stand alone windows servers not registering in DNS.
BlueIT
are 2003 R2 and one is 2008 R2. I introduced the 2008 R2 recently in
anticipation for migration. The forest and domain level is still 2003
R2. There are multipe subnets but currently I think the issue is
only happening in one subnet. All DCs are in the same subnet as the
subnet the issues is occurring in.
For all the stand alone servers, I pass the IP through DHCP
reservations. We have a combination of 2003 and 2008 stand alone
servers. We run our in-house applications on these stand alone
servers and rely on both IP and DNS. Recently I have noticed that
some of the stand alone servers are not registering in DNS. I am
confident this occurs after a restart and only 2008 servers. Machine
is pingable by IP. With the use of a KVM solution, I notice that the
client is getting an IP, subnet mask, gateway and DNS information from
one of the 2003 DHCP servers, but DNS records for that client is
missing. The cure all is doing the infamous ipconfig /registerdns.
At first I noticed this for one stand alone server (2008) so I
reimaged it for giggles, but it happened again. Now I am noticing
more machines (2008) experiencing the same problems. I can say for
sure, it's NOT the same image that is applied on the machines I am
experiencing this with. This could be happening to user machines also
(XP PRO), but not confident.
I am just suspecting this, but I think this issue might have started
when I introduced the 2008 R2 domain controller as mentioned above.
Might be just plain coincidence.
Any input is welcomed and I will provide additional information if
requested.
Thanks in advance.
![Ace Fekay [MVP-DS, MCT]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
Ace Fekay [MVP-DS, MCT]
news:438bc6b0-2b05-40cb...@g29g2000yqe.googlegroups.com...
Hi BlueIT,
You haven't posted specific configuration info such as an ipconfig /all from
the server in question, nor Event log errors, to provide a specific possible
diagnosis, but what I can do is provide a guideline for Dynamic DNS
registration for non-DCs:
1. Primary DNS Suffix must match the zone name in DNS.
2 .DNS zone properties must allow updates
3. Only the DNS servers that have a reference to the zone must be specified
in the machine's IP properties. If a DNS server is specified that has no
reference to the zone, whether through secondaries, stubs, etc, such as
using a router as a DNS address or an ISP's DNS server, it will fail. If
mixing DNS servers that do have a reference to the zone and one that does
not, expect mixed results.
4. You can also set a specific interface to register into a zone in IP
properties of the interface, Advanced button, DNS tab.
5. Using DHCP Option 015 only sets the specific search suffix of the
interface that is set to DHCP.
I hope that helps.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
If you feel this is an urgent issue and require immediate assistance, please
contact Microsoft PSS directly. Please check http://support.microsoft.com
for regional support phone numbers.
Jonathan de Boyne Pollard
>
> Recently I have noticed that some of the stand alone servers are not
> registering in DNS.
>
DHCP clients are not successful in registering. An alternative, of
course, is to get your DHCP server to perform the registration.
Ace Fekay [MVP-DS, MCT]
in message
news:IU.D20100127.T0...@J.de.Boyne.Pollard.localhost...
Actually to point out, I posted a general guideline for dynamic
registration, DHCP or static clients. But for non-servers, I agree, DHCP
will do the job just fine.
Ace
BlueIT
<ace...@mvps.RemoveThisPart.org> wrote:
> "Jonathan de Boyne Pollard" <J.deBoynePollard-newsgro...@NTLWorld.COM> wrote
> in messagenews:IU.D20100127.T0...@J.de.Boyne.Pollard.localhost...
>
>
>
> >> Recently I have noticed that some of the stand alone servers are not
> >> registering in DNS.
>
> > M. Fekay has pointed you at some things to do to investigate why the DHCP
> > clients are not successful in registering. An alternative, of course, is
> > to get your DHCP server to perform the registration.
>
> Actually to point out, I posted a general guideline for dynamic
> registration, DHCP or static clients. But for non-servers, I agree, DHCP
> will do the job just fine.
>
> Ace
To add to your request, the DHCP servers and DNS servers are
172.31.244.20, .21 and .22. The 2008 R2 machine is .22. As
mentioned, the machine is getting all the required information from
DHCP but not registering in DNS. The following is an ipconfig /all.
I also reference you guideline as a checkpoint and at par.
Ethernet adapter Local Area Connection 5:
Connection-specific DNS Suffix . : domain.local
Description . . . . . . . . . . . : Broadcom BCM5708S NetXtreme II
GigE (NDI
VBD Client) #5
Physical Address. . . . . . . . . : 00-22-19-B5-00-CF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.31.244.49(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, January 26, 2010
4:25:09 PM
Lease Expires . . . . . . . . . . : Friday, January 29, 2010
4:25:13 PM
Default Gateway . . . . . . . . . : 172.31.244.1
DHCP Server . . . . . . . . . . . : 172.31.244.21
DNS Servers . . . . . . . . . . . : 172.31.244.20
172.31.244.21
NetBIOS over Tcpip. . . . . . . . : Enabled
Scope Options Vendor
Value Class
003 Router Standard
172.31.244.1 None
006 DNS Server Standard
172.31.244.20, 172.31.244.21 None
015 DNS Domain Name Standard
domain.local None
I check the System event viewer logs and came across the following
during the time after the system was back up:
4:26:02 PM Error Event ID 7001. This is expect as I have the Base
Engine service disabled.
4:26:35 PM Error Event ID 7026. stofit drivers failed to load.
Let me know if you need more information.
Jonathan de Boyne Pollard
Recently I have noticed that some of the stand alone servers are not registering in DNS.
M. Fekay has pointed you at some things to do to investigate why the DHCP clients are not successful in registering. An alternative, of course, is to get your DHCP server to perform the registration.
Actually to point out, I posted a general guideline for dynamic registration, DHCP or static clients. But for non-servers, I agree, DHCP will do the job just fine.
By "DHCP client" I mean the DHCP client, as in the DHCP client service,
running on all of those machines and which is responsible for
Dynamic DNS Update registration by a workstation even if the IP address
is statically configured. Also, by "stand-alone servers", M. Shah
is talking about application servers, for "our in-house
applications" (whatever they are), which are just plain old
workstations as far as Active Directory is concerned. So I think that
the issues that you quite rightly allude to aren't a concern for those
machines. These are non-servers, from what (little) we're
told. Having the DHCP server do the work is thus feasible.
Ace Fekay [MVP-DS, MCT]
in message
Ok, sorry for the misunderstanding. The DHCP Client service on all machines
is important to not disable, since that is the actual registration service.
Ace
Ace Fekay [MVP-DS, MCT]
> <ace...@mvps.RemoveThisPart.org> wrote:
>> "Jonathan de Boyne Pollard" <J.deBoynePollard-newsgro...@NTLWorld.COM> wrote
>> in
>> messagenews:IU.D20100127.T0...@J.de.Boyne.Pollard.localhost...
>>
>>
>>
>>>> Recently I have noticed that some of the stand alone servers are not
>>>> registering in DNS.
>>
>>> M. Fekay has pointed you at some things to do to investigate why the DHCP
Thanks, BlueIT for posting this. This machine apparently appears to be
fine.
I *assume* the DCs are not multihomed (a multihomed DC is defined as
having more than one NIC, IP address and/or RRAS/VPN installed), nor do
they have an outside DNS address (one that does not h ave a reference
to the domain.local zone) configured in their properties. If either is
true, it will complicate the diagnosis and may be the cause.
EventID 7001 & 7026 are generic to specific services, and from what you
mentioned, I do not believe they are related to this issue.
I assume the DHCP Client service is running on the machine. If
disabled, it will still get an IP, however it will not register.
Ace
BlueIT
<ace...@mvps.RemoveThisPart.org> wrote:
> > On Jan 27, 9:32 am, "Ace Fekay [MVP-DS, MCT]"
> > <ace...@mvps.RemoveThisPart.org> wrote:
> >> "Jonathan de Boyne Pollard" <J.deBoynePollard-newsgro...@NTLWorld.COM> wrote
> >> in
> >> messagenews:IU.D20100127.T0...@J.de.Boyne.Pollard.localhost...
>
> >>>> Recently I have noticed that some of the stand alone servers are not
> >>>> registering in DNS.
>
> >>> M. Fekay has pointed you at some things to do to investigate why the DHCP
>
> - Show quoted text -
Neither the DHCP and DNS (DC) servers are multihomed. Neither have
multiple NICs enabled on same subnet or other. As for the client,
DHCP Client is set to automatic. All these are valid checkpoints and
causing me to be confused say things seem to be at par. The client, I
have even reimaged using the same hostname. I can't change this as
our in-house app is set to use the hostname also. I don't think
Static IP will make any either. Right now, this problem is limited to
a handful of machines. Recall, different images also.
BlueIT
<ace...@mvps.RemoveThisPart.org> wrote:
> > On Jan 27, 9:32 am, "Ace Fekay [MVP-DS, MCT]"
> > <ace...@mvps.RemoveThisPart.org> wrote:
> >> "Jonathan de Boyne Pollard" <J.deBoynePollard-newsgro...@NTLWorld.COM> wrote
> >> in
> >> messagenews:IU.D20100127.T0...@J.de.Boyne.Pollard.localhost...
