We had another machine where the A record just 'went away' even though it is
a domain machine that is configured to register its name in DNS.

The system failed to register host (A) resource records (RRs) for network
adapter
with settings:
Adapter Name : {E6505EFF-D308-483C-8679-D47705F6145C}
Host Name : rotunda
Primary Domain Suffix : longwood.edu
DNS server list :
159.230.xx.xx, 159.230.yy.yy
Sent update to server : 159.230.xx.xx
IP Address(es) :
159.230.4.233
The reason the system could not register these RRs during the update request
was because of a system problem. You can manually retry DNS registration of
the network adapter and its settings by typing "ipconfig /registerdns" at
the command prompt. If problems still persist, contact your DNS server or
network systems administrator. For specific error code, see the record data
displayed below.

This event appears on the member server trying to update its A record. It
appears to be a valid domain member (I can log onto a domain account using
this server). Any ideas or troubleshooting steps anyone can suggest?


"Herb Martin" <news@LearnQuick.com> wrote in message
news:%23UGn1iT0GHA.4972@TK2MSFTNGP03.phx.gbl...
> "Blake" <blake_duffey@NOSPAM.hotmail.com> wrote in message
> news:eOeC8JR0GHA.3908@TK2MSFTNGP05.phx.gbl...
>> Everything you guys said makes sense. Currently the IPs are set
>> statically, even though DHCP reservations would work the same way.
>>
>> It makes sense that non-domain servers don't support 'secure' updates, as
>> the 'secure' is a function of the domain.
>>
>
> Exactly. (Technically, any "trusted domain's" machines should
> work also, but I cannot remember having tested that since generally
> I have them register with a DNS-DC from their own domain.0
>
> Secure means literally that the computer account must be authenticated
> on the domain (or a trusted domain).
>
> --
> Herb Martin, MCSE, MVP
> Accelerated MCSE
> http://www.LearnQuick.Com
> [phone number on web site]
>
>> Thanks
>> Blake
>>
>>
>> "Herb Martin" <news@LearnQuick.com> wrote in message
>> news:OM53s9P0GHA.4932@TK2MSFTNGP02.phx.gbl...
>>> "Blake" <blake_duffey@NOSPAM.hotmail.com> wrote in message
>>> news:%23qVpXVP0GHA.4920@TK2MSFTNGP06.phx.gbl...
>>>> If I enable SECURE UPDATES only on a Windows 2003 mixed mode AD, can a
>>>> non-domain member dynamically update it's DNS records?
>>>
>>> No. (But it has nothing to do with "mixed mode".)
>>>
>>> Only machines which can authenticate will be able update their
>>> own records.
>>>
>>>> I am getting the error on a couple of servers (some domain members,
>>>> some not)
>>>
>>> Expect the errors on non-domain machines. You either must
>>> use DHCP (a domain server) to do the registration for them,
>>> or you must do this manually.
>>>
>>>> The system could not register the DNS update request because of a
>>>> security related problem.
>>>
>>> Generally it is NOT a big issue for servers (most should be in
>>> the domain anyway) since you if you cannot use DHCP for the
>>> server then you already have to manage it manually and adding
>>> it's permanent address is a one-time chore.
>>>
>>> Also recognize you can even give out DHCP assigned addresses
>>> to MOST 'servers' requiring permanent addresses (to remain the
>>> same) by using RESERVATIONS.
>>>
>>> Once the DHCP server is 'in control' of the address and set to
>>> do the registration only the account of the DHCP server matters.
>>>
>>> (And with Win2003, you can even specify an account for the
>>> DHCP servers to use -- although that feature is not in Win2000
>>> it can still do the registrations securely.)
>>>
>>>
>>> --
>>> Herb Martin, MCSE, MVP
>>> Accelerated MCSE
>>> http://www.LearnQuick.Com
>>> [phone number on web site]
>>>
>>>>
>>>> Blake
>>>>
>>>
>>>
>>
>>
>
>

> We had another machine where the A record just 'went away' even though it
> is a domain machine that is configured to register its name in DNS.

> The system failed to register host (A) resource records (RRs) for network
> adapter
> with settings:
> Host Name : rotunda
> Primary Domain Suffix : longwood.edu
> DNS server list : 159.230.xx.xx, 159.230.yy.yy
> Sent update to server : 159.230.xx.xx
> IP Address(es) : 159.230.4.233
> The reason the system could not register these RRs during the update
> request was because of a system problem. You can manually retry DNS
> registration of the network adapter and its settings by typing "ipconfig
> /registerdns" at the command prompt. If problems still persist, contact
> your DNS server or network systems administrator. For specific error code,
> see the record data displayed below.

