none
Wireless clients not registering in the DNS RRS feed

  • Question

  • My setup is as follows:

    DHCP Server is served by router. Wireless Authentication is by RADIUS via NPS on Server 2012 R2.

    My LAN clients are all working fine. Most older models of laptops work fine. There are like 20 random laptops of different models that do not work fine.

    Wireless client passed authentication, received DHCP IP, netmask, DNS servers.

    Tried commands such as ipconfig /flushdns, ipconfig/registerdns (this command used to work)

    Event viewer on client shows Event ID 8015. [The system failed to register host (A or AAAA) resource records (RRs)......)

    I followed this as well: https://technet.microsoft.com/en-us/library/cc959340.aspx

     I am stuck at nslookup 127.0.0.1 <DNS server> as its all timed out.

    By right, the client should register itself onto the DNS but it didn't. Hence I cant do a nslookup

    Tried to change the Dynamic updates on the DNS Server from secure to insecure too but it didn't help.

    I did a wireshark packet capture. I compared it with a working client. Upon connection, it will query for SRV. The working client has a response while those having problems does not get a SRV response

    • Edited by sianzb0i Wednesday, March 30, 2016 3:50 AM
    Wednesday, March 30, 2016 3:48 AM

Answers

  • Problem has been solved. 

    Problem was, the firewall detects Windows 10 machines as "mobile" devices and hence was blocked due to policies.

    Somehow, some same models managed to get past it the first time, while others had to be authenticated to be later recognised as "Desktop" editions.

    Wednesday, April 6, 2016 10:31 AM

All replies

  • Hi sianzb0i,

    >I am stuck at nslookup 127.0.0.1 <DNS server> as its all timed out.

    >I did a wireshark packet capture. I compared it with a working client. Upon connection, it will query for SRV. The working client has a response while those having problems does not get a SRV response

    Could you post an ipconfig/all and nslookup fqdn and ping 127.0.0.1 on the problem clients?

    Besides, check if the NIC driver is up-to-date on the problem clients, if not, update the NIC driver and check the result.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, March 30, 2016 7:55 AM
    Moderator
  • Hi sianzb0i,

    >I am stuck at nslookup 127.0.0.1 <DNS server> as its all timed out.

    >I did a wireshark packet capture. I compared it with a working client. Upon connection, it will query for SRV. The working client has a response while those having problems does not get a SRV response

    Could you post an ipconfig/all and nslookup fqdn and ping 127.0.0.1 on the problem clients?

    Besides, check if the NIC driver is up-to-date on the problem clients, if not, update the NIC driver and check the result.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Hi Anne,

    I currently do not have the machine with me. But i can answer your queries as this has been on-going for many months.

    ipconfig /all shows config that are correct. IP address, DNS servers etc

    nslookup FQDN does not work. Error is DNS timeout.

    ping <ip address> works, where <ip address> can be internal or public addresses. For example if i do nslookup google.com on another PC and get the IP address and i ping it on the said machine, it will work fine.

    The problem is that it cannot register itself on the DNS and hence not able to resolve any hostnames or FQDN. I can access all server resources etc as long i use IP address.

    Drivers-wise i have tried old versions and new versions and it all yielded the same result.

    I suspect it might have something to do with secure and non-secure updates. But i do knot know why some machines can be treated as "secure" while some cant. 

    EDIT: Somehow these machines are all Windows 10 1511 machines and they have problems connecting to the DNS. But there are other Windows 10 machines of the same model that works fine too.

    • Edited by sianzb0i Wednesday, March 30, 2016 2:06 PM
    Wednesday, March 30, 2016 2:02 PM
  • Hi sianzb0i,

    >The problem is that it cannot register itself on the DNS and hence not able to resolve any hostnames or FQDN.

    Actually, client cannot register itself do not have direct relationship with it unable to resolve other FQDNs. Think we do not register our records on public DNS server, but we may use public DNS server to resolve Internet.

    >ipconfig /all shows config that are correct. IP address, DNS servers etc

       nslookup FQDN does not work. Error is DNS timeout.

    Then also check the result of ping DNSserver, check the network connection between problem clients with DNS servers.

    Better to use network monitor to help troubleshooting by capturing packets.

    Network monitor download:

    https://www.microsoft.com/en-us/download/details.aspx?id=4865

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, March 31, 2016 2:55 AM
    Moderator
  • Hi sianzb0i,

    >The problem is that it cannot register itself on the DNS and hence not able to resolve any hostnames or FQDN.

    Actually, client cannot register itself do not have direct relationship with it unable to resolve other FQDNs. Think we do not register our records on public DNS server, but we may use public DNS server to resolve Internet.

    >ipconfig /all shows config that are correct. IP address, DNS servers etc

       nslookup FQDN does not work. Error is DNS timeout.

    Then also check the result of ping DNSserver, check the network connection between problem clients with DNS servers.

    Better to use network monitor to help troubleshooting by capturing packets.

    Network monitor download:

    https://www.microsoft.com/en-us/download/details.aspx?id=4865

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Hi Anne

    >Actually, client cannot register itself do not have direct relationship with it unable to resolve other FQDNs. Think we do not register our records on public DNS server, but we may use public DNS server to resolve Internet.

    The public DNS does not accept updates. I think Microsoft's DNS can do the same too but I will not be able to resolve local hostnames anymore. Because, once it is able to register onto the DNS, everything will work fine. Even the event viewer complaints that it cannot register onto the AD-integrated DNS.

    >Then also check the result of ping DNSserver, check the network connection between problem clients with DNS servers.

    ping DNSserver as in IP address or FQDN? IP works. FQDN does not.

    > Better to use network monitor to help troubleshooting by capturing packets.

    As I have mentioned, I already used wireshark to capture packets and there are many DNS queries but no response. I am comparing the packet capture to a working machine.

    It is also not firewall issue as we use the AV/firewall.

    However, whenever I changed my DNS to accept unsecure updates, the DNS will start working

    Thursday, March 31, 2016 7:04 AM
  • Hi sianzb0i,

    >However, whenever I changed my DNS to accept unsecure updates, the DNS will start working

    Do you configure DHCP to register DNS records for clients?

    If we use DHCP to register DNS records, the DHCP server needs to be added to group DnsUpdateProxy or configure DHCP credential.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, March 31, 2016 7:11 AM
    Moderator
  • Hi sianzb0i,

    >However, whenever I changed my DNS to accept unsecure updates, the DNS will start working

    Do you configure DHCP to register DNS records for clients?

    If we use DHCP to register DNS records, the DHCP server needs to be added to group DnsUpdateProxy or configure DHCP credential.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Hi Anne,

    As mentioned, I am not using Windows DHCP. I am using the DHCP Server of my router/firewall.

    Thursday, March 31, 2016 8:31 AM
  • Hi sianzb0i,

    >As mentioned, I am not using Windows DHCP. I am using the DHCP Server of my router/firewall.

    Sorry for my oversight.

    >I did a wireshark packet capture. I compared it with a working client. Upon connection, it will query for SRV. The working client has a response while those having problems does not get a SRV response

    Then do you also do a wireshark on the DNS Server, for problem clients, could the DNS server receive the SRV query?

    If the client sent SRV query, while the DNS server can't receive it, then the packet might lost during the route process, of cause, the clients will not receive response.

    If so, we need to check the network devices.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    Friday, April 1, 2016 2:36 AM
    Moderator
  • Hi sianzb0i,

    >As mentioned, I am not using Windows DHCP. I am using the DHCP Server of my router/firewall.

    Sorry for my oversight.

    >I did a wireshark packet capture. I compared it with a working client. Upon connection, it will query for SRV. The working client has a response while those having problems does not get a SRV response

    Then do you also do a wireshark on the DNS Server, for problem clients, could the DNS server receive the SRV query?

    If the client sent SRV query, while the DNS server can't receive it, then the packet might lost during the route process, of cause, the clients will not receive response.

    If so, we need to check the network devices.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.


    No, I did no do a packet trace on the DNS Server side, as other devices (such as those using LAN) could work fine
    Friday, April 1, 2016 8:44 AM
  • Hi sianzb0i,

    My thought is to verify if the DNS server could receive the query packet from the client. If not, it may indicate there are some issue during the packet transfer.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, April 1, 2016 8:59 AM
    Moderator
  • Hi sianzb0i,

    My thought is to verify if the DNS server could receive the query packet from the client. If not, it may indicate there are some issue during the packet transfer.

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Hi Anne,

    Noted, i will try to do a packet capture first. As I am also hostfile a File Service on the DNS Server, i do not want any disruption during office hours. I will try it on the secondary DNS Server. I hope it does not affect the result right?

    Friday, April 1, 2016 9:33 AM
  • May i understand, if my router is the DHCP Server, who is the owner of the DNS record? Is it the Computer (computername$)?

    I realised that all of our Windows 7 machines are connecting fine. I am not sure if it has something to do with Local Administrator and related registry settings that might have changed in Windows 10 (or maybe Win 8.1 onwards)

    Also, I created a SSID using WPA2-Personal and it register successfully. Hence, it may be due to RADIUS. How do i trace the RADIUS authentication packets? I didnt see them in my wireshark capture
    • Edited by sianzb0i Monday, April 4, 2016 10:15 AM
    Monday, April 4, 2016 10:13 AM
  • Problem has been solved. 

    Problem was, the firewall detects Windows 10 machines as "mobile" devices and hence was blocked due to policies.

    Somehow, some same models managed to get past it the first time, while others had to be authenticated to be later recognised as "Desktop" editions.

    Wednesday, April 6, 2016 10:31 AM
  • Hi sianzb0i,

    Glad to hear you have solved the issue, you may mark your reply as answer, so that we can close this case.

    Cheers!

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, April 7, 2016 1:17 AM
    Moderator