none
DHCP Server Log reporting DNS Update Failed

    Question

  • I have a Windows 2008 r2 server running DHCP which is also clustered.   We recently clustered the servers and setup secure DNS updates.  I thought DNS registration was working fine.  I have bothe nodes of the cluster and the cluster node name added to the DNSUpdateproxy group.  I also set the Credentials in DHCP for a user to register the DNS names on behalf of the clients.  I have secure updates set on the DNS server. 

     

    Below is what I am getting in the DHCP srv Log:

    31,10/24/11,15:01:59,DNS Update Failed,10.32.1.11,xxxxxxxx.mydomin.local,,,0,6,,,
    30,10/24/11,15:01:59,DNS Update Request,10.32.1.11,xxxxxxxx.mydomin.local,,,0,6,,,
    31,10/24/11,15:01:59,DNS Update Failed,10.32.1.12,xxxxxxxx.mydomin.local,,,0,6,,,
    30,10/24/11,15:01:59,DNS Update Request,10.32.1.12,xxxxxxxx.mydomin.local,,,0,6,,,
    31,10/24/11,15:01:59,DNS Update Failed,10.32.1.13,xxxxxxxx.mydomin.local,,,0,6,,,
    30,10/24/11,15:01:59,DNS Update Request,10.32.1.13,xxxxxxxx.mydomin.local,,,0,6,,,
    31,10/24/11,15:01:59,DNS Update Failed,10.32.1.14,xxxxxxxx.mydomin.local,,,0,6,,,
    30,10/24/11,15:01:59,DNS Update Request,10.32.1.14,xxxxxxxx.mydomin.local,,,0,6,,,
    31,10/24/11,15:01:59,DNS Update Failed,10.32.1.15,xxxxxxxx.mydomin.local,,,0,6,,,
    30,10/24/11,15:01:59,DNS Update Request,10.32.1.15,xxxxxxxx.mydomin.local,,,0,6,,,

     

    I get occational successes.  But I have a LARGE amount of failures.  If the record is not in DNS it still does not reqister. It seems though that ones that have registered with the DHCP user account can re-register. 

    Can anyone help?  Do I need to delete the leases and renew for the ones that are failing?

     

    Thanks,

     

    Steve


    Steve
    Monday, October 24, 2011 11:19 PM

All replies

  • Hi Steve,

     

    Thanks for posting here.

     

    It seems we have permission issue when doing update. Can you verify the permission of zone and records to make sure the user has the right to modify it

     

    Permissions: Any backup DHCP servers in the cluster will not be able to successfully take over DHCP tasks if the appropriate security permissions have not been enabled. Administrators must create a new domain security group to which the servers belong. This group must have permissions of Full Control for the DNS zone object in Active Directory where DHCP clients have their A and PTR records registered and updated. Alternatively, administrators can add the second server to the DNSUpdateProxyGroup for the domain. Otherwise, name resolution failures will result.

     

    Clustering DHCP Servers

    http://technet.microsoft.com/en-us/library/cc958897.aspx

     

    Regards,

     

    Tiger Li

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, October 25, 2011 4:14 AM
  • Hi Tiger Li, thanks for your reply.  I am still getting a lot of failures but around 6:00 AM yesterday I had a bunch of clients register in DNS then it goes back to a lot of requests and failures.  I am alos getting the error below.  Is there a way to increase the queue limit?

     The DHCP cluster permissions look good.  I have all of the DHCP nodes in the cluster are a part of the DNSProxy group.

