Clients are no longer dynamically updating DNS

Clients are no longer dynamically updating DNS. Newly added clients are not
added to the DNS server.

I have one DC, one DNS server on the DC. I have reverse setup.

Here's an error from one of my clients:

The system failed to register host (A) resource records (RRs) for network
adapter
with settings:

Adapter Name : {7C56E4E0-FC47-40D7-A30C-F302D40FAC82}
Host Name : jemlay
Primary Domain Suffix : domain.com
DNS server list :
169.254.2.214
Sent update to server : <?>
IP Address(es) :
169.254.2.98

The reason the system could not register these RRs was because either (a)
the DNS server does not support the DNS dynamic update protocol, or (b) the
authoritative zone for the specified DNS domain name does not accept dynamic
updates.

I don't understand the <?>. Why wouldn't it be able to figure out where to
send the update?

As for permissions, I checked out everything I know how. If I go to the DNS
server and look at the security for the domain AS WELL AS the A record and I
go to Effective Permissions and put in either my username or machine name I
have full access. By that I mean, every single checkbox is ticked.

As for updates, I have it set to both secure and non secure and I double
checked the AllowUpdate reg key and it's set to 1.

Any ideas? Thanks for any help!
Justin

Hello Justin,

As the APIPA address is used 169.254.x.x please post an unedited ipconfig
/all form the problem machine and your DNS server,so we can verify the basic
DNS setup.

Also for registering the DHCP client service has to run on the machine, which
it seems to as APIPA address is listed, just to confirm.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Clients are no longer dynamically updating DNS. Newly added clients
> are not added to the DNS server.
>
> I have one DC, one DNS server on the DC. I have reverse setup.
>
> Here's an error from one of my clients:
>
> The system failed to register host (A) resource records (RRs) for
> network
> adapter
> with settings:
> Adapter Name : {7C56E4E0-FC47-40D7-A30C-F302D40FAC82}
> Host Name : jemlay
> Primary Domain Suffix : domain.com
> DNS server list :
> 169.254.2.214
> Sent update to server : <?>
> IP Address(es) :
> 169.254.2.98
> The reason the system could not register these RRs was because either
> (a) the DNS server does not support the DNS dynamic update protocol,
> or (b) the authoritative zone for the specified DNS domain name does
> not accept dynamic updates.
>
> I don't understand the <?>. Why wouldn't it be able to figure out
> where to send the update?
>
> As for permissions, I checked out everything I know how. If I go to
> the DNS server and look at the security for the domain AS WELL AS the
> A record and I go to Effective Permissions and put in either my
> username or machine name I have full access. By that I mean, every
> single checkbox is ticked.
>
> As for updates, I have it set to both secure and non secure and I
> double checked the AllowUpdate reg key and it's set to 1.
>
> Any ideas? Thanks for any help!
> Justin

Windows IP Configuration

Host Name . . . . . . . . . . . . : me
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82566DM Gigabit Network
Connection
Physical Address. . . . . . . . . : 00-19-D1-DD-F9-D6
Dhcp Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 169.254.2.98
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 169.254.2.1
DNS Servers . . . . . . . . . . . : 169.254.2.214

Hello Justin,

So all your machines uses addresses from the APIPA (automated private ip
addressing) range as fxied ip's? What about the DNS server ipconfig /all
and the DHCP client service, it MUST run for DNS registration?

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : me
> Primary Dns Suffix . . . . . . . : domain.com
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : domain.com
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) 82566DM Gigabit
> Network
> Connection
> Physical Address. . . . . . . . . : 00-19-D1-DD-F9-D6
> Dhcp Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 169.254.2.98
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 169.254.2.1
> DNS Servers . . . . . . . . . . . : 169.254.2.214

DHCP is not used but the service is running. All machines have fixed IPs.
From my DC/DNS machine:

Windows IP Configuration

Host Name . . . . . . . . . . . . : ad
Primary Dns Suffix . . . . . . . : domain.com
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domain.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet
Adapt
er (Generic)
Physical Address. . . . . . . . . : 00-03-FF-EF-06-E5
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 169.254.2.214
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 169.254.2.238
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 169.254.2.1
DNS Servers . . . . . . . . . . . : 169.254.2.214