One obvious thing to try would be the "ipconfig /registerDNS"
it suggests -- if this works then the problem was some intermittant
or "timing" related issue (e.g., authentication didn't happen before
registration attempt.)

One must assume that it "went away" because the server was not
able to refresh its registration which doesn't sound like an intermittant
issue.

> This event appears on the member server trying to update its A record. It
> appears to be a valid domain member (I can log onto a domain account using
> this server). Any ideas or troubleshooting steps anyone can suggest?

NetDiag is a good tool for checking general network features;
and as to logging into a domain account, does this also work
without further authentication for access domain resources on
another server (shared files etc.)?

The reason this clarification is needed is that one MIGHT be
logging in with "cached credentials" but they don't usually work
for accessing network resources.

The machine is trying to register with DNS server 159.230.xx.xx
so checking this machine to ensure IT is also authenticated, has
the zone, and that the zone is DYNAMIC on this DNS server would
be first steps.

Again, DCDiag on all the DCs it a good idea.

Send your 'IPConfig /all" without editing and as TEXT (no graphics
capture) so I can review it if this doesn't .

Ultimately I would put Network Monitor and/or use DNS logging
(debug logging if using Win2003) to try to analyze this if not obvious
solution appears.


--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]

"Blake" <blake_duffey@NOSPAM.hotmail.com> wrote in message
news:OV2Umt00GHA.3476@TK2MSFTNGP04.phx.gbl...
> We had another machine where the A record just 'went away' even though it
> is a domain machine that is configured to register its name in DNS.
>
> The system failed to register host (A) resource records (RRs) for network
> adapter
> with settings:
> Adapter Name : {E6505EFF-D308-483C-8679-D47705F6145C}
> Host Name : rotunda
> Primary Domain Suffix : longwood.edu
> DNS server list :
> 159.230.xx.xx, 159.230.yy.yy
> Sent update to server : 159.230.xx.xx
> IP Address(es) :
> 159.230.4.233
> The reason the system could not register these RRs during the update
> request was because of a system problem. You can manually retry DNS
> registration of the network adapter and its settings by typing "ipconfig
> /registerdns" at the command prompt. If problems still persist, contact
> your DNS server or network systems administrator. For specific error code,
> see the record data displayed below.
>
> This event appears on the member server trying to update its A record. It
> appears to be a valid domain member (I can log onto a domain account using
> this server). Any ideas or troubleshooting steps anyone can suggest?
>
>
> "Herb Martin" <news@LearnQuick.com> wrote in message
> news:%23UGn1iT0GHA.4972@TK2MSFTNGP03.phx.gbl...
>> "Blake" <blake_duffey@NOSPAM.hotmail.com> wrote in message
>> news:eOeC8JR0GHA.3908@TK2MSFTNGP05.phx.gbl...
>>> Everything you guys said makes sense. Currently the IPs are set
>>> statically, even though DHCP reservations would work the same way.
>>>
>>> It makes sense that non-domain servers don't support 'secure' updates,
>>> as the 'secure' is a function of the domain.
>>>
>>
>> Exactly. (Technically, any "trusted domain's" machines should
>> work also, but I cannot remember having tested that since generally
>> I have them register with a DNS-DC from their own domain.0
>>
>> Secure means literally that the computer account must be authenticated
>> on the domain (or a trusted domain).
>>
>> --
>> Herb Martin, MCSE, MVP
>> Accelerated MCSE
>> http://www.LearnQuick.Com
>> [phone number on web site]
>>
>>> Thanks
>>> Blake
>>>
>>>
>>> "Herb Martin" <news@LearnQuick.com> wrote in message
>>> news:OM53s9P0GHA.4932@TK2MSFTNGP02.phx.gbl...
>>>> "Blake" <blake_duffey@NOSPAM.hotmail.com> wrote in message
>>>> news:%23qVpXVP0GHA.4920@TK2MSFTNGP06.phx.gbl...
>>>>> If I enable SECURE UPDATES only on a Windows 2003 mixed mode AD, can a
>>>>> non-domain member dynamically update it's DNS records?
>>>>
>>>> No. (But it has nothing to do with "mixed mode".)
>>>>
>>>> Only machines which can authenticate will be able update their
>>>> own records.
>>>>
>>>>> I am getting the error on a couple of servers (some domain members,
>>>>> some not)
>>>>
>>>> Expect the errors on non-domain machines. You either must
>>>> use DHCP (a domain server) to do the registration for them,
>>>> or you must do this manually.
>>>>
>>>>> The system could not register the DNS update request because of a
>>>>> security related problem.
>>>>
>>>> Generally it is NOT a big issue for servers (most should be in
>>>> the domain anyway) since you if you cannot use DHCP for the
>>>> server then you already have to manage it manually and adding
>>>> it's permanent address is a one-time chore.
>>>>
>>>> Also recognize you can even give out DHCP assigned addresses
>>>> to MOST 'servers' requiring permanent addresses (to remain the
>>>> same) by using RESERVATIONS.
>>>>
>>>> Once the DHCP server is 'in control' of the address and set to
>>>> do the registration only the account of the DHCP server matters.
>>>>
>>>> (And with Win2003, you can even specify an account for the
>>>> DHCP servers to use -- although that feature is not in Win2000
>>>> it can still do the registrations securely.)
>>>>
>>>>
>>>> --
>>>> Herb Martin, MCSE, MVP
>>>> Accelerated MCSE
>>>> http://www.LearnQuick.Com
>>>> [phone number on web site]
>>>>
>>>>>
>>>>> Blake
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>