    34,10/25/11,00:00:59,DNS update request failed as the DNS update requests queue limit exceeded,10.21.1.73,clientname.mydomain.local,,,0,6,,,
    34,10/25/11,00:00:59,DNS update request failed as the DNS update requests queue limit exceeded,10.21.1.74,clientname.mydomain.local,,,0,6,,,
    34,10/25/11,00:00:59,DNS update request failed as the DNS update requests queue limit exceeded,10.21.1.75,clientname.mydomain.local,,,0,6,,,
    34,10/25/11,00:00:59,DNS update request failed as the DNS update requests queue limit exceeded,10.21.1.76,clientname.mydomain.local,,,0,6,,,
    34,10/25/11,00:00:59,DNS update request failed as the DNS update requests queue limit exceeded,10.21.1.77,clientname.mydomain.local,,,0,6,,,
    34,10/25/11,00:00:59,DNS update request failed as the DNS update requests queue limit exceeded,10.21.1.78,clientname.mydomain.local,,,0,6,,,
    34,10/25/11,00:00:59,DNS update request failed as the DNS update requests queue limit exceeded,10.21.1.79,clientname.mydomain.local,,,0,6,,,
    34,10/25/11,00:00:59,DNS update request failed as the DNS update requests queue limit exceeded,10.21.1.80,clientname.mydomain.local,,,0,6,,,
    34,10/25/11,00:00:59,DNS update request failed as the DNS update requests queue limit exceeded,10.21.1.81,clientname.mydomain.local,,,0,6,,,

     

    Thanks,

     

    Steve


    Steve
    Wednesday, October 26, 2011 12:36 PM
  • Hi Steve,

     

    Thanks for update.

     

    So we can get new records through this clustered DHCP server ?

    We may consider to modify and increase the value for the registry key “DynamicDNSQueueLength” with following the workaround in the hotfix below and see if any improvement:

     

    DHCP server processes expired PTR resource records in Windows Server 2003

    http://support.microsoft.com/kb/837061

     

    Thanks.


    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, October 27, 2011 8:12 AM
  • Thanks Tiger, yes I get some new records but not all.   It is very sporadic I see a lot of failures and hours later I will see some successes.

     

    I will try the registry key.  Is there any negative issues with making with increasing the value for "DynamicDNSQueueLength”.

     

    The article you reference KB837061, we are not experinecing that issue.  DHCP seems to be working fine.  It is handing out leases and removing the leases.

     

    Thanks,

     

    Steve


    Steve
    Friday, October 28, 2011 12:52 PM
  • Hi Steve,

     

    Thanks for update.

     

    That registry key will increase the increase the number of records that the cycle can delete which will help to narrow down the issue that you posted about the message “DNS update request failed as the DNS update requests queue limit exceeded”.

     

    Have you also modified the password for the account that we set as DHCP Credentials?

     

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/40a9b4ce-49b4-45ec-bb83-a907430e5d6c/

     

    Regards,

     

    Tiger Li

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, October 31, 2011 2:28 AM
  • We may also scan the current DHCP settings and infrastructure by using the BPA in order to correct it with the best practices:

     

    http://blogs.technet.com/b/teamdhcp/archive/2010/05/01/dhcp-server-best-practice-analyzer-available-for-download.aspx

     

    Regards,

     

    Tiger Li

     

    TechNet Subscriber Support in forum

    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Monday, October 31, 2011 2:34 AM
  • Hi Steve,

    Please feel free to let us know if the information was helpful to you.

    Regards,

    Tiger Li

    TechNet Subscriber Support in forum
    If you have any feedback on our support, please contact  tnmff@microsoft.com.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, November 01, 2011 7:46 AM
  • Tiger, thanks for your reply.  I have not been able to make the registry change due to we have a very strict change control on servers and applications.  I will need to make the change at off hours on the weekend.

    I do have another question relating to this DHCP issue.  I came across some articles regarding Reverse lookup zones that might affect client registering in DNS.

    Lets say we use a private address scheme 10.x.x.x  But we subnet this into many subnets.  For instance:

    10.3.11.x, 10.3.12.x, 10.11.1.x, 10.44.1.x, 10.44.2.x and so on.

    When creating a Reverse lookup zone in DNS can we just use 10.in-addr.arpa for the 10.0.0.0/8 block and the 168.192.in-addr.arpa for the 192.168.0.0/16 block?  Instead of creating a reverse lookup for each subnet like below which is the way we have now:

    11.3.10.in-addr.arpa

    12.3.10.in-addr.arpa 

    1.11.10.in-addr.arpa 

    1.44.10.in-addr.arpa  

     

    Thanks,

     

    Steve

     


    Steve
    Tuesday, November 01, 2011 7:39 PM