locked
New DHCP server - Record Registration errors RRS feed

  • Question

  • So my new DHCP server is up and running successfully, DNS scope options are configured correctly, network service and machine accounts have access to the reverse DNS lookup zones.  but for some reason I'm getting flooded with these errors:

    PTR record registration for IPv4 address [IP] and FQDN "DNS.domain.com" failed with error 9005 (DNS operation refused.
    ).

    Forward record registration for IPv4 address [IP] and FQDN "DNS.domain.com" failed with error 9005 (DNS operation refused.
    ).

    I also updated the "DNS dyanmic update registration credentials" And the errors still exist.

    Any ideas where to check that I haven't already?



    • Edited by JoeFri Monday, November 4, 2019 2:08 PM
    Monday, November 4, 2019 1:09 PM

Answers

  • I have resolved this.

    There are two potential issues that were my root cause
    1.  Machine accounts were registering DNS before DHCP was, and my DNS update credentials did not have access to the machine accounts.  Added the DNS service account to a group that already had full access to each machine account resolved my issue completely, no more errors in event viewer.

    2. The second and still potential root cause, was I was using scavenging.  With scavenging enabled, the "no-refresh" time would prevent DHCP from updating an object that was update within the specified time-frame.  After some debate and thought, I determined I did not need to have scavenging enabled, and disabled it. 


    • Marked as answer by JoeFri Thursday, February 6, 2020 2:04 PM
    Thursday, February 6, 2020 2:03 PM

All replies

  • Hi,

    >>So my new DHCP server is up and running successfully, DNS scope options are configured correctly,

    Did your DNS, DHCP and AD on the same server?

    As far as I know, DHCP will only update zone for your AD domain name.

    If yes, please check the DNS zone name and AD name.

    You can refer the following article:

    DNS update fails from DHCP server

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Please run the command: dcdiag /test dns and upload the screenshot.

    Please refer this article:

    Dcdiag for DNS: Test details explained

    Hope this can help you, if you have anything unclear, please let me know.

    Best Regards,

    Ellen


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Tuesday, November 5, 2019 9:34 AM
  • Did your DNS, DHCP and AD on the same server?
    No not yet, they are on two different servers. *UPDATE* - yes they are now.

    As far as I know, DHCP will only update zone for your AD domain name.

    I have 3 DNS servers, and we have two zones domain.com and domain.local.  All of the AD-DNS zones are all set to "Active Directory-Integrated" and all of them set to "Secure Only" which is fine, b/c the only devices I want to update DNS are domain joined windows PC's.  Replication between the 3 servers is working fine according to dcdiag.

    The errors I am seeing in event viewer point to domain.local, and are referring to the PTR record registration and the forward record registration, per the error I listed above.






    • Edited by JoeFri Tuesday, February 4, 2020 7:43 PM
    Tuesday, November 5, 2019 12:50 PM
  • Hi,

    >>I will be trying to resolve the "duplicate zone" issue tonight, to see if they could be related.

    If this way is useful?

    I wil check other methods for you.

    Sorry for the inconvenience and thank you for your understanding and patience.

    Hope this can help you, if you have anything unclear, please let me know.

    Best reagrad,

    Ellen



    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 15, 2019 9:41 AM
  • Hi,

    Just checking the current situation of your problem.

    Please let us know if you would like further help.

    Best regards,

    Ellen


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Tuesday, November 19, 2019 7:07 AM
  • Hey Ellen,

    I now have AD/DNS role on this DHCP server, I've cleaned up all the other DNS related issues, but this issue still exists.  

    Any idea's on what to take a look at next?

    Monday, December 9, 2019 8:18 PM
  • Still trying to chase down this issue.  Recent things I've tried:

    Set interfaces on DNS down to a single IPv4 address (removed IPv6 addresses).

    Cleaned out old WINS server info from DNS

    DNS setings:

    DHCP -DNS properties:

    

    DHCP - Advanced - IPv4 Credentials:

    

    DNS Primary Forward Lookup Zone:

    

    DNSUpdateProcy group:

    

    (I've tried with and without the DHCP and DNS computer accounts in here as well.

    DNSAdmins group (same thing here):

    This doesn't seem to be that complicated, but I can't figure it out why these are failing to update for the life of me.  This all started when I migrated my DHCP server from a 2008R2 server to a 2019 Server (new image, not an in-place upgrade).

    If I do a "IPCONFIG /RENEW" I get 3 events from my machine account, 1 for the forward lookup zone from my wired NIC, one from the PTR record for my wired NIC, and 1 for the forward lookup zone on my wireless NIC:

    When I check DNS, I do see all 3 of these records are there and were updated this morning.  What am I missing? Anyone have any ideas? Could the clients be updating DNS, and when the DHCP server tries to it fails bc the record was already modified?

    I do see errors for other users though who wouldn't be kicking these off manually, who receive the error, and their DNS / IP does not show up in DNS.  

    The only other difference is I do have a DHCP reservation for my address.


    • Edited by JoeFri Tuesday, February 4, 2020 3:57 PM
    Tuesday, February 4, 2020 3:29 PM
  • I have resolved this.

    There are two potential issues that were my root cause
    1.  Machine accounts were registering DNS before DHCP was, and my DNS update credentials did not have access to the machine accounts.  Added the DNS service account to a group that already had full access to each machine account resolved my issue completely, no more errors in event viewer.

    2. The second and still potential root cause, was I was using scavenging.  With scavenging enabled, the "no-refresh" time would prevent DHCP from updating an object that was update within the specified time-frame.  After some debate and thought, I determined I did not need to have scavenging enabled, and disabled it. 


    • Marked as answer by JoeFri Thursday, February 6, 2020 2:04 PM
    Thursday, February 6, 2020 2:03 PM