"Justin" <None@None.com> wrote in message
news:uNoBBuDsKHA.5036@TK2MSFTNGP02.phx.gbl...
> DHCP is not used but the service is running. All machines have fixed IPs.
> From my DC/DNS machine:
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : ad
> Primary Dns Suffix . . . . . . . : domain.com
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : domain.com
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel 21140-Based PCI Fast Ethernet
> Adapter (Generic)
> Physical Address. . . . . . . . . : 00-03-FF-EF-06-E5
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : 169.254.2.214
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> IP Address. . . . . . . . . . . . : 169.254.2.238
> Subnet Mask . . . . . . . . . . . : 255.255.255.0
> Default Gateway . . . . . . . . . : 169.254.2.1
> DNS Servers . . . . . . . . . . . : 169.254.2.214
>
>
>


Hi Justin,

I extremely curious as to why you are using the APIPA private
autoconfiguration IP range for your static IP addresses? The APIPA is
reserved for machines when they cannpt get an IP address. We also use it as
a troubleshooting tool because when we see such an address, it tells us
right away there is a problem with a machine not receiving a DHCP address,
which allows us to initiate troubleshooting steps.

Therefore, IP addresses in the range of 169.254.0.0 -169.254.255.255 are
reserved for Automatic Private IP Addressing.

More info on what this means:
Automatic Private IP Addressing (APIPA), Last updated: 10/19/01
http://www.duxcw.com/faq/network/autoip.htm

The *properly* accepted private IP ranges for internal private use in
network infrastructures are:

10.0.0.0 - 10.255.255.255
172.16.0.0 - 172.31.255.255
192.168.0.0 - 192.168.255.255

More info on what the private accepted ranges are:
Private IP Addresses, Last updated: 10/19/01:
http://www.duxcw.com/faq/network/privip.htm

As far as your DC is concerned, it appears to be a multihomed DC. What
constitutes a multihomed DC is a DC with either multiple NICs, multiple IP
addresses, and/or if RRAS is installed on it. Multihomed DCs are extremely
problematic, therefore I am not surprised you are having problems.

Also curious, why are there multiple IP addresses on it? Are you running web
services that require additional IPs on it, or is Exchange installed and you
needed to create an additional SMTP virtual server on it?

My recommendations to fix the issue:

1. Remove the additional IP address off of the DC/DNS servers. If you have
any additional DCs that are multihomed, disable all except one NIC,
eliminate additional IP addresses, and remove RRAS (such as for VPN) off the
DC. If you need a multihomed machine, select a non-domain controller for
this role.

2. Plan on changing the APIPA internal IP range currently in use to one of
the actual accepted ranges.

Also, Meinolf mentioned the "DHCP CLIENT Service" is required on all
machines (not the "DHCP Server Service"). The DHCP Client Service is the
actual "DNS registration Service" on all machines that send updates to a DNS
server. That needs to be running or DNS Dynamic Updates will fail.

Are there any errors in the DC/DNS or workstations in the Event logs? If so,
please post the EventID# and SOURCE names.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE &
MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services

If you feel this is an urgent issue and require immediate assistance, please
contact Microsoft PSS directly. Please check http://support.microsoft.com
for regional support phone numbers.

The IP range:

This was before me. The guy who setup the initial network (he installed an
Intel Router) used what he was "given" by the router. See where this is
going? So that's how the network was setup. Since then it just stayed that
way.

Multiple IPs:
The DC has an IP address of 169.254.2.238. In the past the DNS was on a
different machine. Since then is was moved to the DC machine itself. As
stated the clients are all hardcoded. So instead of changing the clients
the other IP was added to that machine. Been working fine that way for over
8 years.

Actually I prefer to keep the dual IPs. Our firewall routes AD traffic
based on 238 and routes DNS traffic based on 214.

DHCP Client is also started on all machines.

There are no errors on the DC/DNS machine. The only error on the client is
the one I posted initially. I'll post it again here:

The system failed to register host (A) resource records (RRs) for network
adapter
with settings:

Adapter Name : {7C56E4E0-FC47-40D7-A30C-F302D40FAC82}
Host Name : jemlay
Primary Domain Suffix : domain.com
DNS server list :
169.254.2.214
Sent update to server : <?>
IP Address(es) :
169.254.2.98


As I stated before:

"I don't understand the <?>. Why wouldn't it be able to figure out where to
send the update?"

