none
Client PCs no longer able to use local DNS RRS feed

  • Question

  • Recently a number of our PCs are no longer able to resolve local DNS names. The PCs have the correct DNS servers registered. We can connect to servers using their IP address.

    The only change we are aware of is someone was tidying up old computer names in the DNS forward lookup zone and it looks like they removed some of the PCs we are having problems with.

    Our zone was configured to accept dynamic updates from Secure only. I've tried changing this to Non-secure and secure. But it hasn't resolved the issue.

    I've tried manually creating a DNS entry for the computer name in the zone, but that didn't help, or maybe I'm not setting it up right?

    NSLookup queries on names registered in DNS return the correct IP address.

    The event log on the client PCs are reporting the following warning. I've gone through the posts for this error but haven't found anything that fixes the problem for us.

    The system failed to register host (A or AAAA) resource records (RRs) for network adapter

    Any suggestions greatly appreciated

    Thursday, February 11, 2016 7:38 AM

Answers

  • We opened a support call with Microsoft and they were able to resolve the issue.

    The problem was with our DirectAccess configuration, which caused client PCs to believe they were outside the network. Once the configuration issues were resolved everything started working again.

    Friday, February 26, 2016 4:04 AM

All replies

  • Hi Ivan,

    1. Please retry DNS registration of the network adapter and its settings by typing "ipconfig /registerdns" at a command prompt.
    2.  >>The system failed to register host (A or AAAA) resource records (RRs) for network adapter

      Typically, this error message have several  event ID, if you could post the whole message and your network environment, it would help us to analyze the issue.

    Here is the DNS Client Registration event ID for your reference:

    https://technet.microsoft.com/en-us/library/cc735718(v=ws.10).aspx

          3.More information about Secure DNS Update, follow this link:

    http://social.technet.microsoft.com/wiki/contents/articles/21984.how-to-secure-dns-updates-on-microsoft-dns-servers.aspx

           4.You could perform a network capture, ensure where it is breaking down. 

    Best Regards,

    Cartman

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.



    Friday, February 12, 2016 6:59 AM
  • Hi Cartman

    I tried the ipconfig /registerdns, but this failed.

    Here is the full message for the warning in the Event log. The DNS severs are up and running and working for other staff. I can ping their IP addresses from the client PC that is reporting the error. 

    The system failed to register host (A or AAAA) resource records (RRs) for network adapter

    with settings:

               Adapter Name : {B6AC4A41-1386-4810-8D32-F810FC5CA450}

               Host Name : SPG-DELL-XPS-IW

               Primary Domain Suffix : mycompany.local

               DNS server list :

                 192.168.1.50, 192.168.1.60

               Sent update to server : <?>

               IP Address(es) :

                 192.168.1.165

    The reason the system could not register these RRs was because the update request it sent to the DNS server timed out. The most likely cause of this is that the DNS server authoritative for the name it was attempting to register or update is not running at this time.

    You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator.

     

    I'm not sure what you mean by "network environment", our network is relatively simple - a single domain with two domain controllers, which are also running Windows DNS. I'm not very familiar with network captures, but I will try to perform this.

    Sunday, February 14, 2016 2:33 AM
  • Here is the warning logged on the DNS server when I run the ipconfig /registerdns command from my client PC:

    Log Name:      System
    Source:        NETLOGON
    Date:          2/17/2016 11:59:33 AM
    Event ID:      5773
    Task Category: None
    Level:         Warning
    Keywords:      Classic
    User:          N/A
    Computer:      SPG-PROD-DC1.mycompany.local
    Description:
    The following DNS server that is authoritative for the DNS domain controller locator records of this domain controller does not support dynamic DNS updates: 

    DNS server IP address: 192.168.1.60
    Returned Response Code (RCODE): 4
    Returned Status Code: 9004 

    USER ACTION 
    Configure the DNS server to allow dynamic DNS updates or manually add the DNS records from the file '%SystemRoot%\System32\Config\Netlogon.dns' to the DNS database.

    The forward lookup zone is configured to allow secure dynamic updates.

    Wednesday, February 17, 2016 1:28 AM
  • Hi Ivan,  

       >>The following DNS server that is authoritative for the DNS domain controller locator records of this domain controller does not support dynamic DNS updates.

        Please check the secure dynamic update settings,here is a link for the guide,it will be helpful:

         How to Secure DNS Updates on Microsoft DNS Servers

        Or you could try to create a new zone for the problem clients, then test if they register successfully or not.

    Best Regards,

    Cartman

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, February 17, 2016 1:47 AM
  • Are you able to ping the DNS servers from one of the problem PC's?

    Open an administrative level command prompt, type ping 192.168.1.50

    Also try to ping the other DNS server, 192.168.1.60

    You can also try running a tracert from a command prompt (tracert 192.168.1.50).

    Double check your network configuration settings on the affected machines (compare a bad one to a good one), make sure subnet mask and default gateway match up.

    Wednesday, February 17, 2016 1:58 AM
  • Hi Kris - yes, I'm able to ping both DNS servers using their IP addresses, but not their computer names.

    The tracert on the IP address works, with just the single entry of the DNS server.

    The network configuration settings look the same between machines. The only client PC that seems to be working is running Windows 7. The other client PCs are running Windows 10. None of our servers seem to be affected, but they are all configured to use static IP addresses, so that might explain it.

    Wednesday, February 17, 2016 6:01 AM
  • Hi Cartman, the forward lookup zone on the DNS server is configured to use "secure only" updates. The article seems to describe how to configure Windows DHCP to perform updates. We aren't using Windows DHCP, our DHCP service is performed by our modem/router.

    Do you have any information on how to set up a new zone for problem clients? I'm not sure how I associate a client with a new zone.

    Wednesday, February 17, 2016 6:11 AM
  • Hi Ivan,

           >>Do you have any information on how to set up a new zone for problem clients? I'm not sure how I associate a client with a new zone.

            Since you don't use Windows DHCP server,you could try to give them a static IP address, could they register successfully?Or try to give them a new subnet,with a new zone in DNS server,and test again.

    Best Regards,

    Cartman

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, February 17, 2016 6:27 AM
  • I added a static IP address for my computer in DNS and updated my network adapter to use the static IP address. I still wasn't able to resolve any names in the forward lookup zone.

    I'm not sure how to link a zone in DNS with subnet settings on my network adapter. Do you have any links to articles explaining this?

    Wednesday, February 17, 2016 7:20 AM
  • Hi Ivan,

    Sorry for delay.For example,put the problem client in 192.168.2.x subnet,and create a new zone for 192.168.2.x on DNS server.


    Best Regards,

    Cartman

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, February 24, 2016 8:07 AM
  • We opened a support call with Microsoft and they were able to resolve the issue.

    The problem was with our DirectAccess configuration, which caused client PCs to believe they were outside the network. Once the configuration issues were resolved everything started working again.

    Friday, February 26, 2016 4:04 AM
  • Hi Ivan,

    Thanks for sharing.It will be helpful.

    Best Regards,

    Cartman

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, February 26, 2016 4:22 AM