>
> >>>> Recently I have noticed that some of the stand alone servers are not
> >>>> registering in DNS.
>
> >>> M. Fekay has pointed you at some things to do to investigate why the DHCP
>
> - Show quoted text -
Correct me if I am wrong, but I thought 2003 DHCP server does the the
registration by default?
Ace Fekay [MVP-DS, MCT]
> <ace...@mvps.RemoveThisPart.org> wrote:
>>> On Jan 27, 9:32ï¿œam, "Ace Fekay [MVP-DS, MCT]"
>>> <ace...@mvps.RemoveThisPart.org> wrote:
>>>> "Jonathan de Boyne Pollard" <J.deBoynePollard-newsgro...@NTLWorld.COM>
>>>> wrote in
>>>> messagenews:IU.D20100127.T0...@J.de.Boyne.Pollard.localhost...
>>>>>> Recently I have noticed that some of the stand alone servers are not
>>>>>> registering in DNS.
>>
>>>>> M. Fekay has pointed you at some things to do to investigate why the DHCP
>>>>> to get your DHCP server to perform the registration.
>>>> Actually to point out, I posted a general guideline for dynamic
>>>> registration, DHCP or static clients. But for non-servers, I agree, DHCP
>>>> will do the job just fine.
>>
>>>> Ace
>>
>>> To add to your request, the DHCP servers and DNS servers are
>>> mentioned, the machine is getting all the required information from
>>> I also reference you guideline as a checkpoint and at par.
>>> Ethernet adapter Local Area Connection 5:
>>> ᅵ ᅵDescription . . . . . . . . . . . : Broadcom BCM5708S NetXtreme II
>>> GigE (NDI
>>> ï¿œVBD Client) #5
>>> ᅵ ᅵPhysical Address. . . . . . . . . : 00-22-19-B5-00-CF
>>> ᅵ ᅵDHCP Enabled. . . . . . . . . . . : Yes
>>> ᅵ ᅵAutoconfiguration Enabled . . . . : Yes
>>> ᅵ ᅵIPv4 Address. . . . . . . . . . . : 172.31.244.49(Preferred)
>>> ᅵ ᅵSubnet Mask . . . . . . . . . . . : 255.255.255.0
>>> ᅵ ᅵLease Obtained. . . . . . . . . . : Tuesday, January 26, 2010
>>> 4:25:09 PM
>>> ᅵ ᅵLease Expires . . . . . . . . . . : Friday, January 29, 2010
>>> 4:25:13 PM
>>> ᅵ ᅵDefault Gateway . . . . . . . . . : 172.31.244.1
>>> ᅵ ᅵDHCP Server . . . . . . . . . . . : 172.31.244.21
>>> ᅵ ᅵDNS Servers . . . . . . . . . . . : 172.31.244.20
>>> ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ172.31.244.21
>>> ᅵ ᅵNetBIOS over Tcpip. . . . . . . . : Enabled
>>> Scope Options ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ Vendor
>>> Value ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ Class
>>> 003 Router ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ Standard
>>> 172.31.244.1 ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ None
>>> 006 DNS Server ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵStandard
>>> 172.31.244.20, 172.31.244.21 ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ None
>>> 015 DNS Domain Name ᅵ ᅵ ᅵ Standard
>>> domain.local ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ ᅵ None
>>> I check the System event viewer logs and came across the following
>>> during the time after the system was back up:
>>> Engine service disabled.
>>> 4:26:35 PM ï¿œError Event ID 7026. ï¿œstofit drivers failed to load.
Well, kind of but not exactly. It depends.
By default, a Windows 2000 and newer statically configured machines
will register their A record (hostname) and PTR (reverse entry) into
DNS.
If set to DHCP, a Windows 2000 or newer machine will request DHCP to
allow the machine itself to register its own A record, but DHCP will
register its PTR (reverse entry) record.
However, there's more to it. Please read my blog on this process and
other options.
DHCP, Dynamic DNS Updates, Scavenging, static entries & timestamps, and
the DnsProxyUpdate Group (How to remove duplicate DNS host records):
http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx
You can *force* DHCP to do all the registration for you, as outlined in
my blog, but you need to address the dupe records created by either
using the DnsUpdateProxy group, or configuring credentials for DHCP to
own the records.
BUT, what *concerns* me is you stated these machines are imaged. Did
you use Sysprep, or are these machines mirror copies of a base image?
If mirrored copies, I can see what's going on - it has a duplcate SID.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit
among responding engineers, and to help others benefit from your
resolution.
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE
& MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
If you feel this is an urgent issue and require immediate assistance,
Phillip Windell
message news:mn.db8a7da18f...@mvps.RemoveThisPart.org...
> BUT, what *concerns* me is you stated these machines are imaged. Did you
> use Sysprep, or are these machines mirror copies of a base image?
>
> If mirrored copies, I can see what's going on - it has a duplcate SID.
I've have good luck with NewSid.exe It even works with with Vista without
fouling up the activation if it was activated before the image was made.
It's freeware.
--
Phillip Windell
The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------
BlueIT
> <Ace Fekay [MVP-DS>; "MCT]" <ace...@mvps.RemoveThisPart.org> wrote in
>
> > BUT, what *concerns* me is you stated these machines are imaged. Did you
> > use Sysprep, or are these machines mirror copies of a base image?
>
> > If mirrored copies, I can see what's going on - it has a duplcate SID.
>
> I've have good luck with NewSid.exe It even works with with Vista without
> fouling up the activation if it was activated before the image was made.
> It's freeware.
>
> --
> Phillip Windell
>
> The views expressed, are my own and not those of my employer, or Microsoft,
> or anyone else associated with me, including my cats.
> -----------------------------------------------------
the image was used with sysprep so that is out of the question. might
be a whole different topic, but 2008 sysprep does differ from 2003
sysprep. this same image i used on another machine doesn't have the
same issue. I'll check out your blog............to be continued.
Jonathan de Boyne Pollard
BUT, what concerns me is you stated these machines are imaged. Did you use
Sysprep, or are these machines mirror copies of a base image?
If mirrored copies, I can see what's going on - it has a duplicate SID.
I've have good luck with
NewSid.exeIt even works with with Vista without fouling up the activation if it was activated before the image was made. It's freeware.
... and Mark
Russinovich explains that a lot of the thinking that underpins people's
desire to run it in the first place appears to be ill-founded, with
duplicate SIDs not actually being the problem they are often thought to
be. Hence the tool being retired last year.
Ace Fekay [MVP-DS, MCT]
in message
Maybe I should have been more specific regarding duplicate SID. My concern
was if the zone is set to allow updates for Secure Only option, a duplicate
SID may cause issues during Kerberos authentication.
Yes, I realize NewSid has been retired. It does work, however, I do not use
it and rather use Sysprep.
For others out there, the following are links on duplicate SIDs, and the
myth surrounding it that one can read up on.
NewSID v4.10, By Mark Russinovich and Bryce Cogswell, Published: November 1,
2006
Note: NewSID has been retired and is no longer available for download.
http://technet.microsoft.com/en-us/sysinternals/bb897418.aspx
Please see Mark Russinovich�s blog post: NewSID Retirement and the Machine
SID Duplication Myth
http://blogs.technet.com/markrussinovich/archive/2009/11/03/3291024.aspx
The Microsoft KBs regarding duplicate SIDS not being supported have not been
retired. Apparently there must be a good reason for that.
Do not disk duplicate installed versions of WindowsCloning or duplicating an
installation without taking the recommended steps could lead to duplicate
SIDs, and in the case of removable media, ...
http://support.microsoft.com/kb/162001
The Microsoft policy concerning disk duplication of Windows XP ...In the
case of removable media, a duplicate SID might give an account access to ...
Microsoft does not support the running of Sysprep after the image is ...
http://support.microsoft.com/kb/314828
Ace
Ace Fekay [MVP-DS, MCT]
>> <Ace Fekay [MVP-DS>; "MCT]" <ace...@mvps.RemoveThisPart.org> wrote in
>> messagenews:mn.db8a7da18f...@mvps.RemoveThisPart.org...
>>
>>> BUT, what *concerns* me is you stated these machines are imaged. Did you
>>> use Sysprep, or are these machines mirror copies of a base image?
>>> If mirrored copies, I can see what's going on - it has a duplcate SID.
>>
>> fouling up the activation if it was activated before the image was made.
>> It's freeware.
>>
>> --
>> Phillip Windell
>>
>> The views expressed, are my own and not those of my employer, or Microsoft,
>> or anyone else associated with me, including my cats.
>> -----------------------------------------------------
>
> the image was used with sysprep so that is out of the question. might
> be a whole different topic, but 2008 sysprep does differ from 2003
> sysprep. this same image i used on another machine doesn't have the
> same issue. I'll check out your blog............to be continued.
Good to hear that. As for differences, as far as I know, it acts the
same regarding resetting a machine at boot creating a new SID and other
factors during image booting.
I haven't used Sysprep with Windows 2008, however I have with Vista and
Windows 7, and they are similar, and it works fine and haven't seen
this issue using it.
Curious, just to touch base when you used Sysprep, and this is out of
curiosity, when you ran it did you use the XML answer method, or did
you use the GUI? If the GUI, I assume you selected the "Generalize"
checkbox (which generates a new SID at boot)?
