Microsoft KB Archive/314233

= A DHCP Server Still Owns DNS Records When It Is a Member of the DnsUpdateProxy Group =

Article ID: 314233

Article Last Modified on 3/2/2007

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q314233



SYMPTOMS
If you use Active Directory-integrated DNS zones with secure dynamic updates, the server may still be the owner of the records that it registers on behalf of an earlier client (such as a Microsoft Windows NT 4.0-based client) in DNS after you add a Windows 2000-based DHCP server to the built-in DnsUpdateProxy group.

A common scenario for this issue involves a DHCP clustered server. In this scenario, both nodes are in the DnsUpdateProxy group. After a failover, the active node cannot deregister or reregister the DNS records for clients.



RESOLUTION
To resolve this issue, you must reset the secure channel for the DHCP server. If you have a clustered DHCP server, you must reset the secure channel on each node. You can do this either by restarting the DHCP server or each cluster node, or by manually resetting the secure channel.

To manually reset the secure channel, you can you use either Nltest.exe or Netdom.exe. You can reset the secure channel by using either of the following commands:

'''nltest /server: /sc_reset:

netdom reset  /domain: '''

Substitute your DHCP server name for. Substitute your domain name for.



MORE INFORMATION
For additional information about secure channels, click the article number2 below to view the article2 in the Microsoft Knowledge Base:

175024 Resetting Domain Member Secure Channel

216393 Resetting Computer Accounts in Windows 2000 and Windows XP

For more information about the DnsUpdateProxy group, visit the following Microsoft Web site:

Windows 2000 DNS White Paper

Keywords: kbenv kbnofix kbprb KB314233

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.