Trying to configure a Windows 2003 workgroup DHCP server to perform DNS dynamic updates (don't ask me why is workgroup or advise to join it to domain, it is beyond my control!!). commandline: netsh dhcp server set dnscredentials user_name DOMAIN_NAME password result: unknown user or bad password I managed to reproduce the same issue in my lab, when I joined the lab DHCP server to domain, the configuration would succeed straight away... the lab DHCP configurations are: Workgroup Primary DNS is the AD DDNS LMHosts configured with both 1C & 1B records Any help would be very much appreciated. Jason

Jason, I can't see using a domain account on a workgroup machine. The machine has no idea what that account is. That's why you're getting a unknown user or bad password message. You must create an account on the machine itself in Local Users and Groups in Computer Management and use that account. AceAce Fekay MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003, Microsoft Certified Trainer, Microsoft MVP - Directory Services. This posting is provided AS-IS with no warranties or guarantees and confers no rights.

Ace, you mean create a local account with same name/password of the domain user account which is using for update the dynamic record in DNS? regards, jason Jason

Hi Jason, Thanks for posting here. Here are two thoughts for you refer: · The account you assigned for perform dynamic update on no domain joined DHCP server must be granted the appropriate permission to update records on that DNS zone. · What if input the FQDN of your domain for domain_name parameter when perform the command line? Like: exampledomain.com, and also please make sure that this domain name could be resolved on non-domain joined DHCP server . Thanks. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Tiger, if I use DHCP local account, there would be no way to assign permission to update records on the DNS zone. tested fqdn, same result. any idea? Jason

Hi Jason, Thanks for update You are right, local account has no right to update records on domain integrated DNS zone. Please create a new domain account , and set it a member of DnsAdmins group . After that please check if it worked with assign this account as registration credential for dynamic update on DHCP server. Meanwhile, please make sure that domain name could be correctly resolved on DHCP server. Thanks. Tiger LiPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Hi Jason, Thanks for update You are right, local account has no right to update records on domain integrated DNS zone. Please create a new domain account , and set it a member of DnsAdmins group . After that please check if it worked with assign this account as registration credential for dynamic update on DHCP server. Meanwhile, please make sure that domain name could be correctly resolved on DHCP server. Thanks. Tiger Li Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

no it doesn't work, its in my first post... Jason

I haven't tried this scenario. From what you're saying, the workgroup machine is not honoring the domain account you've configured in it's DHCP properties. Have you considered joining the DHCP server to the domain? THat would simplify things and make it work. AceAce Fekay MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003, Microsoft Certified Trainer, Microsoft MVP - Directory Services. This posting is provided AS-IS with no warranties or guarantees and confers no rights.

Ace, if I could join the DHCP to the domain, there won't be a post here....Jason

Ok, understood. I have never tried this with a workgroup server, but is there a possibility you can add it as an authorized server in AD?Ace Fekay MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003, Microsoft Certified Trainer, Microsoft MVP - Directory Services. This posting is provided AS-IS with no warranties or guarantees and confers no rights.

no luckJason

Try using your own AD credentials in DHCP to see if that works.Ace Fekay MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003 Microsoft Certified Trainer Microsoft MVP - Directory Services This posting is provided AS-IS with no warranties or guarantees and confers no rights.

unknown user or bad password, it is in my 1st post... Jason