Register this connections's addresses in DNS - not working!

Discussion in 'DNS Server' started by Claude Lachapelle, Mar 8, 2010.

  1. Since we activated scavenging we discovered that we have a lot of servers
    running Server 2003 are not refreshing their host A record, because they were
    deleted (considered as stale records)!!!

    Even if we run ipconfig /registerdns, their records are not updated -- only
    manually deleting them, and running ipconfig /registerdns again allow the
    server to recreate the record.

    DNS suffixes correct (even if we specify one), DNS zone accept secure and
    non-secure update, and no error in event logs.

    What's wrong?


    Claude Lachapelle
    La Coop fédérée, Systems Administrator
    Claude Lachapelle, Mar 8, 2010
    1. Advertisements

  2. It appears the servers may not have owned their own record, which is a prerequisite to updating their own records. If they were manually created, or set by a DHCP reservation, that would explain what happened.

    You may want to also set credentials in DHCP so the DHCP server owns the records it updates in order to update new IP leases to the same machine. Take a look at my blog on this to better explain and assist you in this task.

    DHCP, Dynamic DNS Updates, Scavenging, static entries & timestamps, and the DnsProxyUpdate Group (How to remove duplicate DNS host records)


    This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.

    Please reply back to the newsgroup or forum for collaboration benefit among responding engineers, and to help others benefit from your resolution.

    Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    If you feel this is an urgent issue and require immediate assistance, please contact Microsoft PSS directly. Please check for regional support phone numbers.
    Ace Fekay [MVP-DS, MCT], Mar 9, 2010
    1. Advertisements

  3. Finally we find out that was Mcafee which was preventing updates from dns.exe
    to lsass.exe, we deactivated the "Access protection" feature and now it is
    working properly:

    04/03/2010 9:58:14 PM Blocked by port blocking rule
    C:\WINDOWS\System32\dns.exe Anti-virus Standard Protection:prevent IRC
    05/03/2010 4:05:42 PM Blocked by port blocking rule
    C:\WINDOWS\system32\lsass.exe Anti-virus Standard Protection:prevent IRC
    08/03/2010 6:41:16 PM Blocked by port blocking rule
    C:\WINDOWS\System32\dns.exe Anti-virus Standard Protection:prevent IRC
    09/03/2010 1:08:15 PM Blocked by port blocking rule Anti-virus Standard
    Protection:prevent mass mailing worms from sending mail
    Claude Lachapelle, Mar 9, 2010

  4. You must have set McAfee for "Maximum Protection." I usually set it for Standard Protection and then tweak the settings due to what you've experienced.

    Glad to hear you figured it out.

    Ace Fekay [MVP-DS, MCT], Mar 10, 2010
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.