The myth with DHCP, AD-integrated DNS, DNSUpdateProxy etc

-

hello community,

after searching several days answers , solutions , after different statements i'm tired :-(

problem:

in our environment use microsoft dhcp (2012 r2) serve clients (windows , non-windows) ip's. ad-joined windows-clients registering themself in dns (ad-integrated) , working fine. notice strange behaviour non-windows-clients mac, linux etc. partially they're getting no dns-entry or extremly delayed (hours later). i've checked dhcp-log (c:\windows\system32\dhcp\) , see lot of entries with:

31,03/23/17,11:33:18,dns update failed,10.19.123.45,hostname.domain.local,,,0,6,,,,,,,,,2

yesterday playing around test-client (ubuntu) , tried different solutions no success. there no dns-entry created. morning when came work, found dns-entry timestamp yesterday 10pm (when test-client offline!). so seems there huge delay. have no replication issues (repadmin /replsum , dcdiag fine!)

my setup:

  • active directory on windows server 2012 r2 dc's
  • ad integrated dns
  • windows server 2012 r2 dhcp
  • dhcp configured credentials (ipv4 -> properties -> advanced -> credentials) dynamic update dns
  • dhcp-computer-account member of dnsupdateproxy-group

my questions:

  1. does user-account (configured in dhcp update dynamic dns) need member of dnsupdateproxy-group? can't find official reference , in blog-post write yes , in other no
  2. i cannot find "dnsupdateproxy"-group in security-tab of dns-zones. cannot find group in clean , brand new deployed test-lab! or group somewhere set deep in configuration , cannot modified?
  3. if have set manually rights dns-zones -> rights have setup , account/group?
  4. regarding delay @ creating dns-entries...is there possibility check if there queue?

what can do?!

every appreciated!
thank you
miranda

hi miranda,

in answer questions:

1) user account shouldn't in group, dhcp server/s.

2) ad group , membership managed you'd manage other group.

3) shouldn't need this.

4) i'm not sure on one, i'd have check.

is problem affecting non-windows machines or some?  can please check have name protection enable (it should default believe) - https://technet.microsoft.com/en-us/library/dd759188(v=ws.11).aspx.  if enabled , non-windows machines have same hostnames windows machines, prevent them getting registered in dns.  

if try , register non-windows client in dns, there local dns on site can connect to see if update has appeared?



Windows Server  >  IPAM, DHCP, DNS



Comments

Post a Comment

Popular posts from this blog

Group Policy Event ID 1058 Error Code 1326 (The user name or password is incorrect)

-
i seeing odd error on 1 of our domain controllers. have dealt event id 1058 errors whereby policy (or policies) not replicating, receiving error along error code 1326 on server, , apparently happening default domain policy: log name:      system source:        microsoft-windows-grouppolicy date:          8/10/2015 3:09:54 pm event id:      1058 task category: none level:         error keywords:      user:          s-1-5-21-1484152634-2550175353-3916092219-3287 computer:      <dc name>.<domainname> description: processing of group policy failed. windows attempted read file http://schemas.microsoft.com/win/2004/08/events/event ">   <system>     <provi...
Read more

Suspicious event log Event ID: 4905

-
hi thr, could please me understand causing such event logs generate ? as  i understand, vssvc.exe pertains volume shadow copy used backup purpose.  we have third party application used taking backup of servers. the event longs generated following messages: 1) attempt made unregister security event source. 2) attempt made register security event source. these events not regular generated on random days. standard fields: date:               2013/10/19 time:               02:32:19 importance:         critical rule name:          security event monitored machine:  <domain controller> log format:         windows log name:           security event id:           4905 in work hours:      yes dynamic fields: internal timestamp: 2013/10/19 ...
Read more

DCOM received error "2147746132" from...

-
hi everybody, i have dc (my windows essentials 2012 server) , windows 2012 server in network.  the windows server 2012 inside domain. on server, got "non stopping" error says in event logs : ===> dcom received error "2147746132" fromd computer xxxx(my dc computer) while server trying activation : {6df8cb71-153b-4c66-8fc4-e59301b8011b} it never stops, got 11000+ new events :s i found : http://support.microsoft.com/kb/971153/fr i'm not sure should ? does got idea ? matthieu. hi, please try solution mentioned in below link: http://www.eventid.net/display-eventid-10006-source-dcom-eventno-272-phase-1.htm regards, cicely Windows Server  >  Windows Server 2012 General ...
Read more