Thanks, Herb.

I tried the registerdns flag on ipconfig - that is when I get the error. I
think our firewall people are blocking TCP 53 between the registering server
and my DC/DNS box. I am yelling at them.

Thanks for your input - I'll work through your steps after I rule out the
firewall.

Blake
"Herb Martin" <news@LearnQuick.com> wrote in message
news:MWfMg.16432$dl.5667@tornado.texas.rr.com...
>> We had another machine where the A record just 'went away' even though it
>> is a domain machine that is configured to register its name in DNS.
>
>> The system failed to register host (A) resource records (RRs) for network
>> adapter
>> with settings:
>> Host Name : rotunda
>> Primary Domain Suffix : longwood.edu
>> DNS server list : 159.230.xx.xx, 159.230.yy.yy
>> Sent update to server : 159.230.xx.xx
>> IP Address(es) : 159.230.4.233
>> The reason the system could not register these RRs during the update
>> request was because of a system problem. You can manually retry DNS
>> registration of the network adapter and its settings by typing "ipconfig
>> /registerdns" at the command prompt. If problems still persist, contact
>> your DNS server or network systems administrator. For specific error
>> code, see the record data displayed below.
>
> One obvious thing to try would be the "ipconfig /registerDNS"
> it suggests -- if this works then the problem was some intermittant
> or "timing" related issue (e.g., authentication didn't happen before
> registration attempt.)
>
> One must assume that it "went away" because the server was not
> able to refresh its registration which doesn't sound like an intermittant
> issue.
>
>> This event appears on the member server trying to update its A record.
>> It appears to be a valid domain member (I can log onto a domain account
>> using this server). Any ideas or troubleshooting steps anyone can
>> suggest?
>
> NetDiag is a good tool for checking general network features;
> and as to logging into a domain account, does this also work
> without further authentication for access domain resources on
> another server (shared files etc.)?
>
> The reason this clarification is needed is that one MIGHT be
> logging in with "cached credentials" but they don't usually work
> for accessing network resources.
>
> The machine is trying to register with DNS server 159.230.xx.xx
> so checking this machine to ensure IT is also authenticated, has
> the zone, and that the zone is DYNAMIC on this DNS server would
> be first steps.
>
> Again, DCDiag on all the DCs it a good idea.
>
> Send your 'IPConfig /all" without editing and as TEXT (no graphics
> capture) so I can review it if this doesn't .
>
> Ultimately I would put Network Monitor and/or use DNS logging
> (debug logging if using Win2003) to try to analyze this if not obvious
> solution appears.
>
>
> --
> Herb Martin, MCSE, MVP
> Accelerated MCSE
> http://www.LearnQuick.Com
> [phone number on web site]
>
> "Blake" <blake_duffey@NOSPAM.hotmail.com> wrote in message
> news:OV2Umt00GHA.3476@TK2MSFTNGP04.phx.gbl...
>> We had another machine where the A record just 'went away' even though it
>> is a domain machine that is configured to register its name in DNS.
>>
>> The system failed to register host (A) resource records (RRs) for network
>> adapter
>> with settings:
>> Adapter Name : {E6505EFF-D308-483C-8679-D47705F6145C}
>> Host Name : rotunda
>> Primary Domain Suffix : longwood.edu
>> DNS server list :
>> 159.230.xx.xx, 159.230.yy.yy
>> Sent update to server : 159.230.xx.xx
>> IP Address(es) :
>> 159.230.4.233