The client reports that message once a day. The client reports nothing if I
initiate, ipconfig /registerdns

"Justin" <None@None.com> wrote in message
news:esY3kGZsKHA.4492@TK2MSFTNGP05.phx.gbl...
> The IP range:
>
> This was before me. The guy who setup the initial network (he installed
> an Intel Router) used what he was "given" by the router. See where this
> is going? So that's how the network was setup. Since then it just stayed
> that way.
>
> Multiple IPs:
> The DC has an IP address of 169.254.2.238. In the past the DNS was on a
> different machine. Since then is was moved to the DC machine itself. As
> stated the clients are all hardcoded. So instead of changing the clients
> the other IP was added to that machine. Been working fine that way for
> over 8 years.
>
> Actually I prefer to keep the dual IPs. Our firewall routes AD traffic
> based on 238 and routes DNS traffic based on 214.
>
> DHCP Client is also started on all machines.
>
> There are no errors on the DC/DNS machine. The only error on the client
> is the one I posted initially. I'll post it again here:
>
> The system failed to register host (A) resource records (RRs) for network
> adapter
> with settings:
>
> Adapter Name : {7C56E4E0-FC47-40D7-A30C-F302D40FAC82}
> Host Name : jemlay
> Primary Domain Suffix : domain.com
> DNS server list :
> 169.254.2.214
> Sent update to server : <?>
> IP Address(es) :
> 169.254.2.98
>
>
> As I stated before:
>
> "I don't understand the <?>. Why wouldn't it be able to figure out where
> to
> send the update?"
>
> The client reports that message once a day. The client reports nothing if
> I initiate, ipconfig /registerdns


If it's been working, and all of a sudden it is not, what may I ask,
recently changed?

If you change it to 169.254.2.238, does it work?

I assume there are two Forward Lookup zones, (domain.com and
_msdcs.domain.com), as well as possibly a reverse lookup zone for
169.254.2.0. Are all zone properties set to allow updates (secure or
non-secure)?

As for the error itself, I *assume* it's EventID# 11164. Is that correct?
This is usually associated to a single label name DNS zone. However, your
ipconfig /alls indicate a 'domain.com' zone, so I don't believe it's
associated with a single label name issue. Read the following, please:
http://eventid.net/display.asp?event...DNSapi&phase=1

Any other EventID# on the workstation or the DC? If so, please post them.

You may want to run a "netdiag /v /fix" on the DC and see what errors show
up in the results.

I can't see a router providing an APIPA number by default. Most routers have
a NAT IP range assigned from the vendor. It is possible in the very
beginning the router's DHCP service was turned off, and when the first
machine turned on coudn't get an IP, it automatically assigned itself an
APIPA (169.254.x.x) and the previous person thought that is what the IP
range is supposed to be, and the rest is history.

Even if you can't change the IP range, which is recommended, but not
critical, as an enginner, I would honestly highly recommend and advise to
remove the additional IP off the DC. To understand the implications, please
read my following blog on multihoming a DC and what the implications are. If
you don't believe me, you can ask any qualified engineer what the
implications are, even though it's 'been working for so many years.'

Multihomed DCs with DNS, RRAS, multiple IPs, and/or PPPoE adapters
http://msmvps.com/blogs/acefekay/arc...-adapters.aspx

Ace

The guy who setup the initial network (he installed an Intel Router) used what he was "given" by the router.&nbsp;



As M. Fekay said, xe almost certainly didn't.



Our firewall routes AD traffic based on 238 and routes DNS traffic based on 214.



And there's one part of the problem.&nbsp; Link-local IP traffic is link-local because it isn't supposed to be routed outside of the link.&nbsp; And here you are routing link-local traffic to other links.&nbsp; Read RFC 3927 &sect;7.&nbsp; Your router is, at minimum, misconfigured.



&nbsp; Sent update to server : &lt;?&gt;



And here you are expecting client-server communication to work using link-local addressing over multiple links.

