Link to home
Create AccountLog in
Avatar of Psymonious
PsymoniousFlag for Switzerland

asked on

Member Server cannot create DNS record

Hi there

I have some troubles with DNS and dynamic updates.

[Configuration]
-----------------
All servers are virtualized on VMware vSphere/ESXi 5.1
-----------------
2x Domain Controllers based on Windows Server 2008 R2 fully patched running AD DS, DNS and DHCP

DNS zones are "Active Directory-integrated" and Dynamic updates is set to "Secure only"
DHCP Servers have "DNS dynamic update credentials" configured (domain user).

My task is to test and implement Windows Server 2012 so i installed a testserver, configured an IP-address (local not DHCP), joined it to the domain. I tested some things and all looked pretty good... but suddenly i recognized that the server is not available by his FQDN.
On the DNS there was no A or PTR record present for this host.
Back on the server i tried so manually register using "ipconfig /registerdns", after wating a couple minutes i got the following message in "Event Viewer".

Log Name: System
Soruce: DNS Client Events
Event ID: 8015

The system failed to register host (A or AAAA) resource records (RRs) for network adapter
with settings:
Adapter Name : {336D5BBA-75D7-4F7E-9F4C-09F1ADE03CD1}
Host Name : testservername
Primary Domain Suffix : company.local
DNS server list : DNSIP1, DNSIP2
Sent update to server : <?>
IP Address(es) : testserverIP

The reason the system could not register these RRs was because the update request it sent to the DNS server timed out. The most likely cause of this is that the DNS server authoritative for the name it was attempting to register or update is not running at this time.

You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator.

I checked the configuration of the NIC, checked the ticks
[x] Register this connection's addresses in DNS
[x] Use this connection's DNS suffix in DNS registration
> no luck

I found some KB articles with similar issues, where they recommend disabling IPv6
so i did this too.
> no luck

This morning i configured a DHCP Reservation for the server and it worked, no wondering.... cause the DHCP did it.

Any ideas why my 2012 Server is not able to create a entry in the DNS Server?

regards Simon
Avatar of IanTh
IanTh
Flag of United Kingdom of Great Britain and Northern Ireland image

can the server ping the dns servers ?

is the member server in the domain ?
Avatar of Psymonious

ASKER

Network connection are fine, server is reachable by ping and other protocols.
Server is member of the domain.
what domain/forest level ?
Single Forest/Domain

ForestMode: Windows2008R2Forest
DomainMode: Windows2008R2Domain
So it works with dhcp not static ip ?

is the time set properly by the lan that can cause  issues like this the Event ID: 8015 suggests this too ?
Yes, with DHCP reservation everything is OK, but not when static ip is configured on the server.

Timezone is correct i have same time on all systems in the network.
so even with the same details with a static ip (the same one you get via dhcp) what happens
OK, with a lot of testing i found out that it works when i move the server to another VLAN.
So what i can say now is that the dns server and the testserver is working correct.

So we are getting in a more network related issue here.

As far as i can say, the network and firewall configuration of the different esxi are the same.
Does someone know what else is needed from a view of network?
you never said vlan how would the member server get dhcp if it was in the wrong vlan have you got multiple dcp severs in vlans ?
There are only 2 DHCP server for all VLANs.
The ip-helpers on the routers tell them where the dhcp servers are.

There is no security boundary between the 2 VLANs we are talking about here.

As far as i know DNS Client uses the following ports
In: 53, UDP
Out: 53, UDP,TCP

Does the registration of the server in DNS also go through this port/communication?
Thanks, i already read that. i'm going to install "MS Network Monitor 3.4" to get a detailed view of what i going on.
I mean why run a vlan with no security boundary I don't understand
As far as i know it's prepared for more security in future but it is not applied at the moment.
Don't ask me about details, i'm the server and not the network guy ;)
I'm server too although do know about about networking a bit.
ASKER CERTIFIED SOLUTION
Avatar of Psymonious
Psymonious
Flag of Switzerland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer
Finally we could find the issue together with our network team.