I have a Windows 2008 r2 server running DHCP which is also clustered.   We recently clustered the servers and setup secure DNS updates.  I thought DNS registration was working fine.  I have bothe nodes of the cluster and the cluster node name added to the DNSUpdateproxy group.  I also set the Credentials in DHCP for a user to register the DNS names on behalf of the clients.  I have secure updates set on the DNS server. 

 

Below is what I am getting in the DHCP srv Log:

31,10/24/11,15:01:59,DNS Update Failed,10.32.1.11,xxxxxxxx.mydomin.local,,,0,6,,,
30,10/24/11,15:01:59,DNS Update Request,10.32.1.11,xxxxxxxx.mydomin.local,,,0,6,,,
31,10/24/11,15:01:59,DNS Update Failed,10.32.1.12,xxxxxxxx.mydomin.local,,,0,6,,,
30,10/24/11,15:01:59,DNS Update Request,10.32.1.12,xxxxxxxx.mydomin.local,,,0,6,,,
31,10/24/11,15:01:59,DNS Update Failed,10.32.1.13,xxxxxxxx.mydomin.local,,,0,6,,,
30,10/24/11,15:01:59,DNS Update Request,10.32.1.13,xxxxxxxx.mydomin.local,,,0,6,,,
31,10/24/11,15:01:59,DNS Update Failed,10.32.1.14,xxxxxxxx.mydomin.local,,,0,6,,,
30,10/24/11,15:01:59,DNS Update Request,10.32.1.14,xxxxxxxx.mydomin.local,,,0,6,,,
31,10/24/11,15:01:59,DNS Update Failed,10.32.1.15,xxxxxxxx.mydomin.local,,,0,6,,,
30,10/24/11,15:01:59,DNS Update Request,10.32.1.15,xxxxxxxx.mydomin.local,,,0,6,,,

 

I get occational successes.  But I have a LARGE amount of failures.  If the record is not in DNS it still does not reqister. It seems though that ones that have registered with the DHCP user account can re-register. 

Can anyone help?  Do I need to delete the leases and renew for the ones that are failing?

 

Thanks,

 

Steve

Hi Steve,

 

Thanks for posting here.

 

It seems we have permission issue when doing update. Can you verify the permission of zone and records to make sure the user has the right to modify it

 

Permissions: Any backup DHCP servers in the cluster will not be able to successfully take over DHCP tasks if the appropriate security permissions have not been enabled. Administrators must create a new domain security group to which the servers belong. This group must have permissions of Full Control for the DNS zone object in Active Directory where DHCP clients have their A and PTR records registered and updated. Alternatively, administrators can add the second server to the DNSUpdateProxyGroup for the domain. Otherwise, name resolution failures will result.

 

Clustering DHCP Servers

http://technet.microsoft.com/en-us/library/cc958897.aspx

 

Regards,

 

Tiger Li

 

TechNet Subscriber Support in forum

If you have any feedback on our support, please contact  tnmff@microsoft.com.

Hi Tiger Li, thanks for your reply.  I am still getting a lot of failures but around 6:00 AM yesterday I had a bunch of clients register in DNS then it goes back to a lot of requests and failures.  I am alos getting the error below.  Is there a way to increase the queue limit?

 The DHCP cluster permissions look good.  I have all of the DHCP nodes in the cluster are a part of the DNSProxy group.

34,10/25/11,00:00:59,DNS update request failed as the DNS update requests queue limit exceeded,10.21.1.73,clientname.mydomain.local,,,0,6,,,
34,10/25/11,00:00:59,DNS update request failed as the DNS update requests queue limit exceeded,10.21.1.74,clientname.mydomain.local,,,0,6,,,
34,10/25/11,00:00:59,DNS update request failed as the DNS update requests queue limit exceeded,10.21.1.75,clientname.mydomain.local,,,0,6,,,
34,10/25/11,00:00:59,DNS update request failed as the DNS update requests queue limit exceeded,10.21.1.76,clientname.mydomain.local,,,0,6,,,
34,10/25/11,00:00:59,DNS update request failed as the DNS update requests queue limit exceeded,10.21.1.77,clientname.mydomain.local,,,0,6,,,
34,10/25/11,00:00:59,DNS update request failed as the DNS update requests queue limit exceeded,10.21.1.78,clientname.mydomain.local,,,0,6,,,
34,10/25/11,00:00:59,DNS update request failed as the DNS update requests queue limit exceeded,10.21.1.79,clientname.mydomain.local,,,0,6,,,
34,10/25/11,00:00:59,DNS update request failed as the DNS update requests queue limit exceeded,10.21.1.80,clientname.mydomain.local,,,0,6,,,
34,10/25/11,00:00:59,DNS update request failed as the DNS update requests queue limit exceeded,10.21.1.81,clientname.mydomain.local,,,0,6,,,