That's just it, nothing changed. All of a sudden I started to get a flood
of these Event Logs in System Center Essentials. (Beta testing 2010).
Update maybe?

I only have one forward lookup zone. My domain.

There are no other errors or warnings. Just the 11164. I read the MS
article on that. Nothing in there helped.

@Jonathan - I have no clue what you are referring to. Logically I can't
begin to imagine how my router is misconfigured. As I mentioned, it's been
working fine. There is nothing wrong with the internal routes.

It's been a long time coming. The way our IPs are setup is starting to
become limiting. We only use .200+ for application servers ad devices and
we are starting to run out of room. So I went ahead and scheduled the fun
task of redoing our entire IP scheme. Every desk has two lines. All lines
are numbered. It made sense to someone that each machine have an ip address
of the number it was plugging into. I've been growing sick of this scheme
for a long time now.

Step 1 - Switch all clients to DHCP in the lower range up to .99. Done.
Putting out fires.
Step 2 - Switch subnet to 192.168.1.x - This is going to blow a lot of stuff
up. Especially printers. I probably wont get back to you for a day.

Removing the second IP from the DC is going to be more involved. Any way to
test to see if that's the problem first? I changed the DNS address on the
DC to it's other IP. The same IP as as the machine. I then removed the DCs
record from the DNS server and ran /registerdns. It did not put itself back
in the DNS. Should it have?

btw, everything passed with netdiag





"Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message
news:ubuYtUdsKHA.5356@TK2MSFTNGP02.phx.gbl...
> "Justin" <None@None.com> wrote in message
> news:esY3kGZsKHA.4492@TK2MSFTNGP05.phx.gbl...
>> The IP range:
>>
>> This was before me. The guy who setup the initial network (he installed
>> an Intel Router) used what he was "given" by the router. See where this
>> is going? So that's how the network was setup. Since then it just
>> stayed that way.
>>
>> Multiple IPs:
>> The DC has an IP address of 169.254.2.238. In the past the DNS was on a
>> different machine. Since then is was moved to the DC machine itself. As
>> stated the clients are all hardcoded. So instead of changing the clients
>> the other IP was added to that machine. Been working fine that way for
>> over 8 years.
>>
>> Actually I prefer to keep the dual IPs. Our firewall routes AD traffic
>> based on 238 and routes DNS traffic based on 214.
>>
>> DHCP Client is also started on all machines.
>>
>> There are no errors on the DC/DNS machine. The only error on the client
>> is the one I posted initially. I'll post it again here:
>>
>> The system failed to register host (A) resource records (RRs) for network
>> adapter
>> with settings:
>>
>> Adapter Name : {7C56E4E0-FC47-40D7-A30C-F302D40FAC82}
>> Host Name : jemlay
>> Primary Domain Suffix : domain.com
>> DNS server list :
>> 169.254.2.214
>> Sent update to server : <?>
>> IP Address(es) :
>> 169.254.2.98
>>
>>
>> As I stated before:
>>
>> "I don't understand the <?>. Why wouldn't it be able to figure out where
>> to
>> send the update?"
>>
>> The client reports that message once a day. The client reports nothing
>> if I initiate, ipconfig /registerdns
>
>
> If it's been working, and all of a sudden it is not, what may I ask,
> recently changed?
>
> If you change it to 169.254.2.238, does it work?
>
> I assume there are two Forward Lookup zones, (domain.com and
> _msdcs.domain.com), as well as possibly a reverse lookup zone for
> 169.254.2.0. Are all zone properties set to allow updates (secure or
> non-secure)?
>
> As for the error itself, I *assume* it's EventID# 11164. Is that correct?
> This is usually associated to a single label name DNS zone. However, your
> ipconfig /alls indicate a 'domain.com' zone, so I don't believe it's
> associated with a single label name issue. Read the following, please:
> http://eventid.net/display.asp?event...DNSapi&phase=1
>
> Any other EventID# on the workstation or the DC? If so, please post them.
>
> You may want to run a "netdiag /v /fix" on the DC and see what errors show
> up in the results.
>
> I can't see a router providing an APIPA number by default. Most routers
> have a NAT IP range assigned from the vendor. It is possible in the very
> beginning the router's DHCP service was turned off, and when the first
> machine turned on coudn't get an IP, it automatically assigned itself an
> APIPA (169.254.x.x) and the previous person thought that is what the IP
> range is supposed to be, and the rest is history.
>
> Even if you can't change the IP range, which is recommended, but not
> critical, as an enginner, I would honestly highly recommend and advise to
> remove the additional IP off the DC. To understand the implications,
> please read my following blog on multihoming a DC and what the
> implications are. If you don't believe me, you can ask any qualified
> engineer what the implications are, even though it's 'been working for so
> many years.'
>
> Multihomed DCs with DNS, RRAS, multiple IPs, and/or PPPoE adapters
> http://msmvps.com/blogs/acefekay/arc...-adapters.aspx
>
> Ace
>