Also, I found the following KB regarding this issue. It may apply to
your scenario.
A Windows Server 2008-based DHCP server does not register DNS ...Fixes
an issue in which a Windows Server 2008-based DHCP server does not
register DNS records for earlier version DHCP clients that do not send
option 81 to ...
http://support.microsoft.com/kb/967363
And I agree the extended SID topic that ensued is a completely
different topic for another time.
Ace
Ace Fekay [MVP-DS, MCT]
BluetIT,
I may have posted that KB too soon. I don't think it applies. However,
I've found the following articles that may be of interest.
Sysprep Networking section does not apply - Update to register with DNS
...
http://www.techtalkz.com/windows-deployment/194355-sysprep-networking-section-does-not-apply.html
Also, something else to look into. Thinking back a few weeks ago, I
believe I remember someone posting in another group a similar issue
with Windows 7 not registering. IIRC, from what I remember of the
issue, is I believe that Windows 7 either does not set "register this
connection" or it does not set "append primary DNS" suffix by default
on a fresh installation.
Ace
BlueIT
<ace...@mvps.RemoveThisPart.org> wrote:
> >> On Jan 27, 3:15 pm, "Phillip Windell" <philwind...@hotmail.com> wrote:
> >>> <Ace Fekay [MVP-DS>; "MCT]" <ace...@mvps.RemoveThisPart.org> wrote in
> >>> messagenews:mn.db8a7da18f...@mvps.RemoveThisPart.org...
>
> >>>> BUT, what *concerns* me is you stated these machines are imaged. Did you
> >>>> use Sysprep, or are these machines mirror copies of a base image?
> >>>> If mirrored copies, I can see what's going on - it has a duplcate SID.
>
>
> Also, something else to look into. Thinking back a few weeks ago, I
> believe I remember someone posting in another group a similar issue
> with Windows 7 not registering. IIRC, from what I remember of the
> issue, is I believe that Windows 7 either does not set "register this
> connection" or it does not set "append primary DNS" suffix by default
> on a fresh installation.
>
>
> - Show quoted text -
Altough newsid has saved me in the past, didn't work well for 2008 R2
and Win7 for me. I believed it cause the infamous BSOD. As for
sysprep, I use the GUI that is local to the machine. There are only
two System Cleanup Actions:
1. Enter System Out-of-Box Experience (OOBE).
2. Enter System Audit Mode.
Don't have option for generating new SID as was the case for 2003
sysprep. That is why I mention it has change is previous post. The
zone is definately set up for Secure Only option, although I use
sysprep I should not need to worry but still have to consider that as
a reason.
I went through the three DHCP servers and set each to "Always
dynamically update DNS A and PTR records." I have always used the
default. Will look at the links you provided.
Thanks
BlueIT
>
> - Show quoted text -
forgot to mention, nslookup by IP works. Reverse lookup zone seems to
be accurate, just not the forward.
Ace Fekay [MVP-DS, MCT]
>> On Jan 27, 8:59ï¿œpm, Ace Fekay [MVP-DS, MCT]
>>
>>
>>
>>
>>
>> <ace...@mvps.RemoveThisPart.org> wrote:
>>>>> On Jan 27, 3:15ï¿œpm, "Phillip Windell" <philwind...@hotmail.com> wrote:
>>>>>> <Ace Fekay [MVP-DS>; "MCT]" <ace...@mvps.RemoveThisPart.org> wrote in
>>>>>> messagenews:mn.db8a7da18f...@mvps.RemoveThisPart.org...
>>>>>>> BUT, what *concerns* me is you stated these machines are imaged. Did
>>>>>>> you use Sysprep, or are these machines mirror copies of a base image?
>>>>>>> If mirrored copies, I can see what's going on - it has a duplcate SID.
>>>>>> was made. It's freeware.
>>
>>>>>> --
>>>>>> Phillip Windell
>>
>>>>>> The views expressed, are my own and not those of my employer, or
>>>>>> Microsoft,
>>>>>> or anyone else associated with me, including my cats.
>>>>>> -----------------------------------------------------
>>>>> be a whole different topic, but 2008 sysprep does differ from 2003
>>>>> same issue. ï¿œI'll check out your blog............to be continued.
>> sysprep, I use the GUI that is local to the machine. ï¿œThere are only
>> two System Cleanup Actions:
>>
>> 1. ï¿œEnter System Out-of-Box Experience (OOBE).
>> 2. ï¿œEnter System Audit Mode.
>>
>> Don't have option for generating new SID as was the case for 2003
>> zone is definately set up for Secure Only option, although I use
>> sysprep I should not need to worry but still have to consider that as
>> a reason.
>>
>> I went through the three DHCP servers and set each to "Always
>> default. ï¿œWill look at the links you provided.
>>
>> Thanks- Hide quoted text -
>>
>> - Show quoted text -
>
> forgot to mention, nslookup by IP works. Reverse lookup zone seems to
> be accurate, just not the forward.
Actually, with Sysprep, if you check the 'generalize' checkbox, it
creates a new SID upon boot.
If reverse works, it appears DHCP is registering that record, but the
machine may not be asking DHCP. If you set DHCP to force, I am curious
if that works.
Also, did you check those settings in the NIC's properties? ("register
this connection" and "append primary DNS" suffix.)
--
Ace
BlueIT
<ace...@mvps.RemoveThisPart.org> wrote:
> > On Jan 28, 12:04 pm, BlueIT <bijal.s...@bluecg.com> wrote:
> >> On Jan 27, 8:59 pm, Ace Fekay [MVP-DS, MCT]
>
> >> <ace...@mvps.RemoveThisPart.org> wrote:
> >>>>> On Jan 27, 3:15 pm, "Phillip Windell" <philwind...@hotmail.com> wrote:
> >>>>>> <Ace Fekay [MVP-DS>; "MCT]" <ace...@mvps.RemoveThisPart.org> wrote in
> >>>>>> messagenews:mn.db8a7da18f...@mvps.RemoveThisPart.org...
> >>>>>>> BUT, what *concerns* me is you stated these machines are imaged. Did
> >>>>>>> you use Sysprep, or are these machines mirror copies of a base image?
> >>>>>>> If mirrored copies, I can see what's going on - it has a duplcate SID.
> >>>>>> without fouling up the activation if it was activated before the image
> >>>>>> was made. It's freeware.
>
> >>>>>> --
> >>>>>> Phillip Windell
>
> >>>>>> The views expressed, are my own and not those of my employer, or
> >>>>>> Microsoft,
> >>>>>> or anyone else associated with me, including my cats.
> >>>>>> -----------------------------------------------------
> >>>>> be a whole different topic, but 2008 sysprep does differ from 2003
> >>>>> same issue. I'll check out your blog............to be continued.
> >>>> Good to hear that. As for differences, as far as I know, it acts the same
> >>>> regarding resetting a machine at boot creating a new SID and other factors
> >>>> during image booting.
>
> >>>> I haven't used Sysprep with Windows 2008, however I have with Vista and
> >>>> Windows 7, and they are similar, and it works fine and haven't seen this
> >>>> issue using it.
>
> >>>> Curious, just to touch base when you used Sysprep, and this is out of
> >>>> curiosity, when you ran it did you use the XML answer method, or did you
> >>>> use the GUI? If the GUI, I assume you selected the "Generalize" checkbox
> >>>> (which generates a new SID at boot)?
>
> >>>> Also, I found the following KB regarding this issue. It may apply to your
> >>>> scenario.
>
> >>>> A Windows Server 2008-based DHCP server does not register DNS ...Fixes an
> >>>> issue in which a Windows Server 2008-based DHCP server does not register
> >>>> DNS records for earlier version DHCP clients that do not send option 81 to
> >>>> And I agree the extended SID topic that ensued is a completely different
> >>>> topic for another time.
>
> >>>> Ace
>
> >>> BluetIT,
>
> >>> I may have posted that KB too soon. I don't think it applies. However,
> >>> I've found the following articles that may be of interest.
> >>> Sysprep Networking section does not apply - Update to register with DNS
> >>> ...http://www.techtalkz.com/windows-deployment/194355-sysprep-networking...
> >>> Also, something else to look into. Thinking back a few weeks ago, I
> >>> believe I remember someone posting in another group a similar issue
> >>> with Windows 7 not registering. IIRC, from what I remember of the
> >>> issue, is I believe that Windows 7 either does not set "register this
> >>> connection" or it does not set "append primary DNS" suffix by default
> >>> on a fresh installation.
>
> >>> Ace- Hide quoted text -
>
> >>> - Show quoted text -
>
> >> Altough newsid has saved me in the past, didn't work well for 2008 R2
> >> sysprep, I use the GUI that is local to the machine. There are only
> >> two System Cleanup Actions:
>
> >> 1. Enter System Out-of-Box Experience (OOBE).
> >> 2. Enter System Audit Mode.
>
> >> Don't have option for generating new SID as was the case for 2003
> >> zone is definately set up for Secure Only option, although I use
> >> sysprep I should not need to worry but still have to consider that as
> >> a reason.
>
> >> I went through the three DHCP servers and set each to "Always
> >> default. Will look at the links you provided.
