Results 1 to 2 of 2

Thread: Active Directory Integrated DNS-DHCP -> DHCP computers with Pen Ic

  1. #1
    Kashif Guest

    Active Directory Integrated DNS-DHCP -> DHCP computers with Pen Ic

    I have computer that gets DHCP lease with Pen ICON.
    According to Technet:
    http://technet.microsoft.com/en-us/l.../cc784812.aspx
    Active Lease, DNS dynamic update pending. This address is not available for
    lease by the DHCP server.

    DHCP properties:

    DNS TAB
    -----------
    Checked -> Enable DNS dynamic updates according to the settings below
    Radio Button enable -> Dynamically update DNS A and PTR records only if
    requested by the DHCP client.

    Checked -> Discard A and PTR records when lease is deleted

    General TAB
    -------------
    Checked - > Enable DHCP audit logging

    Lease duration for DHCP clients:
    ------------------------------------
    1 Days 0 Hours and 0 minutes

    Scope Options:
    -----------------
    003 Router configured for Firewall LAN IP address
    006 DNS Servers configured for DC1 and DC2 IP address
    015 DNS Domain Name configured MyDomain.com

    Thank you for all the HELP!!!


  2. #2
    Ace Fekay [Microsoft Certified Trainer] Guest

    Re: Active Directory Integrated DNS-DHCP -> DHCP computers with Pen Ic

    In news:FE929CD9-E492-4E71-81AA-CA03E0695F5F@microsoft.com,
    Kashif <Kashif@discussions.microsoft.com>, seeking assistance, posted the
    following:
    > I have computer that gets DHCP lease with Pen ICON.
    > According to Technet:
    > http://technet.microsoft.com/en-us/l.../cc784812.aspx
    > Active Lease, DNS dynamic update pending. This address is not
    > available for lease by the DHCP server.
    >
    > DHCP properties:
    >
    > DNS TAB
    > -----------
    > Checked -> Enable DNS dynamic updates according to the settings below
    > Radio Button enable -> Dynamically update DNS A and PTR records only
    > if requested by the DHCP client.
    >
    > Checked -> Discard A and PTR records when lease is deleted
    >
    > General TAB
    > -------------
    > Checked - > Enable DHCP audit logging
    >
    > Lease duration for DHCP clients:
    > ------------------------------------
    > 1 Days 0 Hours and 0 minutes
    >
    > Scope Options:
    > -----------------
    > 003 Router configured for Firewall LAN IP address
    > 006 DNS Servers configured for DC1 and DC2 IP address
    > 015 DNS Domain Name configured MyDomain.com
    >
    > Thank you for all the HELP!!!


    Take a read on the following link. Click on the DHCP Icon references It
    means that a DNS update is pending.

    DHCP Tech Reference:
    http://technet.microsoft.com/en-us/l.../cc781580.aspx

    It may mean that if it is stuck on the pencil icon, it means it cannot
    update the record in DNS because it already exists and DHCP server does not
    own the record, the client machine does, and therefore the DHCP server
    cannot update the record. One way to get around that is to force DHCP to own
    the record, but there are few steps you need to perform to enable this
    feature, as well as set scavenging options. Read the following for a how-to.

    ==================================================================================================== ==
    ==================================================================================================== ==


    DHCP, Dynamice DNS Updates , Scavenging, static entries & timestamps, and
    the DnsProxyUpdate Group:


    --------------------------------------------
    The entity that registers it owns the record. The nice thing about DHCP
    owning the record is it will update it if DHCP gives the machine a new IP.
    Otherwise you'll see multiples of the same in DNS whether scavenging is
    enabled or not. I would force DHCP to own the record as well as enable
    scavenging to keep it clean. To force DHCP to own the record, you will need
    to do the following:

    1. Add the DHCP server to the DnsUpdateProxy Group.
    2. Force DHCP to register all records, Forward and PTR, (whether a client
    machine can do it or not) in the Option 081 tab (DHCP properties, DNS tab).
    3. Set Option 015 to the AD domain name (such as example.com).
    4. Set Option 006 to only the internal DNS servers.
    5. If the zone is set for Secure Updates Only, then DHCP cannot update
    non-Microsoft clients and Microsoft clients that are not joined to the
    domain. In this case, you will need to create and configure a user account
    for use as credentials for DHCP to register such clients.
    If your DHCP servers are Windows 2003 or WIndows 2008, Configure a
    dedicated the user account you created as credentials in DHCP by going into
    DHCP COnsole, DHCP server properties, and on the Advanced tab of the DHCP
    Server
    Properties sheet click the Credentials button, and provide this account
    info.
    The user account does not need any elevated rights, a normal user account
    is fine, however I recommend using a Strong non-expiring password on the
    account.

    Once you implement scavenging, you will need to wait at least a week for it
    to
    take effect. You can quicken it up by manually deleting the incorrect
    records to
    get started.

