. This address is not available for lease by the DHCP server." There are several issues for this:1) User ist not the member of the dnsupdateproxy group2) "Always dynamically update A and PTR records" in DHCP Scope properties is not set3) The client DNS suffix does not match the domain name4) You don't have a reverse lookup zone for this ip-range
0
 

Author Comment

by:NEXPERT-AG
ID: 33501632
Hi SGrossmann

Thank you for all your hints, finally we rebooted one domain controller which did not update DNS records and, voilà, issue was fixed.

Cheers
0

Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Join & Write a Comment

We recently had an issue where out of nowhere, end users started indicating that their logins to our terminal server were just showing a "blank screen." After checking the usual suspects -- profiles, shell=explorer.exe in the registry, userinit.exe,…
I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now