[SOLVED] New DHCP server - Record Registration errors

[jfrish]

So my new DHCP server is up and running successfully, DNS scope options are configured correctly, network service and machine accounts have access to the reverse DNS lookup zones. but for some reason I'm getting flooded with these errors:

PTR record registration for IPv4 address [IP] and FQDN "DNS.domain.com" failed with error 9005 (DNS operation refused.
).

Forward record registration for IPv4 address [IP] and FQDN "DNS.domain.com" failed with error 9005 (DNS operation refused.
).

I also updated the "DNS dyanmic update registration credentials" And the errors still exist.


I have a technet post too:
New DHCP server - Record Registration errors

 

[jcgriff2]

Looks like you're getting responses at TechNet Forums.

 

[Sysnative Windows Update]

That's an old thread. The OP came here for assistance after they've been unable to fix it.

 

[jcgriff2]

I did not notice that the TechNet thread was ~3 months old.

 

[jfrish]

There have been no new posts in my Technet post since I've created this post. I created this post because I'm still chasing the issue. my last post in the technet forum was:

"
I now have AD/DNS role on this DHCP server, I've cleaned up all the other DNS related issues, but this issue still exists.

Any idea's on what to take a look at next?
"

 

[Sysnative Windows Update]

Is the Use this connection's DNS suffix in DNS registration option checked in the TCP/IP settings of the network interface?

 

[jfrish]

Yes

 

[jfrish]

should it not be?

 

[jfrish]

(Just postsed this on my technet post as well)
...
Still trying to chase down this issue. Recent things I've tried:

Set interfaces on DNS down to a single IPv4 address (removed IPv6 addresses).

Cleaned out old WINS server info from DNS

DNS setings:

DHCP -DNS properties:

DHCP - Advanced - IPv4 Credentials:

DNS Primary Forward Lookup Zone:

DNSUpdateProcy group:

(I've tried with and without the DHCP and DNS computer accounts in here as well.

DNSAdmins group (same thing here):

This doesn't seem to be that complicated, but I can't figure it out why these are failing to update for the life of me. This all started when I migrated my DHCP server from a 2008R2 server to a 2019 Server (new image, not an in-place upgrade).

If I do a "IPCONFIG /RENEW" I get 3 events from my machine account, 1 for the forward lookup zone from my wired NIC, one from the PTR record for my wired NIC, and 1 for the forward lookup zone on my wireless NIC:

When I check DNS, I do see all 3 of these records are there and were updated this morning. What am I missing? Anyone have any ideas? Could the clients be updating DNS, and when the DHCP server tries to it fails bc the record was already modified?

 

[jfrish]

I have resolved this.

There are two potential issues that were my root cause
1. Machine accounts were registering DNS before DHCP was, and my DNS update credentials did not have access to the machine accounts. Added the DNS service account to a group that already had full access to each machine account resolved my issue completely, no more errors in event viewer.



2. The second and still potential root cause, was I was using scavenging. With scavenging enabled, the "no-refresh" time would prevent DHCP from updating an object that was update within the specified time-frame. After some debate and thought, I determined I did not need to have scavenging enabled, and disabled it.

 

[Sysnative Windows Update]

Thanks for letting us know.

 

[JTurbo]

Which Group did you add the Service Account to? Did you have to reboot the DNS and DHCP server or restart services after the change? We are having the same issue with the Error events.

 

[trevr]

Did anyone get any answers here?

 

[gothikserpent]

Which Group did you add the Service Account to? Did you have to reboot the DNS and DHCP server or restart services after the change? We are having the same issue with the Error events.

Did anyone figure out with group he added the service account to?

 

[Daryll]

Did anyone figure out with group he added the service account to?

You've got things like "DNS Admins" built into AD
But I set the service account under credentials for Dynamic DNS updates with full control to the AD DNS zone, rather than relying on groups

As for scavenging, agree with OP that it can be an issue, we have multiple networks on an estate, as users move between them the DHCP lease doesn't get updated when they say move back onto original network. Depends on your environment if that's much of an issue though, only issue it causes us is inbound RDP via RD Gateway - we run a low refresh of 1 hour and then allow scaenging after 2 days to be around where the DHCP lease duration is