Microsoft KB Archive/826743

From BetaArchive Wiki

PSS ID Number: 826743

Article Last Modified on 4/15/2004


The information in this article applies to:

  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Datacenter Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows XP Professional
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Professional



Important This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry


SYMPTOMS

Clients cannot dynamically register DNS records in a single-label forward lookup zone. Specific symptoms vary according to the version of Microsoft Windows that is installed. The following list describes the symptoms:

  • After you install Microsoft Windows Service Pack 4 (SP4), all domain controllers may not be able to register DNS records. The system event log of the domain controller may consistently log NETLOGON 5781 warnings that are similar to the following example: Event Type: Warning
    Event Source: NETLOGON
    Event Category: None
    Event ID: 5781
    Description: Dynamic registration or deregistration of one or more DNS records failed because no DNS servers are available.

    Data Words: 0000: 0000232a Note Status code 0000232a maps to the DNS_ERROR_RCODE_SERVER_FAILURE error code.
  • The following are additional status codes and error codes that may appear in log files such as Netdiag.log:

    DNS Error Code: 0x0000251D = DNS_INFO_NO_RECORDS

    DNS_ERROR_RCODE_ERROR

    RCODE_SERVER_FAILURE

  • Windows 2000 SP4-based computers will not register in a single-label domain. A warning that is similar to the following example is recorded in the system event log of the computer: Event Type: Warning
    Event Source: DnsApi
    Event Category: None
    Event ID: 11151
    Description: The system failed to register network adapter with settings:

    Adapter Name : {89317B1A-C246-4C7B-81D5-2CA8930EB721}
    Host Name : FileServer
    Adapter-specific Domain Suffix : domain.local
    DNS server list :
    209.242.21.82, 209.242.0.2, 209.242.0.5
    Sent update to server : None
    IP Address(es) : 192.168.127.254

    The cause of this DNS registration failure was because of DNS server failure.
    This may be due to a zone transfer that has locked the DNS server for the applicable zone that your computer needs to register itself with.
    (The applicable zone should typically correspond to the Adapter-specific Domain Suffix that was indicated above.)
    You can manually retry registration of the network adapter and its settings by typing "ipconfig /registerdns" at the command prompt. If problems still persist, contact your network systems administrator to verify network conditions.
  • A Microsoft Windows Server 2003-based computer is not updating its SRV records and its host records in the DNS zone.
  • Clients with fresh installations of Microsoft Windows XP cannot register with DNS dynamic update protocol on a DNS server. A message that is similar to the following example is recorded in the Windows XP system event log: Event Type: Warning
    Event ID: 11165
    Source: DnsApi
    Description: The system failed to register host (A) resource records (RRs) for network adapter with settings:

    Adapter Name : {8E866057-FDA9-4EBE-9F99-4D530A2933FD}
    Host Name : SV2019
    Primary Domain Suffix : mydom
    DNS server list : 192.168.213.100, 204.246.1.20
    Sent update to server : <?>
    IP Address(es) : 192.168.213.101

    The reason the system could not register these RRs was because the DNS server contacted refused the update request.
    The reasons for this might be (a) you are not allowed to update the specified DNS domain name, or (b) because the DNS server authoritative for this name does not support the DNS dynamic update protocol.

    To register the DNS host (A) resource records using the specific DNS domain name and IP addresses for this adapter, contact your DNS server or network systems administrator.


CAUSE

These issues may occur for either one of the following reasons if you have implemented a single-label domain namespace:

  • Starting with Windows 2000 SP4, the default setting for dynamically registering DNS records changed. In Windows 2000 SP4 and later, Windows does not dynamically register DNS records in a single-label domain.
  • By default, Windows XP, Windows Server 2003, and Windows 2000 SP4 and later do not send updates to top-level domains. You can change this behavior by using one of the methods that is shown in the "Resolution" section of this article.


RESOLUTION

Microsoft does not recommend that you use Active Directory directory service domains with single-label DNS names. If you want to keep your single-label DNS structure, use one of the following methods to allow Windows-based clients to perform dynamic updates to single-label DNS zones.

