A DHCP Server Still Owns DNS Records When It Is a Member of the DnsUpdateProxy Group (314233)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
This article was previously published under Q314233

SYMPTOMS

If you use Active Directory-integrated DNS zones with secure dynamic updates, the server may still be the owner of the records that it registers on behalf of an earlier client (such as a Microsoft Windows NT 4.0-based client) in DNS after you add a Windows 2000-based DHCP server to the built-in DnsUpdateProxy group.

A common scenario for this issue involves a DHCP clustered server. In this scenario, both nodes are in the DnsUpdateProxy group. After a failover, the active node cannot deregister or reregister the DNS records for clients.

RESOLUTION

To resolve this issue, you must reset the secure channel for the DHCP server. If you have a clustered DHCP server, you must reset the secure channel on each node. You can do this either by restarting the DHCP server or each cluster node, or by manually resetting the secure channel.

To manually reset the secure channel, you can you use either Nltest.exe or Netdom.exe. You can reset the secure channel by using either of the following commands:

nltest /server:servername /sc_reset:domainname

netdom reset servername /domain:domainname

Substitute your DHCP server name for servername. Substitute your domain name for domainname.

MORE INFORMATION

For additional information about secure channels, click the article number2 below to view the article2 in the Microsoft Knowledge Base:

175024 Resetting Domain Member Secure Channel

216393 Resetting Computer Accounts in Windows 2000 and Windows XP

For more information about the DnsUpdateProxy group, visit the following Microsoft Web site:

Windows 2000 DNS White Paper

Modification Type:MajorLast Reviewed:1/6/2006
Keywords:kbenv kbnofix kbprb KB314233
©2004 Microsoft Corporation. All rights reserved.