 

Thanks,

 

Steve

Hi Steve,

 

Thanks for update.

 

So we can get new records through this clustered DHCP server ?

We may consider to modify and increase the value for the registry key “DynamicDNSQueueLength” with following the workaround in the hotfix below and see if any improvement:

 

DHCP server processes expired PTR resource records in Windows Server 2003

http://support.microsoft.com/kb/837061

 

Thanks.

Tiger Li

Thanks Tiger, yes I get some new records but not all.   It is very sporadic I see a lot of failures and hours later I will see some successes.

 

I will try the registry key.  Is there any negative issues with making with increasing the value for "DynamicDNSQueueLength”.

 

The article you reference KB837061, we are not experinecing that issue.  DHCP seems to be working fine.  It is handing out leases and removing the leases.

 

Thanks,

 

Steve

Hi Steve,

 

Thanks for update.

 

That registry key will increase the increase the number of records that the cycle can delete which will help to narrow down the issue that you posted about the message “DNS update request failed as the DNS update requests queue limit exceeded”.

 

Have you also modified the password for the account that we set as DHCP Credentials?

 

http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/40a9b4ce-49b4-45ec-bb83-a907430e5d6c/

 

Regards,

 

Tiger Li

 

TechNet Subscriber Support in forum

If you have any feedback on our support, please contact  tnmff@microsoft.com.

We may also scan the current DHCP settings and infrastructure by using the BPA in order to correct it with the best practices:

 

http://blogs.technet.com/b/teamdhcp/archive/2010/05/01/dhcp-server-best-practice-analyzer-available-for-download.aspx

 

Regards,

 

Tiger Li

 

TechNet Subscriber Support in forum

If you have any feedback on our support, please contact  tnmff@microsoft.com.

Hi Steve,

Please feel free to let us know if the information was helpful to you.

Regards,

Tiger Li

TechNet Subscriber Support in forum
If you have any feedback on our support, please contact  tnmff@microsoft.com.

Tiger, thanks for your reply.  I have not been able to make the registry change due to we have a very strict change control on servers and applications.  I will need to make the change at off hours on the weekend.

I do have another question relating to this DHCP issue.  I came across some articles regarding Reverse lookup zones that might affect client registering in DNS.

Lets say we use a private address scheme 10.x.x.x  But we subnet this into many subnets.  For instance:

10.3.11.x, 10.3.12.x, 10.11.1.x, 10.44.1.x, 10.44.2.x and so on.

When creating a Reverse lookup zone in DNS can we just use 10.in-addr.arpa for the 10.0.0.0/8 block and the 168.192.in-addr.arpa for the 192.168.0.0/16 block?  Instead of creating a reverse lookup for each subnet like below which is the way we have now:

11.3.10.in-addr.arpa

12.3.10.in-addr.arpa 

1.11.10.in-addr.arpa 

1.44.10.in-addr.arpa  

 

Thanks,

 

Steve

 

Hi Steve,

we are experiencing an analog problem on our Win 2008 R2 DHCP cluster.

Did this registry-change solve your problem in the end?

Maybe something else did the trick?

Thanks for any info,

Wim

Hi WimVL, I am not sure what you mean by analog problem. I never made the registry change. I actually changed the the setting to allow the clients to register their own names in DNS instead of having DHCP do it. Once I did that everything started working fine. I not sure why it was not working. If you do figure it out please post back here. Thanks, Steve