>
> >> Thanks- Hide quoted text -
>
> >> - Show quoted text -
>
> > forgot to mention, nslookup by IP works. Reverse lookup zone seems to
> > be accurate, just not the forward.
>
> Actually, with Sysprep, if you check the 'generalize' checkbox, it
> creates a new SID upon boot.
>
> If reverse works, it appears DHCP is registering that record, but the
> machine may not be asking DHCP. If you set DHCP to force, I am curious
> if that works.
>
> Also, did you check those settings in the NIC's properties? ("register
> this connection" and "append primary DNS" suffix.)
>
> --
> Ace
If the generalize button is not selected, does that mean that a new
SID is not created?
As for TCP/IP properties, I do have both options selected. I don't
follow how to set DHCP to force. Where do I go about doing that?
I am quite confident that this is only happening to the 2008 machines.
Ace Fekay [MVP-DS, MCT]
> On Jan 28, 6:17ï¿œpm, Ace Fekay [MVP-DS, MCT]
> <ace...@mvps.RemoveThisPart.org> wrote:
>>> On Jan 28, 12:04ï¿œpm, BlueIT <bijal.s...@bluecg.com> wrote:
>>>> On Jan 27, 8:59ï¿œpm, Ace Fekay [MVP-DS, MCT]
>>>> <ace...@mvps.RemoveThisPart.org> wrote:
>>>>>>> On Jan 27, 3:15ï¿œpm, "Phillip Windell" <philwind...@hotmail.com> wrote:
>>>>>>>> <Ace Fekay [MVP-DS>; "MCT]" <ace...@mvps.RemoveThisPart.org> wrote in
>>>>>>>> messagenews:mn.db8a7da18f...@mvps.RemoveThisPart.org...
>>>>>>>>> BUT, what *concerns* me is you stated these machines are imaged. Did
>>>>>>>>> you use Sysprep, or are these machines mirror copies of a base image?
>>>>>>>>> If mirrored copies, I can see what's going on - it has a duplcate
>>>>>>>>> SID.
>>>>>>>> without fouling up the activation if it was activated before the image
>>>>>>>> was made. It's freeware.
>>
>>>>>>>> --
>>>>>>>> Phillip Windell
>>
>>>>>>>> The views expressed, are my own and not those of my employer, or
>>>>>>>> Microsoft,
>>>>>>>> or anyone else associated with me, including my cats.
>>>>>>>> -----------------------------------------------------
>>>>>>> be a whole different topic, but 2008 sysprep does differ from 2003
>>>>>>> same issue. ï¿œI'll check out your blog............to be continued.
>>>> sysprep, I use the GUI that is local to the machine. ï¿œThere are only
>>>> two System Cleanup Actions:
>>
>>>> 1. ï¿œEnter System Out-of-Box Experience (OOBE).
>>>> 2. ï¿œEnter System Audit Mode.
>>
>>>> Don't have option for generating new SID as was the case for 2003
>>>> zone is definately set up for Secure Only option, although I use
>>>> sysprep I should not need to worry but still have to consider that as
>>>> a reason.
>>
>>>> I went through the three DHCP servers and set each to "Always
>>>> default. ï¿œWill look at the links you provided.
>>>> Thanks- Hide quoted text -
>>
>>>> - Show quoted text -
>>
>>> be accurate, just not the forward.
>>
>> Actually, with Sysprep, if you check the 'generalize' checkbox, it
>> creates a new SID upon boot.
>>
>> If reverse works, it appears DHCP is registering that record, but the
>> machine may not be asking DHCP. If you set DHCP to force, I am curious
>> if that works.
>>
>> Also, did you check those settings in the NIC's properties? ("register
>> this connection" and "append primary DNS" suffix.)
>>
>> --
>> Ace
>
> If the generalize button is not selected, does that mean that a new
> SID is not created?
>
> As for TCP/IP properties, I do have both options selected. I don't
> follow how to set DHCP to force. Where do I go about doing that?
>
> I am quite confident that this is only happening to the 2008 machines.
Yes, as I've already mentioned, checking the "generalize" checkbox
creates a new machine SID upon the "mini-setup" at boot when the image
is put on a machine. The following link shows this.
James Kovacs' Weblog - How to Sysprep Windows Server 2008:
http://www.jameskovacs.com/blog/HowToSysprepWindowsServer2008.aspx
As for how to force DHCP to update for all clients, in DHCP properties,
DNS tab, select the radio button to update all records whether the
client asks for it or not. However, you must also configure DHCP to own
the records it creates so it will update the IP if it were to change on
the client with a new IP, otherwise duplicates will be created in the
zone. My blog has instructions on how to do both. I hope you find a few
minutes to go over it.
DHCP, Dynamic DNS Updates, Scavenging, static entries & timestamps, and
the DnsProxyUpdate Group (How to remove duplicate DNS host records):
http://msmvps.com/blogs/acefekay/archive/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group.aspx
--
BlueIT
<ace...@mvps.RemoveThisPart.org> wrote:
> > On Jan 28, 6:17 pm, Ace Fekay [MVP-DS, MCT]
> > <ace...@mvps.RemoveThisPart.org> wrote:
> >>> On Jan 28, 12:04 pm, BlueIT <bijal.s...@bluecg.com> wrote:
> >>>> On Jan 27, 8:59 pm, Ace Fekay [MVP-DS, MCT]
> >>>> <ace...@mvps.RemoveThisPart.org> wrote:
> >>>>>>> On Jan 27, 3:15 pm, "Phillip Windell" <philwind...@hotmail.com> wrote:
> >>>>>>>> <Ace Fekay [MVP-DS>; "MCT]" <ace...@mvps.RemoveThisPart.org> wrote in
> >>>>>>>> messagenews:mn.db8a7da18f...@mvps.RemoveThisPart.org...
> >>>>>>>>> BUT, what *concerns* me is you stated these machines are imaged. Did
> >>>>>>>>> you use Sysprep, or are these machines mirror copies of a base image?
> >>>>>>>>> If mirrored copies, I can see what's going on - it has a duplcate
> >>>>>>>>> SID.
> >>>>>>>> without fouling up the activation if it was activated before the image
> >>>>>>>> was made. It's freeware.
>
> >>>>>>>> --
> >>>>>>>> Phillip Windell
>
> >>>>>>>> The views expressed, are my own and not those of my employer, or
> >>>>>>>> Microsoft,
> >>>>>>>> or anyone else associated with me, including my cats.
> >>>>>>>> -----------------------------------------------------
> >>>>>>> be a whole different topic, but 2008 sysprep does differ from 2003
> >>>>>>> same issue. I'll check out your blog............to be continued.
> >>>> sysprep, I use the GUI that is local to the machine. There are only
> >>>> two System Cleanup Actions:
>
> >>>> 1. Enter System Out-of-Box Experience (OOBE).
> >>>> 2. Enter System Audit Mode.
>
> >>>> Don't have option for generating new SID as was the case for 2003
> >>>> zone is definately set up for Secure Only option, although I use
> >>>> sysprep I should not need to worry but still have to consider that as
> >>>> a reason.
>
> >>>> I went through the three DHCP servers and set each to "Always
> >>>> default. Will look at the links you provided.
> >>>> Thanks- Hide quoted text -
>
> >>>> - Show quoted text -
>
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Please reply back to the newsgroup or forum for collaboration benefit
> among responding engineers, and to help others benefit from your
> resolution.
>
> Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE
> & MCSA 2003/2000, MCSA Messaging 2003
> Microsoft Certified Trainer
> Microsoft MVP - Directory Services
>
> If you feel this is an urgent issue and require immediate assistance,
>
> - Show quoted text -
If you are referring to Always dynamically update DNS and PTR records,
I have selected but still no luck. I have read over your blog and
since the DHCP is on the DCs, Option 2 is my only choice. My question
to you is that if this is a common practice. I have never gone this
route before. Also, the general user account to create. No
membership to any groups at all other than Domain User?
I have definately ruled out duplicate SIDs as a cause of the issue. I
have noticed that this is not restricted to one zone now.
Thanks again.
Ace Fekay [MVP-DS, MCT]
> <ace...@mvps.RemoveThisPart.org> wrote:
>>> On Jan 28, 6:17ï¿œpm, Ace Fekay [MVP-DS, MCT]
>>> <ace...@mvps.RemoveThisPart.org> wrote:
>>>>> On Jan 28, 12:04ï¿œpm, BlueIT <bijal.s...@bluecg.com> wrote:
>>>>>> On Jan 27, 8:59ï¿œpm, Ace Fekay [MVP-DS, MCT]
>>>>>> <ace...@mvps.RemoveThisPart.org> wrote:
>>>>>>>>> On Jan 27, 3:15ï¿œpm, "Phillip Windell" <philwind...@hotmail.com>
>>>>>>>>>> <Ace Fekay [MVP-DS>; "MCT]" <ace...@mvps.RemoveThisPart.org> wrote
>>>>>>>>>> in messagenews:mn.db8a7da18f...@mvps.RemoveThisPart.org...
>>>>>>>>>>> BUT, what *concerns* me is you stated these machines are imaged.
>>>>>>>>>>> Did you use Sysprep, or are these machines mirror copies of a base
>>>>>>>>>>> image? If mirrored copies, I can see what's going on - it has a
>>>>>>>>>>> duplcate SID.