Method 1: Use Registry Editor

Warning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

  1. On a client that is trying to dynamically update the single-label DNS zone, start Registry Editor.

    Note The term "client" also applies to domain controllers.
  2. Locate one of the following subkeys, depending on the client's operating system:
    • Windows XP or Windows 2000 SP4:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DnsCache\Parameters

    • Windows Server 2003:

      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient



      IMPORTANT If the DNSClient subkey does not exist, you must create it. To do so:

      1. Right-click the following subkey:

        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT

      2. Point to New, and then click Key.
      3. Type DNSClient, and then press ENTER.
  3. Right-click the subkey, point to New, and then click DWORD Value.
  4. Type UpdateTopLevelDomainZones, and then press ENTER.
  5. Right-click the AllowSingleLabelDnsDomain entry, and then click Modify.
  6. In the Value data box, type 1.
  7. To enable Active Directory domain members (clients, domain controllers, and DNS servers) to use DNS to locate domain controllers in domains with single-label DNS names, locate the following subkey:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters

  8. Right-click the subkey, point to New, and then click DWORD Value.
  9. Type AllowSingleLabelDnsDomain, and then press ENTER.
  10. Right-click the UpdateTopLevelDomainZones entry, and then click Modify.
  11. In the Value data box, type 1.
  12. Repeat steps 1 through 11 for other clients that are trying to dynamically update the single-label DNS zone.
  13. For the changes to take effect, restart the computers where you changed the registry keys.

Summary of registry settings

The following list summarizes the registry entry settings that you create by using Method 1. For your convenience, this list is organized by operating system and by the computer's role in the domain.For Windows 2000 SP4 domain clients, for Windows 2000 SP4 domain controllers, and for Windows XP domain membersSubkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DnsCache\Parameters
Entry name: UpdateTopLevelDomainZones
Data type: DWORD
Value: 1

Subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
Entry name: AllowSingleLabelDnsDomain
Data type: DWORD
Value: 1For Windows Server 2003 domain members and for Windows Server 2003 domain controllersSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\DNSClient
Entry name: UpdateTopLevelDomainZones
Data type: DWORD
Value: 1

Subkey: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
Entry name: AllowSingleLabelDnsDomain
Data type: DWORD
Value: 1

Method 2: Use Group Policy

Using Group Policy, enable the Update Top Level Domain Zones policy under the following folder on the root domain container in Users and Computers or on all organizational units (OUs) that host machine accounts for member computers and for domain controllers in the domain:

ComputerConfiguration\AdministrativeTemplates\Network\DNS Client


Note This policy is supported only on Windows Server 2003-based computers and on Windows XP-based computers.

To enable this policy, follow these steps on the root domain container:

  1. Click Start, click Run, type gpedit.msc, and then click OK.
  2. Under Local Computer Policy, expand Computer Configuration.
  3. Expand Administrative Templates.
  4. Expand Network.
  5. Click DNS Client.
  6. In the right pane, double-click Update Top Level Domain Zones.
  7. Click Enabled.
  8. Click Apply, and then click OK.
  9. Quit Group Policy.

For additional information about this new policy, click the following article number to view the article in the Microsoft Knowledge Base:

294785 New group policies for DNS in Windows Server 2003


The following article describes in detail how to use Group Policy Editor to change local policy settings for computers in all OUs that host machine accounts for member computers and domain controllers in the domain.

307882 HOW TO: Use the Group Policy Editor to manage local computer policy in Windows XP


On DNS servers, make sure that root servers are not created unintentionally. You may have to delete the root zone "." on the Windows 2000-based DNS server to have the DNS records correctly declared. (The root zone is automatically created when DNS is installed because it cannot reach the root hints. This issue was corrected in Windows Server 2003.)

Root servers may be created by the DCpromo Wizard. If the "." zone exists, a root server has been created. You may have to remove this zone for name resolution to work correctly.

New and modified DNS policy settings for Windows Server 2003

  • The Update Top Level Domain Zones policy

    If this policy is specified, it creates a REG_DWORD UpdateTopLevelDomainZones entry under the following registry subkey:

    HKLM\Software\Policies\Microsoft\Windows NT\DNSClient

    The following are the entry values for UpdateTopLevelDomainZones:

    • Enabled (0x1). An 0x1 setting means that computers may try to update the TopLevelDomain zones. That is, if the UpdateTopLevelDomainZones setting is enabled, computers that have this policy applied send dynamic updates to any zone that is authoritative for the resource records that the computer must update, except for the root zone.
    • Disabled (0x0). An 0x0 setting means that computers may not try to update the TLD zones. That is, if this setting is disabled, computers that have this policy applied do not send dynamic updates to the root zone or to the top-level domain zones that are authoritative for the resource records that the computer must update. If this setting is not configured, the policy is not applied to any computers, and computers use their local configuration.
  • The Register PTR Records policy

    A new possible value, 0x2, of the REG_DWORD RegisterReverseLookup entry was added under the following registry subkey:

    HKLM\Software\Policies\Microsoft\Windows NT\DNSClient

    The following are the entry values for RegisterReverseLookup:

    • 0x2 - Register only if A record registration succeeds. Computers try PTR resource records registration only if they successfully registered the corresponding A resource records.
    • 0x1 - Register. Computers try PTR resource records registration regardless of the success of the A records registration.
    • 0x0 - Do not register. Computers never try PTR resource records registration.

For additional information about the single-label domain name issue, click the following article number to view the article in the Microsoft Knowledge Base:

300684 Information about configuring Windows for domains with single-label DNS names


MORE INFORMATION

The event ID 5781 Netlogon warning is seen on Active Directory-integrated DNS servers and on domain controllers with the Allow Dynamic Updates policy setting enabled.

If the registry entries that are described in Method 1 are present in the registry and if their values are set to 1, dynamic updates to the top-level domain zone will occur successfully.

By default, the registry entries are not present. If they are not present, or if they are present and if their values are set to 0, dynamic updates to the top-level domain zones will not succeed. The RCODE_SERVER_FAILURE error code will appear on the screen, or the following error code will appear in the DNS section of the log file if you run the Netdiag.exe diagnostic utility:DNS test . . . . . . . . . . . . . : Passed
Interface {6B1ED1B7-626E-4DDF-A4EB-B6A196573563}
DNS Domain:
DNS Servers: 172.20.200.72 172.20.200.30
IP Address: 172.20.200.30
Expected registration with PDN (primary DNS domain name):
Hostname: DC01.mydom.
[WARNING] Cannot find a primary authoritative DNS server for the name
'DC01.mydom.'. [RCODE_SERVER_FAILURE]
The name 'DC01.mydom.' may not be registered in DNS.

REFERENCES

For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

300684 Information about configuring Windows for domains with single-label DNS names


254680 DNS namespace planning


285983 Considerations for designing namespaces in Windows 2000-based domains


294785 New group policies for DNS in Windows Server 2003


324601 Support WebCast: Domain controller promotion: The process and how to troubleshoot it



Additional query words: DDNS promote DCPROMO forward lookup zone backward PTR, active directory, SP4, dnsapi.dll, single label AD zone, AllowSingleLabelDnsDomainName, TLD, lable, Netlogon, DC Domain Controller, DNS_ERROR_RCODE_ERROR, RCODE_SERVER_FAILURE

Keywords: KB826743
Technology: kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000Pro kbwin2000ProSearch kbwin2000Search kbwin2000Serv kbwin2000ServSearch kbWinAdvServSearch kbWinServ2003Data kbWinServ2003DataSearch kbWinServ2003Ent kbWinServ2003EntSearch kbWinServ2003Search kbWinServ2003St kbWinXPPro kbWinXPProSearch kbWinXPSearch



Send feedback to Microsoft

© 2004 Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/826743&oldid=333752
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki