Article ID: 314233
Article Last Modified on 3/2/2007
APPLIES TO
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
This article was previously published under Q314233
SYMPTOMS
If you use Active Directory-integrated DNS zones with secure dynamic updates, the server may still be the owner of the records that it registers on behalf of an earlier client (such as a Microsoft Windows NT 4.0-based client) in DNS after you add a Windows 2000-based DHCP server to the built-in DnsUpdateProxy group.
A common scenario for this issue involves a DHCP clustered server. In this scenario, both nodes are in the DnsUpdateProxy group. After a failover, the active node cannot deregister or reregister the DNS records for clients.
RESOLUTION
To resolve this issue, you must reset the secure channel for the DHCP server. If you have a clustered DHCP server, you must reset the secure channel on each node. You can do this either by restarting the DHCP server or each cluster node, or by manually resetting the secure channel.
To manually reset the secure channel, you can you use either Nltest.exe or Netdom.exe. You can reset the secure channel by using either of the following commands:
nltest /server:servername /sc_reset:domainname
netdom reset servername /domain:domainname
Substitute your DHCP server name for servername. Substitute your domain name for domainname.
MORE INFORMATION
For additional information about secure channels, click the article number2 below to view the article2 in the Microsoft Knowledge Base:
175024 Resetting Domain Member Secure Channel
216393 Resetting Computer Accounts in Windows 2000 and Windows XP
For more information about the DnsUpdateProxy group, visit the following Microsoft Web site:
Keywords: kbenv kbnofix kbprb KB314233