>>>>>>>>>> without fouling up the activation if it was activated before the
>>>>>>>>>> image was made. It's freeware.
>>
>>>>>>>>>> --
>>>>>>>>>> Phillip Windell
>>
>>>>>>>>>> The views expressed, are my own and not those of my employer, or
>>>>>>>>>> Microsoft,
>>>>>>>>>> or anyone else associated with me, including my cats.
>>>>>>>>>> -----------------------------------------------------
>>>>>>>>> the image was used with sysprep so that is out of the question.
>>>>>>>>> 2003 sysprep. ï¿œthis same image i used on another machine doesn't have
>>>>>>>>> the same issue. ï¿œI'll check out your blog............to be continued.
>>>>>> sysprep, I use the GUI that is local to the machine. ï¿œThere are only
>>>>>> two System Cleanup Actions:
>>
>>>>>> 1. ï¿œEnter System Out-of-Box Experience (OOBE).
>>>>>> 2. ï¿œEnter System Audit Mode.
>>
>>>>>> Don't have option for generating new SID as was the case for 2003
>>>>>> zone is definately set up for Secure Only option, although I use
>>>>>> sysprep I should not need to worry but still have to consider that as
>>>>>> a reason.
>>
>>>>>> I went through the three DHCP servers and set each to "Always
>>>>>> default. ï¿œWill look at the links you provided.
>>>>>> Thanks- Hide quoted text -
>>
>>>>>> - Show quoted text -
>>
>>>>> be accurate, just not the forward.
>>>> Actually, with Sysprep, if you check the 'generalize' checkbox, it
>>>> creates a new SID upon boot.
>>
>>>> If reverse works, it appears DHCP is registering that record, but the
>>>> machine may not be asking DHCP. If you set DHCP to force, I am curious
>>>> if that works.
>>
>>>> Also, did you check those settings in the NIC's properties? ("register
>>>> this connection" and "append primary DNS" suffix.)
>>>> --
>>>> Ace
>>
>>> If the generalize button is not selected, does that mean that a new
>>> SID is not created?
>>
>>> follow how to set DHCP to force. ï¿œWhere do I go about doing that?
Darn, I was hoping forcing it would work. As for as being a "common
practice," not in that sense, but it's a practice that will eliminate
duplicate records and keep the zones cleaned and updated.
The general user account is a plain-Jane user. No groups other than
Domain Users. It's an account to authenticate to satisfy Kerberos
authentication, which is what's used if the zone is set to Secure
Updates only.
How did you rule out duplicate SIDs? Even if it's more than one zone
it's happening on, are the other machines you installed from the same
image?
Have you tried to simply install a new machine from scratch and tried
that?
Are there any security software installed on the imaged machine prior
to imaging?
Ace
BlueIT
<ace...@mvps.RemoveThisPart.org> wrote:
> > On Jan 28, 8:19 pm, Ace Fekay [MVP-DS, MCT]
> > <ace...@mvps.RemoveThisPart.org> wrote:
> >>> On Jan 28, 6:17 pm, Ace Fekay [MVP-DS, MCT]
> >>> <ace...@mvps.RemoveThisPart.org> wrote:
> >>>>> On Jan 28, 12:04 pm, BlueIT <bijal.s...@bluecg.com> wrote:
> >>>>>> On Jan 27, 8:59 pm, Ace Fekay [MVP-DS, MCT]
> >>>>>> <ace...@mvps.RemoveThisPart.org> wrote:
> >>>>>>>>> On Jan 27, 3:15 pm, "Phillip Windell" <philwind...@hotmail.com>
> >>>>>>>>> wrote:
> >>>>>>>>>> <Ace Fekay [MVP-DS>; "MCT]" <ace...@mvps.RemoveThisPart.org> wrote
> >>>>>>>>>> in messagenews:mn.db8a7da18f...@mvps.RemoveThisPart.org...
> >>>>>>>>>>> BUT, what *concerns* me is you stated these machines are imaged.
> >>>>>>>>>>> Did you use Sysprep, or are these machines mirror copies of a base
> >>>>>>>>>>> image? If mirrored copies, I can see what's going on - it has a
> >>>>>>>>>>> duplcate SID.
> >>>>>>>>>> without fouling up the activation if it was activated before the
> >>>>>>>>>> image was made. It's freeware.
>
> >>>>>>>>>> --
> >>>>>>>>>> Phillip Windell
>
> >>>>>>>>>> The views expressed, are my own and not those of my employer, or
> >>>>>>>>>> Microsoft,
> >>>>>>>>>> or anyone else associated with me, including my cats.
> >>>>>>>>>> -----------------------------------------------------
> >>>>>>>>> the image was used with sysprep so that is out of the question.
> >>>>>>>>> the same issue. I'll check out your blog............to be continued.
> >>>>>> sysprep, I use the GUI that is local to the machine. There are only
> >>>>>> two System Cleanup Actions:
>
> >>>>>> 1. Enter System Out-of-Box Experience (OOBE).
> >>>>>> 2. Enter System Audit Mode.
>
> >>>>>> Don't have option for generating new SID as was the case for 2003
> >>>>>> zone is definately set up for Secure Only option, although I use
> >>>>>> sysprep I should not need to worry but still have to consider that as
> >>>>>> a reason.
>
> >>>>>> I went through the three DHCP servers and set each to "Always
> >>>>>> default. Will look at the links you provided.
> >>>>>> Thanks- Hide quoted text -
>
> >>>>>> - Show quoted text -
>
> >>>>> be accurate, just not the forward.
> >>>> Actually, with Sysprep, if you check the 'generalize' checkbox, it
> >>>> creates a new SID upon boot.
>
> >>>> If reverse works, it appears DHCP is registering that record, but the
> >>>> machine may not be asking DHCP. If you set DHCP to force, I am curious
> >>>> if that works.
>
> >>>> Also, did you check those settings in the NIC's properties? ("register
> >>>> this connection" and "append primary DNS" suffix.)
> >>>> --
> >>>> Ace
>
> >>> If the generalize button is not selected, does that mean that a new
> >>> SID is not created?
>
> >>> follow how to set DHCP to force. Where do I go about doing that?
>
> - Show quoted text -
As for the images, it's a combination of different machine type so the
same image is not applied to all machines, but definately the same
OS. I could only wish it was that easy. For giggles, I ran newsid
(sysinternals) on a machine that I am having issues with but no luck.
Same problem occurred.
As for how I rule out SID, using psgetsid (sysinternals) I was able to
get all the SID from the servers. Dump them in excel and sorted to
compare for dupes. Command below.
psgetsid @c:\file.txt -u username -p password > c:\dump.txt
My current thinking is to disable the DHCP and DNS on the 2008 R2 DC.
The thinking behind is pretty much on every troubleshooting admin in
figuring out an issue. "What has changed?" The 2008 R2 DC was
introduced as a spare as I didn't want to do an inplace upgrade of the
existing 2003 R2 DCs. I am a fan of clean installation if I can.
Anyways, the first issue occurred a week later....after a machine
restart. My thinking is that it has morphed now and our propriety app
uses DNS. So today off hours, going to remove those roles since I
have the original two DCs with DNS/DHCP. If the issue still exist,
might have to call up the big guns.
Thanks again....
Ace Fekay [MVP-DS, MCT]
>
> As for the images, it's a combination of different machine type so the
> same image is not applied to all machines, but definately the same
> OS. I could only wish it was that easy. For giggles, I ran newsid
> (sysinternals) on a machine that I am having issues with but no luck.
> Same problem occurred.
>
> As for how I rule out SID, using psgetsid (sysinternals) I was able to
> get all the SID from the servers. Dump them in excel and sorted to
> compare for dupes. Command below.
>
> psgetsid @c:\file.txt -u username -p password > c:\dump.txt
>
> My current thinking is to disable the DHCP and DNS on the 2008 R2 DC.
> The thinking behind is pretty much on every troubleshooting admin in
> figuring out an issue. "What has changed?" The 2008 R2 DC was
> introduced as a spare as I didn't want to do an inplace upgrade of the
> existing 2003 R2 DCs. I am a fan of clean installation if I can.
> Anyways, the first issue occurred a week later....after a machine
> restart. My thinking is that it has morphed now and our propriety app
> uses DNS. So today off hours, going to remove those roles since I
> have the original two DCs with DNS/DHCP. If the issue still exist,
> might have to call up the big guns.
>
> Thanks again....
Hmm, your testing is making this more interesting. Now I am wondering
where the issue is.
So you are saying that it happened a week after the 2008 R2 DC was
introduced. Therefore, I assume your imaged machines were getting a
DHCP configuration without any problems from the 2003 DHCP?
As for upgrading 2003 R2, I agree, I would definitely install fresh,
and besides, I assume 2008 R2 is 64bit and your 2003 R2 is 32bit,
therefore assuming such, it's not upgradeable anyway.
Well, if your further testing doesn't work, it may be time to make that
phone call to PSS. I would be interested in what they come up with,
which I'm sure others following this thread will be curious as well.
Ace
BlueIT
<ace...@mvps.RemoveThisPart.org> wrote:
> "BlueIT" <bijal.s...@bluecg.com> wrote in message
>
> - Show quoted text -
I'll know in the next couple of weeks if this issue continues. I
can't say that it is 2008 R2 since I really have nothing to based my
theory on other than what has changed. We have multiple sites in our
domain so we will try to upgrade a different site first to see if this
issue can be replicated. I can't say when or how long this will
take.
I apreciate all your feedback and tips.
Ace Fekay [MVP-DS, MCT]
> <ace...@mvps.RemoveThisPart.org> wrote:
>> "BlueIT" <bijal.s...@bluecg.com> wrote in message
>>
>> news:ba70fea3-3ec0-4608...@m16g2000yqc.googlegroups.com.
>>
>>
>>
>>
>>
>>
>>
>>> As for the images, it's a combination of different machine type so the
>>> same image is not applied to all machines, but definately the same
>>> (sysinternals) on a machine that I am having issues with but no luck.
>>> Same problem occurred.
>>
>>> As for how I rule out SID, using psgetsid (sysinternals) I was able to
>>> compare for dupes. ï¿œCommand below.
>>
>>> psgetsid @c:\file.txt -u username -p password > c:\dump.txt
>>> My current thinking is to disable the DHCP and DNS on the 2008 R2 DC.
>>> The thinking behind is pretty much on every troubleshooting admin in
>>> introduced as a spare as I didn't want to do an inplace upgrade of the
>>> Anyways, the first issue occurred a week later....after a machine
>>> uses DNS. ï¿œSo today off hours, going to remove those roles since I
>>> have the original two DCs with DNS/DHCP. ï¿œIf the issue still exist,
>>> might have to call up the big guns.
>>
>>> Thanks again....
>>
>> Hmm, your testing is making this more interesting. Now I am wondering
>> where the issue is.
>>
>> So you are saying that it happened a week after the 2008 R2 DC was
>> introduced. Therefore, I assume your imaged machines were getting a
>> DHCP configuration without any problems from the 2003 DHCP?
>>
>> As for upgrading 2003 R2, I agree, I would definitely install fresh,
>> and besides, I assume 2008 R2 is 64bit and your 2003 R2 is 32bit,
>> therefore assuming such, it's not upgradeable anyway.
>>
>> Well, if your further testing doesn't work, it may be time to make that
>> phone call to PSS. I would be interested in what they come up with,
>> which I'm sure others following this thread will be curious as well.
>>
>> Ace- Hide quoted text -
>>
>> - Show quoted text -
>
> I'll know in the next couple of weeks if this issue continues. I
> can't say that it is 2008 R2 since I really have nothing to based my
> theory on other than what has changed. We have multiple sites in our
> domain so we will try to upgrade a different site first to see if this
> issue can be replicated. I can't say when or how long this will
> take.
>
> I apreciate all your feedback and tips.
It was my pleasure to try and help. Please do post back with updates
with what you find with the other site.
Thanks!
Ace
BlueIT
<ace...@mvps.RemoveThisPart.org> wrote:
> > On Jan 29, 11:30 pm, Ace Fekay [MVP-DS, MCT]
> > <ace...@mvps.RemoveThisPart.org> wrote:
> >> "BlueIT" <bijal.s...@bluecg.com> wrote in message
>
> >>news:ba70fea3-3ec0-4608...@m16g2000yqc.googlegroups.com.
>
> >>> As for the images, it's a combination of different machine type so the
> >>> same image is not applied to all machines, but definately the same
> >>> (sysinternals) on a machine that I am having issues with but no luck.
> >>> Same problem occurred.
>
> >>> As for how I rule out SID, using psgetsid (sysinternals) I was able to
> >>> compare for dupes. Command below.
>
> >>> psgetsid @c:\file.txt -u username -p password > c:\dump.txt
> >>> My current thinking is to disable the DHCP and DNS on the 2008 R2 DC.
> >>> The thinking behind is pretty much on every troubleshooting admin in
> >>> introduced as a spare as I didn't want to do an inplace upgrade of the
> >>> Anyways, the first issue occurred a week later....after a machine
> >>> uses DNS. So today off hours, going to remove those roles since I
> >>> have the original two DCs with DNS/DHCP. If the issue still exist,
Did restart since removing DNS and DHCP off the 2008 R2 domain
controller. Unfortunately same results. We are using just 2003 R2
std for our domain controllers for this site. It does serve as domain
controller for multiple subnets and hundreds of machines. Maybe I am
reaching here, but could they be over worked?
BlueIT
>
> - Show quoted text -
alright...taking another approach to this. Is there a way to
determine if a DNS server or DHCP server is corrupt?
Ace Fekay [MVP-DS, MCT]
>
> Did restart since removing DNS and DHCP off the 2008 R2 domain
> controller. Unfortunately same results. We are using just 2003 R2
> std for our domain controllers for this site. It does serve as domain
> controller for multiple subnets and hundreds of machines. Maybe I am
> reaching here, but could they be over worked?
I'm not sure what you mean that your DC serves multiple subnets. Is that how
the AD Site is setup, meaning that there are multiple subnets in that AD
site the DC exists in?
Is the DHCP service offering IP assignments for all of these subnets, too?
For every subnet a DHCP server is set to offer DHCP services, it must have
an IP address configured for that subnet on the DHCP server, unless there's
an IP Helper or DHCP Relay Agent set on a subnet the DHCP server does not
directly communicate with (such as through a router).
However, if your DHCP server is a DC, then you would ONLY want one IP
address on it, or it becomes a multihomed DC, which causes problems with AD
functionality.
>
> alright...taking another approach to this. Is there a way to
> determine if a DNS server or DHCP server is corrupt?
Not really, other than bumping up logging on both services and monitoring
the Event logs.
Ace
BlueIT
<ace...@mvps.RemoveThisPart.org> wrote:
> "BlueIT" <bijal.s...@bluecg.com> wrote in message
What you mentioned is what we have implemented. Subnets that don't
have a true DHCP server we use DHCP helper commands on network gear.
I was just trying to determine is a DNS server could get overloaded
with request and not register clients. My last resort is not to
determine if corruption of any kind at this point prior to open up a
case.
Thanks again.
Ace Fekay [MVP-DS, MCT]
> <ace...@mvps.RemoveThisPart.org> wrote:
>> "BlueIT" <bijal.s...@bluecg.com> wrote in message
>>
>> news:8e58ed91-16c1-4c65...@u26g2000yqm.googlegroups.com...
>>
>>
>>
>>> Did restart since removing DNS and DHCP off the 2008 R2 domain
>>> std for our domain controllers for this site. ï¿œIt does serve as domain
>>> controller for multiple subnets and hundreds of machines. ï¿œMaybe I am
>>> reaching here, but could they be over worked?
>>
>> I'm not sure what you mean that your DC serves multiple subnets. Is that how
>> the AD Site is setup, meaning that there are multiple subnets in that AD
>> site the DC exists in?
>>
>> Is the DHCP service offering IP assignments for all of these subnets, too?
>>
>> For every subnet a DHCP server is set to offer DHCP services, it must have
>> an IP address configured for that subnet on the DHCP server, unless there's
>> an IP Helper or DHCP Relay Agent set on a subnet the DHCP server does not
>> directly communicate with (such as through a router).
>>
>> However, if your DHCP server is a DC, then you would ONLY want one IP
>> address on it, or it becomes a multihomed DC, which causes problems with AD
>> functionality.
>>
>>
>>
>>> determine if a DNS server or DHCP server is corrupt?
>>
>> Not really, other than bumping up logging on both services and monitoring
>> the Event logs.
>>
>> Ace
>
> What you mentioned is what we have implemented. Subnets that don't
> have a true DHCP server we use DHCP helper commands on network gear.
> I was just trying to determine is a DNS server could get overloaded
> with request and not register clients. My last resort is not to
> determine if corruption of any kind at this point prior to open up a
> case.
>
> Thanks again.
Hi blue,
I am truly out of ideas at this time. My final suggestion, unless
anyone else can chime in with a suggestion, is to call Microsoft PSS at
this point. You've been at this for a couple of weeks now. I hope you
can resolve the issue to prevent any further issues.
Ace
BlueIT
<ace...@mvps.RemoveThisPart.org> wrote:
> > On Feb 3, 8:20 pm, "Ace Fekay [MVP-DS, MCT]"
> > <ace...@mvps.RemoveThisPart.org> wrote:
> >> "BlueIT" <bijal.s...@bluecg.com> wrote in message
>
> >>news:8e58ed91-16c1-4c65...@u26g2000yqm.googlegroups.com...
>
> >>> Did restart since removing DNS and DHCP off the 2008 R2 domain
> >>> std for our domain controllers for this site. It does serve as domain
> >>> controller for multiple subnets and hundreds of machines. Maybe I am
> >>> reaching here, but could they be over worked?
>
> >> I'm not sure what you mean that your DC serves multiple subnets. Is that how
> >> the AD Site is setup, meaning that there are multiple subnets in that AD
> >> site the DC exists in?
>
> >> Is the DHCP service offering IP assignments for all of these subnets, too?
>
> >> For every subnet a DHCP server is set to offer DHCP services, it must have
> >> an IP address configured for that subnet on the DHCP server, unless there's
> >> an IP Helper or DHCP Relay Agent set on a subnet the DHCP server does not
> >> directly communicate with (such as through a router).
>
> >> However, if your DHCP server is a DC, then you would ONLY want one IP
> >> address on it, or it becomes a multihomed DC, which causes problems with AD
> >> functionality.
>
> >>> determine if a DNS server or DHCP server is corrupt?
>
> >> Not really, other than bumping up logging on both services and monitoring
> >> the Event logs.
>
> >> Ace
>
> > What you mentioned is what we have implemented. Subnets that don't
> > have a true DHCP server we use DHCP helper commands on network gear.
> > I was just trying to determine is a DNS server could get overloaded
> > with request and not register clients. My last resort is not to
> > determine if corruption of any kind at this point prior to open up a
> > case.
>
> > Thanks again.
>
> Hi blue,
>
> I am truly out of ideas at this time. My final suggestion, unless
> anyone else can chime in with a suggestion, is to call Microsoft PSS at
> this point. You've been at this for a couple of weeks now. I hope you
> can resolve the issue to prevent any further issues.
>
>
> - Show quoted text -
Ace-
This might be far fetch but have to ask. Is there any limitation on
the number of DHCP reservations that a DHCP server can handle? I am
running 2003 R2 Standard and wondering if there is any sort of
limitation.
Thanks
Ace Fekay [MVP-DS, MCT]
> Ace-
>
> This might be far fetch but have to ask. Is there any limitation on
> the number of DHCP reservations that a DHCP server can handle? I am
> running 2003 R2 Standard and wondering if there is any sort of
> limitation.
>
> Thanks
Not that I know of. How many reservations are there?
Ace
BlueIT
<ace...@mvps.RemoveThisPart.org> wrote:
> "BlueIT" <bijal.s...@bluecg.com> wrote in message
About a 100 machines are obtaining IP, Mask, Gateway and DNS from DHCP
reservation. Now, my thinking is can DHCP/DNS be overwhelmed since
all these machines are restarted concurrently.
Ace Fekay [MVP-DS, MCT]
>
> About a 100 machines are obtaining IP, Mask, Gateway and DNS from DHCP
> reservation. Now, my thinking is can DHCP/DNS be overwhelmed since
> all these machines are restarted concurrently.
About a 100 DHCP clients? That's not much. DHCP can handle thousands, but if
all of them are hitting it at once, it may not be able to handle the burst
in registration requests.
Ace
BlueIT
<ace...@mvps.RemoveThisPart.org> wrote:
> "BlueIT" <bijal.s...@bluecg.com> wrote in message
Well, since there are two DHCP servers handling the all the clients I
can't say if it is a burst or not. If only one DHCP server for all
clients, then I would tend to lead more to overload.
Did a restart today with DNS debugging enabled. The only odd thing I
notice is a lot of RCODE 5 (REFUSED) for clients, but it seems only
restricted to reverse lookup. I will continue to analyze the logs to
find a trend, but I am left to support after this. Example below:
2/22/2010 3:50:48 PM 0668 PACKET 0000000003FEB8B0 UDP Snd
172.31.247.40 6924 R U [05a8 REFUSED] SOA
(3)247(2)31(3)172(7)in-addr(4)arpa(0)
UDP response info at 0000000003FEB8B0
Socket = 332
Remote addr 172.31.247.40, port 60557
Time Query=1572898, Queued=0, Expire=0
Buf length = 0x0fa0 (4000)
Msg length = 0x0080 (128)
Message:
XID 0x6924
Flags 0xa805
QR 1 (RESPONSE)
OPCODE 5 (UPDATE)
AA 0
TC 0
RD 0
RA 0
Z 0
CD 0
AD 0
RCODE 5 (REFUSED)
ZCOUNT 1
PRECOUNT 1
UPCOUNT 2
ARCOUNT 0
ZONE SECTION:
Offset = 0x000c, RR count = 0
Name "(3)247(2)31(3)172(7)in-addr(4)arpa(0)"
ZTYPE SOA (6)
ZCLASS 1
PREREQUISITE SECTION:
Offset = 0x0029, RR count = 0
Name "(2)40(3)247(2)31(3)172(7)in-addr(4)arpa(0)"
TYPE CNAME (5)
CLASS 254
TTL 0
DLEN 0
DATA (none)
UPDATE SECTION:
Offset = 0x004f, RR count = 0
Name "[C029](2)40(3)247(2)31(3)172(7)in-addr(4)arpa(0)"
TYPE PTR (12)
CLASS 255
TTL 0
DLEN 0
DATA (none)
Offset = 0x005b, RR count = 1
Name "[C029](2)40(3)247(2)31(3)172(7)in-addr(4)arpa(0)"
TYPE PTR (12)
CLASS 1
TTL 1200
DLEN 25
DATA (5)machine1(11)mydomain(5)local(0)
ADDITIONAL SECTION:
empty
Ace Fekay [MVP-DS, MCT]
> <ace...@mvps.RemoveThisPart.org> wrote:
>> "BlueIT" <bijal.s...@bluecg.com> wrote in message
>>
>> news:f5b669af-ff53-4c7c...@g26g2000yqn.googlegroups.com...
>>
>>
>>
>>> About a 100 machines are obtaining IP, Mask, Gateway and DNS from DHCP
It could be a possibility that because it's already registered, it
can't update it's own recorsd if it is a stand alone when updates are
set to secure, or if you have DHCP to update everything no matter if a
client asks or not, the DHCP owner may be DHCP1, but DHCP2 is trying to
update the record, but it doesn't own it, which is one of the drawbacks
if using credentials, which then the DnsProxyDUpate will work, but
that;s only meant for DCs.
That was just conjecture...
As I mentioned before, you may only be a phone call away. I believe
your first post was 1/26/2010. A month has almost gone by and still not
working. I guess it isn't that critical or you would have called by
now?
Ace
BlueIT
<ace...@mvps.RemoveThisPart.org> wrote:
> > On Feb 18, 8:35 am, "Ace Fekay [MVP-DS, MCT]"
> > <ace...@mvps.RemoveThisPart.org> wrote:
> >> "BlueIT" <bijal.s...@bluecg.com> wrote in message
>
> >>news:f5b669af-ff53-4c7c...@g26g2000yqn.googlegroups.com...
>
> >>> About a 100 machines are obtaining IP, Mask, Gateway and DNS from DHCP
>
> - Show quoted text -
yeah..i agree with you. I am calling support. It's not that I am
trying to delay, it's that I want to exhaust resources I have. In the
process of troubleshooting, I have gain additional knowledge that will
help in the future.
Thanks for the help
Will let you know what happens....
Ace Fekay [MVP-DS, MCT]
> <ace...@mvps.RemoveThisPart.org> wrote:
>>> On Feb 18, 8:35ï¿œam, "Ace Fekay [MVP-DS, MCT]"
>>> <ace...@mvps.RemoveThisPart.org> wrote:
>>>> "BlueIT" <bijal.s...@bluecg.com> wrote in message
>>>> news:f5b669af-ff53-4c7c...@g26g2000yqn.googlegroups.com...
>>>>> About a 100 machines are obtaining IP, Mask, Gateway and DNS from DHCP
>>>>> all these machines are restarted concurrently.
>>>> About a 100 DHCP clients? That's not much. DHCP can handle thousands, but
>>>> if all of them are hitting it at once, it may not be able to handle the
>>>> burst in registration requests.
>>
>>>> Ace
>>
>>> Well, since there are two DHCP servers handling the all the clients I
>>> clients, then I would tend to lead more to overload.