"Justin" <None@None.com> wrote in message
news:u8xH1VBtKHA.3536@TK2MSFTNGP06.phx.gbl...
> That's just it, nothing changed. All of a sudden I started to get a flood
> of these Event Logs in System Center Essentials. (Beta testing 2010).
> Update maybe?
>
> I only have one forward lookup zone. My domain.
>
> There are no other errors or warnings. Just the 11164. I read the MS
> article on that. Nothing in there helped.
>
> @Jonathan - I have no clue what you are referring to. Logically I can't
> begin to imagine how my router is misconfigured. As I mentioned, it's
> been working fine. There is nothing wrong with the internal routes.
>
> It's been a long time coming. The way our IPs are setup is starting to
> become limiting. We only use .200+ for application servers ad devices and
> we are starting to run out of room. So I went ahead and scheduled the fun
> task of redoing our entire IP scheme. Every desk has two lines. All
> lines are numbered. It made sense to someone that each machine have an ip
> address of the number it was plugging into. I've been growing sick of
> this scheme for a long time now.
>
> Step 1 - Switch all clients to DHCP in the lower range up to .99. Done.
> Putting out fires.
> Step 2 - Switch subnet to 192.168.1.x - This is going to blow a lot of
> stuff up. Especially printers. I probably wont get back to you for a
> day.
>
> Removing the second IP from the DC is going to be more involved. Any way
> to test to see if that's the problem first? I changed the DNS address on
> the DC to it's other IP. The same IP as as the machine. I then removed
> the DCs record from the DNS server and ran /registerdns. It did not put
> itself back in the DNS. Should it have?
>
> btw, everything passed with netdiag
>


Beta testing Exchange 2010?

Wait, I hope I caught you in time. I would choose something else other than
192.168.1.x. This is because many home routers have that IP range, and if
you were to have a VPN user connect in with that IP range at home, they
won't be able toa access the network!!! Choose something like 192.168.80.x
or 10.10.0.x/24, etc. If you need more than 254 IPs, go up one subnet with
10.10.0.0/23 to give you 510 usable IPs. That range will wind up being
10.10.10.1 - 10.10.11.254.

Yes, the netlogon service will register the SRV records, which include the
LdapIpAddress (the one that shows up as 'same as parent'), the GcIpAddress
(the GC address), as well as all those other folders with the underscores in
them. The ipconfig /registerdns registers the Forward and Reverse entry.

As for that 11164, it could be smoething as simple as not having a reverse
zone created. Create one for the IP range you are going to go with.

Ace

For crying out loud! I found the problem. Although...why now?

In anticipation of moving forward with the new IP scheme I went ahead and
put the resulting IP in the DNS server under interfaces (listen on). Since
..214 was the DNS server of choice I only ever had .214 in that list. Out of
curiosity I added .238 (the other IP on the DC). My clients started
updating DNS just fine.

So in the end. Having two IPs on the DC remains fine however ALL IPs on the
DC must listen on the DNS service.

Again, why now? My best guesses are, an update fixed a bug were that wasn't
suppose to be allowed or an update tightened up security?

I deleted A records, they got added back. I changed IPs on various
workstations they all updated DNS. I installed a new workstation and it as
well got added to DNS.

I'll still move forward with the new IP scheme but hopefully this puts my
problem to rest.

Thank you so much Ace for all your help. Without all this input I would
have never happened across the solution.




