none
New DHCP server - Record Registration errors RRS feed

  • Question

  • So my new DHCP server is up and running successfully, DNS scope options are configured correctly, network service and machine accounts have access to the reverse DNS lookup zones.  but for some reason I'm getting flooded with these errors:

    PTR record registration for IPv4 address [IP] and FQDN "DNS.domain.com" failed with error 9005 (DNS operation refused.
    ).

    Forward record registration for IPv4 address [IP] and FQDN "DNS.domain.com" failed with error 9005 (DNS operation refused.
    ).

    I also updated the "DNS dyanmic update registration credentials" And the errors still exist.

    Any ideas where to check that I haven't already?



    • Edited by JoeFri Monday, November 4, 2019 2:08 PM
    Monday, November 4, 2019 1:09 PM

All replies

  • Hi,

    >>So my new DHCP server is up and running successfully, DNS scope options are configured correctly,

    Did your DNS, DHCP and AD on the same server?

    As far as I know, DHCP will only update zone for your AD domain name.

    If yes, please check the DNS zone name and AD name.

    You can refer the following article:

    DNS update fails from DHCP server

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Please run the command: dcdiag /test dns and upload the screenshot.

    Please refer this article:

    Dcdiag for DNS: Test details explained

    Hope this can help you, if you have anything unclear, please let me know.

    Best Regards,

    Ellen


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Tuesday, November 5, 2019 9:34 AM
  • Did your DNS, DHCP and AD on the same server?
    No not yet, they are on two different servers.

    As far as I know, DHCP will only update zone for your AD domain name.

    I have 3 DNS servers, and we have two zones domain.com and domain.local.  All of the AD-DNS zones are all set to "Active Directory-Integrated" and all of them set to "Secure Only" which is fine, b/c the only devices I want to update DNS are domain joined windows PC's.  Replication between the 3 servers is working fine according to dcdiag.

    The errors I am seeing in event viewer point to domain.local, and are referring to the PTR record registration and the forward record registration, per the error I listed above.





    • Edited by JoeFri Tuesday, November 5, 2019 3:36 PM
    Tuesday, November 5, 2019 12:50 PM
  • I am also seeing some other DNS errors that occur once every time the server reboots it appears:
    "The zone domain.local was previously loaded from the directory partition MicrosoftDNS but another copy of the zone has been found in directory partition DomainDnsZones.palmerholland.local. The DNS Server will ignore this new copy of the zone. Please resolve this conflict as soon as possible. "

    and

    "The zone domain.com was previously loaded from the directory partition MicrosoftDNS but another copy of the zone has been found in directory partition DomainDnsZones.palmerholland.local. The DNS Server will ignore this new copy of the zone. Please resolve this conflict as soon as possible. "

    When I do a ADSI edit, and look under "MicrosoftDNS" I only see "TrustAnchors" and "msdcs.domain.local" under there, should I see anything else? (under all 3 AD-DNS servers it's the same).  I don't see a duplicate zone anywhere, so not sure why this is.  Could this be part of the problem?

    Tuesday, November 5, 2019 1:40 PM
  • more info from a DCdiag DNS test:

    TEST: Basic (Basc)
                      The OS


                      Microsoft Windows Server 2008 R2 Standard  (Service Pack level: 1.0)


                      is supported.


                      NETLOGON service is running


                      kdc service is running


                      DNSCACHE service is running


                      DNS service is running


                      DC is a DNS server


                      Network adapters information:


                      Adapter


                      [00000013] Microsoft Virtual Machine Bus Network Adapter:


                         MAC address is 00:15:5D:01:8B:46
                         IP Address is static 
                         IP address: 
                         DNS servers:


                            192.168.1.26 (DC01) [Valid]
                            192.168.1.70 (UTIL03) [Valid]
                            127.0.0.1 (UTIL02) [Valid]
                      The A host record(s) for this DC was found
                      The SOA record for the Active Directory zone was found
                      The Active Directory zone on this DC/DNS server was found primary
                      Root zone on this DC/DNS server was not found

    Summary of DNS test results:


             
                                                Auth Basc Forw Del  Dyn  RReg Ext
                _________________________________________________________________
                Domain: palmerholland.local


                   Util02                    PASS PASS PASS PASS PASS PASS n/a  
                   Util03                    PASS PASS PASS PASS PASS PASS n/a  
                   DC01                      PASS PASS PASS PASS PASS PASS n/a 

    Could the "root zone on this DC/DNS server not found" be cause for concern?

    Following this: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/manage/troubleshoot/verify-dns-functionality-to-support-directory-replication


    Everything appears to be working fine... so why the errors in event viewer?





    • Edited by JoeFri Tuesday, November 5, 2019 2:10 PM
    Tuesday, November 5, 2019 1:56 PM
  • Latest piece of data I discovered, is in ADSI edit, it appears the my primary IP ADDR reverse lookup zone is missing, even though it shows up in DNS.  I try to add in in ADSI edit, and I get an error that an object with that name already exists... 

    Still working on this, I will be trying to resolve the "duplicate zone" issue tonight, to see if they could be related.

    Tuesday, November 5, 2019 7:09 PM
  • Hi,

    >>I will be trying to resolve the "duplicate zone" issue tonight, to see if they could be related.

    If this way is useful?

    I wil check other methods for you.

    Sorry for the inconvenience and thank you for your understanding and patience.

    Hope this can help you, if you have anything unclear, please let me know.

    Best reagrad,

    Ellen



    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, November 15, 2019 9:41 AM
  • Hi,

    Just checking the current situation of your problem.

    Please let us know if you would like further help.

    Best regards,

    Ellen


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Tuesday, November 19, 2019 7:07 AM