>> The reason the system could not register these RRs during the update
>> request was because of a system problem. You can manually retry DNS
>> registration of the network adapter and its settings by typing "ipconfig
>> /registerdns" at the command prompt. If problems still persist, contact
>> your DNS server or network systems administrator. For specific error
>> code, see the record data displayed below.
>>
>> This event appears on the member server trying to update its A record.
>> It appears to be a valid domain member (I can log onto a domain account
>> using this server). Any ideas or troubleshooting steps anyone can
>> suggest?
>>
>>
>> "Herb Martin" <news@LearnQuick.com> wrote in message
>> news:%23UGn1iT0GHA.4972@TK2MSFTNGP03.phx.gbl...
>>> "Blake" <blake_duffey@NOSPAM.hotmail.com> wrote in message
>>> news:eOeC8JR0GHA.3908@TK2MSFTNGP05.phx.gbl...
>>>> Everything you guys said makes sense. Currently the IPs are set
>>>> statically, even though DHCP reservations would work the same way.
>>>>
>>>> It makes sense that non-domain servers don't support 'secure' updates,
>>>> as the 'secure' is a function of the domain.
>>>>
>>>
>>> Exactly. (Technically, any "trusted domain's" machines should
>>> work also, but I cannot remember having tested that since generally
>>> I have them register with a DNS-DC from their own domain.0
>>>
>>> Secure means literally that the computer account must be authenticated
>>> on the domain (or a trusted domain).
>>>
>>> --
>>> Herb Martin, MCSE, MVP
>>> Accelerated MCSE
>>> http://www.LearnQuick.Com
>>> [phone number on web site]
>>>
>>>> Thanks
>>>> Blake
>>>>
>>>>
>>>> "Herb Martin" <news@LearnQuick.com> wrote in message
>>>> news:OM53s9P0GHA.4932@TK2MSFTNGP02.phx.gbl...
>>>>> "Blake" <blake_duffey@NOSPAM.hotmail.com> wrote in message
>>>>> news:%23qVpXVP0GHA.4920@TK2MSFTNGP06.phx.gbl...
>>>>>> If I enable SECURE UPDATES only on a Windows 2003 mixed mode AD, can
>>>>>> a non-domain member dynamically update it's DNS records?
>>>>>
>>>>> No. (But it has nothing to do with "mixed mode".)
>>>>>
>>>>> Only machines which can authenticate will be able update their
>>>>> own records.
>>>>>
>>>>>> I am getting the error on a couple of servers (some domain members,
>>>>>> some not)
>>>>>
>>>>> Expect the errors on non-domain machines. You either must
>>>>> use DHCP (a domain server) to do the registration for them,
>>>>> or you must do this manually.
>>>>>
>>>>>> The system could not register the DNS update request because of a
>>>>>> security related problem.
>>>>>
>>>>> Generally it is NOT a big issue for servers (most should be in
>>>>> the domain anyway) since you if you cannot use DHCP for the
>>>>> server then you already have to manage it manually and adding
>>>>> it's permanent address is a one-time chore.
>>>>>
>>>>> Also recognize you can even give out DHCP assigned addresses
>>>>> to MOST 'servers' requiring permanent addresses (to remain the
>>>>> same) by using RESERVATIONS.
>>>>>
>>>>> Once the DHCP server is 'in control' of the address and set to
>>>>> do the registration only the account of the DHCP server matters.
>>>>>
>>>>> (And with Win2003, you can even specify an account for the
>>>>> DHCP servers to use -- although that feature is not in Win2000
>>>>> it can still do the registrations securely.)
>>>>>
>>>>>
>>>>> --
>>>>> Herb Martin, MCSE, MVP
>>>>> Accelerated MCSE
>>>>> http://www.LearnQuick.Com
>>>>> [phone number on web site]
>>>>>
>>>>>>
>>>>>> Blake
>>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>
>>>
>>
>>
>
>