>>> notice is a lot of RCODE 5 (REFUSED) for clients, but it seems only
>>> find a trend, but I am left to support after this. ï¿œExample below:
>>> 2/22/2010 3:50:48 PM 0668 PACKET ᅵ0000000003FEB8B0 UDP Snd
>>> 172.31.247.40 ᅵ 6924 R U [05a8 ᅵ ᅵ ᅵ REFUSED] SOA
>>> (3)247(2)31(3)172(7)in-addr(4)arpa(0)
>>> UDP response info at 0000000003FEB8B0
>>> ᅵ Remote addr 172.31.247.40, port 60557
>>> ᅵ Time Query=1572898, Queued=0, Expire=0
>>> ᅵ Buf length = 0x0fa0 (4000)
>>> ᅵ Msg length = 0x0080 (128)
>>> ᅵ Message:
>>> ᅵ ᅵ XID ᅵ ᅵ ᅵ 0x6924
>>> ᅵ ᅵ Flags ᅵ ᅵ 0xa805
>>> ᅵ ᅵ ᅵ QR ᅵ ᅵ ᅵ ᅵ1 (RESPONSE)
>>> ᅵ ᅵ ᅵ OPCODE ᅵ ᅵ5 (UPDATE)
>>> ᅵ ᅵ ᅵ AA ᅵ ᅵ ᅵ ᅵ0
>>> ᅵ ᅵ ᅵ TC ᅵ ᅵ ᅵ ᅵ0
>>> ᅵ ᅵ ᅵ RD ᅵ ᅵ ᅵ ᅵ0
>>> ᅵ ᅵ ᅵ RA ᅵ ᅵ ᅵ ᅵ0
>>> ᅵ ᅵ ᅵ Z ᅵ ᅵ ᅵ ᅵ 0
>>> ᅵ ᅵ ᅵ CD ᅵ ᅵ ᅵ ᅵ0
>>> ᅵ ᅵ ᅵ AD ᅵ ᅵ ᅵ ᅵ0
>>> ᅵ ᅵ ᅵ RCODE ᅵ ᅵ 5 (REFUSED)
>>> ᅵ ᅵ ZCOUNT ᅵ ᅵ1
>>> ᅵ ᅵ PRECOUNT ᅵ1
>>> ᅵ ᅵ UPCOUNT ᅵ 2
>>> ᅵ ᅵ ARCOUNT ᅵ 0
>>> ᅵ ᅵ ZONE SECTION:
>>> ᅵ ᅵ Offset = 0x000c, RR count = 0
>>> ᅵ ᅵ Name ᅵ ᅵ ᅵ"(3)247(2)31(3)172(7)in-addr(4)arpa(0)"
>>> ᅵ ᅵ ᅵ ZTYPE ᅵ SOA (6)
>>> ᅵ ᅵ ᅵ ZCLASS ᅵ1
>>> ᅵ ᅵ PREREQUISITE SECTION:
>>> ᅵ ᅵ Offset = 0x0029, RR count = 0
>>> ᅵ ᅵ Name ᅵ ᅵ ᅵ"(2)40(3)247(2)31(3)172(7)in-addr(4)arpa(0)"
>>> ᅵ ᅵ ᅵ TYPE ᅵ CNAME ᅵ(5)
>>> ᅵ ᅵ ᅵ CLASS ᅵ254
>>> ᅵ ᅵ ᅵ TTL ᅵ ᅵ0
>>> ᅵ ᅵ ᅵ DLEN ᅵ 0
>>> ᅵ ᅵ ᅵ DATA ᅵ (none)
>>> ᅵ ᅵ UPDATE SECTION:
>>> ᅵ ᅵ Offset = 0x004f, RR count = 0
>>> ᅵ ᅵ Name ᅵ ᅵ ᅵ"[C029](2)40(3)247(2)31(3)172(7)in-addr(4)arpa(0)"
>>> ᅵ ᅵ ᅵ TYPE ᅵ PTR ᅵ(12)
>>> ᅵ ᅵ ᅵ CLASS ᅵ255
>>> ᅵ ᅵ ᅵ TTL ᅵ ᅵ0
>>> ᅵ ᅵ ᅵ DLEN ᅵ 0
>>> ᅵ ᅵ ᅵ DATA ᅵ (none)
>>> ᅵ ᅵ Offset = 0x005b, RR count = 1
>>> ᅵ ᅵ Name ᅵ ᅵ ᅵ"[C029](2)40(3)247(2)31(3)172(7)in-addr(4)arpa(0)"
>>> ᅵ ᅵ ᅵ TYPE ᅵ PTR ᅵ(12)
>>> ᅵ ᅵ ᅵ CLASS ᅵ1
>>> ᅵ ᅵ ᅵ TTL ᅵ ᅵ1200
>>> ᅵ ᅵ ᅵ DLEN ᅵ 25
>>> ᅵ ᅵ ᅵ DATA ᅵ (5)machine1(11)mydomain(5)local(0)
>>> ᅵ ᅵ ADDITIONAL SECTION:
>>> ᅵ ᅵ ᅵ empty
>>
>> It could be a possibility that because it's already registered, it
>> can't update it's own recorsd if it is a stand alone when updates are
>> set to secure, or if you have DHCP to update everything no matter if a
>> client asks or not, the DHCP owner may be DHCP1, but DHCP2 is trying to
>> update the record, but it doesn't own it, which is one of the drawbacks
>> if using credentials, which then the DnsProxyDUpate will work, but
>> that;s only meant for DCs.
>>
>> That was just conjecture...
>>
>> As I mentioned before, you may only be a phone call away. I believe
>> your first post was 1/26/2010. A month has almost gone by and still not
>> working. I guess it isn't that critical or you would have called by
>> now?
>>
>> Ace- Hide quoted text -
>>
>> - Show quoted text -
>
> yeah..i agree with you. I am calling support. It's not that I am
> trying to delay, it's that I want to exhaust resources I have. In the
> process of troubleshooting, I have gain additional knowledge that will
> help in the future.
>
> Thanks for the help
>
> Will let you know what happens....
Sounds good. I would be curious what the they have to say.
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.
Please reply back to the newsgroup or forum for collaboration benefit
among responding engineers, and to help others benefit from your
resolution.
Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE
& MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
If you feel this is an urgent issue and require immediate assistance,
BlueIT
<ace...@mvps.RemoveThisPart.org> wrote:
> > On Feb 23, 1:27 am, Ace Fekay [MVP-DS, MCT]
> > <ace...@mvps.RemoveThisPart.org> wrote:
> >>> On Feb 18, 8:35 am, "Ace Fekay [MVP-DS, MCT]"
> >>> <ace...@mvps.RemoveThisPart.org> wrote:
> >>>> "BlueIT" <bijal.s...@bluecg.com> wrote in message
> >>>>news:f5b669af-ff53-4c7c...@g26g2000yqn.googlegroups.com...
> >>>>> About a 100 machines are obtaining IP, Mask, Gateway and DNS from DHCP
> >>>>> all these machines are restarted concurrently.
> >>>> About a 100 DHCP clients? That's not much. DHCP can handle thousands, but
> >>>> if all of them are hitting it at once, it may not be able to handle the
> >>>> burst in registration requests.
>
> >>>> Ace
>
> >>> Well, since there are two DHCP servers handling the all the clients I
> >>> clients, then I would tend to lead more to overload.
> >>> notice is a lot of RCODE 5 (REFUSED) for clients, but it seems only
> >>> find a trend, but I am left to support after this. Example below:
> >>> 2/22/2010 3:50:48 PM 0668 PACKET 0000000003FEB8B0 UDP Snd
> >>> (3)247(2)31(3)172(7)in-addr(4)arpa(0)
> >>> UDP response info at 0000000003FEB8B0
> >>> Remote addr 172.31.247.40, port 60557
> >>> Buf length = 0x0fa0 (4000)
> >>> XID 0x6924
> >>> Flags 0xa805
> >>> QR 1 (RESPONSE)
> >>> OPCODE 5 (UPDATE)
> >>> AA 0
> >>> TC 0
> >>> RD 0
> >>> RA 0
> >>> Z 0
> >>> CD 0
> >>> AD 0
> >>> RCODE 5 (REFUSED)
> >>> ZCOUNT 1
> >>> PRECOUNT 1
> >>> UPCOUNT 2
> >>> ARCOUNT 0
> >>> ZONE SECTION:
> >>> ZTYPE SOA (6)
> >>> ZCLASS 1
> >>> PREREQUISITE SECTION:
> >>> TYPE CNAME (5)
> >>> CLASS 254
> >>> TTL 0
> >>> DLEN 0
> >>> DATA (none)
> >>> UPDATE SECTION:
> >>> TYPE PTR (12)
> >>> CLASS 255
> >>> TTL 0
> >>> DLEN 0
> >>> DATA (none)
> >>> TYPE PTR (12)
> >>> CLASS 1
> >>> TTL 1200
> >>> DLEN 25
> >>> DATA (5)machine1(11)mydomain(5)local(0)
> >>> ADDITIONAL SECTION:
>
> - Show quoted text -
So after calling Microsoft, my case was escalated twice. It seems the
problem is resolved. Basically, I was told that I might never know
why the problem is happening. The goal right now is to fix the
problem. The following is what made the difference:
1. Create an account with AD and member of the DnsAdmins group.
2. Use this new account to specify DNS dynamic updates registration
credentials within the DHCP server.
I configured the client's DHCP lease to expire automatically when the
client computer is shut down for Windows 2000-based DNS clients or for
later versions of DNS clients. To do this, follow these steps:
1. Click Start , point to Administrative Tools , and then click
DHCP .
2. Expand the scope for which you want to change the DHCP expiration
lease, right-click Scope Options , and then click Configure Options .
3. Click the Advanced tab.
4. Click the list that is next to Vendor Class , and then click
Microsoft Windows 2000 Options .
5. Click to select the 002 Microsoft Release DHCP Lease On Shutdown
Option check box, and then click OK .
I also created a group policy so that on shutdown, clients release
their IP address.
What this did was give ownership of DNS records to DHCP rather than
clients. To check who owns the records, open up the properties of a
record and view the sercurity tab. If the client owns the record, you
with see "hostname$". Otherwise you will see the ID of the account
used for registration credentials. I have been good for about a month
now.
BlueIT
>
> - Show quoted text -
It is also important to understand how DNS dynamic updates work
together with DNS aging and scavenging.
http://support.microsoft.com/default.aspx?scid=kb;EN-US;932464
Ace Fekay [MVP - Directory Services, MCT]
Good to hear it was resolved.
I'm surprised either the DnsUpdateProxy group or simply providing
credentials to DHCP and forcing DHCP to update all requests, didn't
work, as we've previously discussed. I've had that working in many
customer locations without problems. Bascially it seems that PSS told
you the same or similar.
But either way, I am glad that you got it resolved. :-)
Cheers!
Ace