    But more importantly, if DHCP is on a DC, it will not overwrite the
    original host record for a machine getting a new lease with an IP
    formerly belonging to another. To overcome this, add the DHCP server
    (the DC) to the DnsProxyUpdate group. This will force DHCP to own
    all records it will create moving forward and will update an IP with
    a new name in DNS.

    If you set this, but when a record shows up in the DHCP Lease list with a
    pen
    (which means that a write is pending), it m ay mean it is trying to register
    into a zone that does not exist on the DNS servers. This happens in cases
    where
    the client machine is not joined to the domain and has a missing or
    different
    suffix than the zone in DNS. It can only register into a zone that exists on
    DNS and that zone updates have been configured to allow updates.
    If this is the case, go into the client machine's IP properties, and
    on the DNS tab in TCP/IP properties, clear the "Register this connection's
    addresses in DNS" as well as the "Use this connection's DNS suffix in DNS
    registration"
    check boxes, the DHCP Server will fill these in for you and register using
    the domain name in Option 015.

    Concerning records and timestamps, and lack of timestamps:

    If the record was manually created, it won't show a time stamp, however, if
    the record was dynamically registered, it will show a time stamp. My guess
    is the records you are referring to were manually created. If you manually
    create a record, the checkbox will not be checked to scavenge, however if it
    was dynamically registered, it will be checked. I just tested this
    withWindows 2003 DNS. When I had built a few servers for a customer and let
    them auto register, they had a timestamp and the scavenge checkbox was
    checked. For the records I manually created, such as internal www records,
    and others, they did not have a time stamp and were not checked to scavenge.

    Even if you allow auto registration, which I do by default, and it gets
    scavenged, it gets re-registered anyway by the OS. Unless you are seeing
    something going on that is affecting your environment, the default settings
    work fine, at least they do for me for all of my customers and installations
    I've worked in that I've set scavenging and forced DHCP to own the records
    so it can update the records it had registered at lease refresh time.


    The following links provide additional information on how it all works.

    How to configure DNS dynamic updates in Windows Server 2003.
    http://support.microsoft.com/kb/816592

    Using DNS Aging and ScavengingAging and scavenging of stale resource records
    are features of Domain Name System (DNS) that are available when you deploy
    your server with primary zones.
    http://technet.microsoft.com/en-us/l.../cc757041.aspx

    Microsoft Enterprise Networking Team : Don't be afraid of DNS ...Mar 19,
    2008 ... DNS Scavenging is a great answer to a problem that has been nagging
    everyone since RFC 2136 came out way back in 1997.
    http://blogs.technet.com/networking/...e-patient.aspx

    DHCP, DNS and the DNSUpdateProxy-Group - Directory Services/Active ...I had
    a discussion in the Newsgroups lately about DHCP and the
    DNSUpdateProxy-Group which is used to write unsecured DNS-Entries to a
    DNS-Zone which only ...
    http://msmvps.com/ulfbsimonweidner/a.../15/19325.aspx

    And from Kevin Goodnecht:
    Setting up DHCP for DNS registrations
    http://support.wftx.us/setting_up_dh...s_registra.htm

    317590 - HOW TO Configure DNS Dynamic Update in Windows 2000 and
    DNSUpdateProxy Group:
    http://support.microsoft.com/?id=317590

    816592 - How to configure DNS dynamic updates in Windows Server 2003:
    http://support.microsoft.com/kb/816592/

    Follow up discussion on the DNSUpdateProxy-Group:
    http://msmvps.com/ulfbsimonweidner/a.../26/39841.aspx

    ==================================================================================================== ==
    ==================================================================================================== ==

    --
    Ace

    This posting is provided "AS-IS" with no warranties or guarantees and
    confers no rights.

    Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
    Microsoft Certified Trainer
    aceman@mvps.RemoveThisPart.org

    For urgent issues, you may want to contact Microsoft PSS directly. Please
    check http://support.microsoft.com for regional support phone numbers.


Similar Threads

  1. How to deal with Rogue DHCP or DHCP Spoofing?
    By racer in forum Guides & Tutorials
    Replies: 1
    Last Post: 03-11-2011, 03:12 PM
  2. DHCP Reservation (active)/(inactive)
    By prafullanayana in forum Active Directory
    Replies: 4
    Last Post: 21-01-2010, 08:07 PM
  3. Replies: 2
    Last Post: 04-08-2008, 09:08 PM
  4. WDS 2008, DHCP, multiple VLANs, DHCP Relays, help! :-)
    By Brian Day in forum Windows Server Help
    Replies: 3
    Last Post: 08-06-2008, 07:09 AM
  5. DHCP on SBS 2003 - BAD_ADDRESS in DHCP lease list
    By haritable in forum Small Business Server
    Replies: 2
    Last Post: 26-02-2008, 10:47 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •