Hi, I have several XP machines logging on to a domain (Server 2003) using the same username (to keep things simple) and all has been going ok for several months until Saturday morning when no machines could logon or from what I hear from the users took ages to logon, then the server had been restarted, then today Monday, same thing happened, had to restart the server before the workstations could logon. I have gone into the Event Viewer and found the follow error Event Type: Warning Event Source: DhcpServer Event Category: None Event ID: 1056 Date: 13/06/2009 Time: 9:02:06 a.m. User: N/A Computer: CCSBS001 Description: The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration. Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. I have no idea where to start Thanks
Create a non-admin user account. Add the account to the DnsUpdateProxy group. Go into DHCP console, right click the server name, properties, last tab to the right, select the credentials tab, and enter the user account you created and it's password. This way the DHCP server can register machines into DNS as well as update the registrations when machines get a new or different IP than the last one they had, else DHCP cannot update any records, and will simply create a new record with the same name but with a different IP. Configure DNS dynamic update credentials: Dynamic Host ...Jan 21, 2005 ... To configure DNS dynamic update credentials. Open DHCP. In the console tree, click the applicable DHCP server. Where? DHCP/applicable DHCP ... http://technet.microsoft.com/en-us/library/cc775839(WS.10).aspx I would also suggest to implement Scavenging in DNS. How to configure DNS dynamic updates in Windows Server 2003. http://support.microsoft.com/kb/816592 Using DNS Aging and ScavengingAging and scavenging of stale resource records are features of Domain Name System (DNS) that are available when you deploy your server with primary zones. http://technet.microsoft.com/en-us/library/cc757041.aspx Microsoft Enterprise Networking Team : Don't be afraid of DNS ...Mar 19, 2008 ... DNS Scavenging is a great answer to a problem that has been nagging everyone since RFC 2136 came out way back in 1997. http://blogs.technet.com/networking...afraid-of-dns-scavenging-just-be-patient.aspx -- Ace This posting is provided "AS-IS" with no warranties or guarantees and confers no rights. Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT Microsoft Certified Trainer For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers. "Efficiency is doing things right; effectiveness is doing the right things." - Peter F. Drucker http://twitter.com/acefekay
How about if I disable DNS and DHCP on there server and allocate each computer it's IP address and DNS address's from the ISP?
No, that won't do. If you are using Active Directory, the clients must use the local DNS server, not a DNS server at your ISP. Domain members use DNS to find domain resources (including the logon server). The DNS server at your ISP cannot do the job for you.
Nope, that won't work either, because the DNS still won't update correctly. I think you are missing the point. In an Active Directory domain, the DHCP and DNS /should/ be working together, such that when a new DHCP lease is assigned, the DNS records are automatically updated. This appears not to be happening on your domain, and is one cause of slow or non-working logons. The other problem, if I understand you correctly, is that your client machines' primary DNS should be pointed at your DC's IP address (Ideally this should be set in the DHCP scope) whereas you currently have them pointed at an external DNS server. As Bill said, the client machines on the domain need to use the LOCAL DNS in order to correctly find and talk to the logon server and other resources on your network. What I suggest you do is remove the DHCP and DNS server roles from your DC and then start again, making sure that the DNS zone is created as an Active Directory Integrated Zone. Make sure you install DNS before DHCP, and DHCP should be able to configure itself to update the DNS. Alister
Hi All, All the client machines primary DNS is pointing to the DC's IP which is 192.168.0.2 The slow logon's happens once in awhile I haven't tried what you guys suggested as I am trying to figure out how it is done, Ace suggested I create a non-admin user account and have found the credentials tab but not sure what user account and password to use, I have added 10 users on the server as I was only using 2 accounts, do I need to add every user in the credentials tab in DHCP console?
Also why can't everyone logon using the same username and password? can their be a problem with the same multiple users?
Hi Clayton, I think you may have missed the point for the purpose of the account. The links I supplied should have explained it. No, you simply create ONE non-admin account, and supply only that user account for DHCP credentials. The credentials are to allow DHCP to own the records in DNS so it can update the records if their IP addresses change. It is not for users to logon on to. It's for keeping DNS records updated. Please re-read this article to get a better understanding of how the DHCP and DNS updates work. Scroll down and look for the term "DnsUpdateProxy." Ace Ace
Sorry, I meant to re-post that link for you to read. Here it is: How to configure DNS dynamic updates in Windows Server 2003. http://support.microsoft.com/kb/816592 Ace
ok, I will create a non-admin account, once done what permissions do I give that account? i.e domain admin, domain users, Administrators etc?
Just create the account and leave it default, eg, part of the Domain Users group. As far as everyone logging on as the same username, that really isn't advised. Security-wise, and best practice wise. Why wouldn't you want a specific user name for everyone in your office? It reminds me of that old TV show, Bob Newhart, where the guy has two brothers wtih the same name, named Larry. Well, that may be not exactly a good analogy, but with individual accounts, you create accountability, they can be monitored, etc, and not sure if you do or even think about going that far, but if you are using Exchange email, then everyone will be the same email address. It's just not best practice. I've run across it once with a customer years ago. I sat and explained the differences to them, and they wound up agreeing it wasn't a good practice. Ace
Yeh, we have that effect on customers don't we? The security is not a major issues in this business, they are all family
When I create the non-admin account and enter it into the credentials tab do I use the full domain name including the .local in the domain box?
In the user box, type in the user account's username. In the domain box, just type in the NetBIOS domain name (not the FQDN AD DNS domain name). In the pasword box, type in the password. In the confirm password box, retype the password. I hope that helps. Ace