"Ace Fekay [MVP-DS, MCT]" <aceman@mvps.RemoveThisPart.org> wrote in message
news:eEdhd9BtKHA.3360@TK2MSFTNGP06.phx.gbl...
> "Justin" <None@None.com> wrote in message
> news:u8xH1VBtKHA.3536@TK2MSFTNGP06.phx.gbl...
>> That's just it, nothing changed. All of a sudden I started to get a
>> flood of these Event Logs in System Center Essentials. (Beta testing
>> 2010). Update maybe?
>>
>> I only have one forward lookup zone. My domain.
>>
>> There are no other errors or warnings. Just the 11164. I read the MS
>> article on that. Nothing in there helped.
>>
>> @Jonathan - I have no clue what you are referring to. Logically I can't
>> begin to imagine how my router is misconfigured. As I mentioned, it's
>> been working fine. There is nothing wrong with the internal routes.
>>
>> It's been a long time coming. The way our IPs are setup is starting to
>> become limiting. We only use .200+ for application servers ad devices
>> and we are starting to run out of room. So I went ahead and scheduled
>> the fun task of redoing our entire IP scheme. Every desk has two lines.
>> All lines are numbered. It made sense to someone that each machine have
>> an ip address of the number it was plugging into. I've been growing sick
>> of this scheme for a long time now.
>>
>> Step 1 - Switch all clients to DHCP in the lower range up to .99. Done.
>> Putting out fires.
>> Step 2 - Switch subnet to 192.168.1.x - This is going to blow a lot of
>> stuff up. Especially printers. I probably wont get back to you for a
>> day.
>>
>> Removing the second IP from the DC is going to be more involved. Any way
>> to test to see if that's the problem first? I changed the DNS address on
>> the DC to it's other IP. The same IP as as the machine. I then removed
>> the DCs record from the DNS server and ran /registerdns. It did not put
>> itself back in the DNS. Should it have?
>>
>> btw, everything passed with netdiag
>>
>
>
> Beta testing Exchange 2010?
>
> Wait, I hope I caught you in time. I would choose something else other
> than 192.168.1.x. This is because many home routers have that IP range,
> and if you were to have a VPN user connect in with that IP range at home,
> they won't be able toa access the network!!! Choose something like
> 192.168.80.x or 10.10.0.x/24, etc. If you need more than 254 IPs, go up
> one subnet with 10.10.0.0/23 to give you 510 usable IPs. That range will
> wind up being 10.10.10.1 - 10.10.11.254.
>
> Yes, the netlogon service will register the SRV records, which include the
> LdapIpAddress (the one that shows up as 'same as parent'), the GcIpAddress
> (the GC address), as well as all those other folders with the underscores
> in them. The ipconfig /registerdns registers the Forward and Reverse
> entry.
>
> As for that 11164, it could be smoething as simple as not having a reverse
> zone created. Create one for the IP range you are going to go with.
>
> Ace
>
>
>

"Justin" <None@None.com> wrote in message
news:%23WBxvjCtKHA.3660@TK2MSFTNGP05.phx.gbl...
> For crying out loud! I found the problem. Although...why now?
>
> In anticipation of moving forward with the new IP scheme I went ahead and
> put the resulting IP in the DNS server under interfaces (listen on).
> Since .214 was the DNS server of choice I only ever had .214 in that list.
> Out of curiosity I added .238 (the other IP on the DC). My clients
> started updating DNS just fine.
>
> So in the end. Having two IPs on the DC remains fine however ALL IPs on
> the DC must listen on the DNS service.
>
> Again, why now? My best guesses are, an update fixed a bug were that
> wasn't suppose to be allowed or an update tightened up security?
>
> I deleted A records, they got added back. I changed IPs on various
> workstations they all updated DNS. I installed a new workstation and it
> as well got added to DNS.
>
> I'll still move forward with the new IP scheme but hopefully this puts my
> problem to rest.
>
> Thank you so much Ace for all your help. Without all this input I would
> have never happened across the solution.
>
>


Wow, good find. :-) I would have never thought the "Listen" IP was changed.
Interesting.

Good luck with the IP change. Remember what I said about what to choose.

And you are welcome!!

Ace