Hi Tony,
I checked also and could not find a trace of my posting to the Active Directory
newsgroup, so I am reposting it to you and them:
Yep! Worked with Microsoft and came up with the following registry changes:
===================================================================================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"RegisterDnsARecords"=dword:00000000
"DnsUpdateOnAllAdapters"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DisableDynamicUpdate"=dword:00000001
===================================================================================
The problem/solution is detailed here:
Problem:
Windows Server 2003 DC's are reporting event 40961 every hour. Currently the only
dynamic updates that are allowed are for SRV records in the underscore zone. A BIND
server is the SOA for xxx.xxx which does not allow DDNS updates.
Resolution:
The 40961 errors were being caused by the DHCP client service attempting to
dynamically update it's A and PTR records. That behavior can be turned off via the
DisableDynamicUpdate key.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
Add a DWORD value DisableDynamicUpdate and set it to 1
We set it to be global, so if there are multiple NICs in any of the servers, it would
stop all of the NICs from registering. Note that the same can be done via the network
control panel and un-checking the register this adapter.
Once that key is set, no updates will be allowed so we had to tell netlogon to ignore
this via the following registry setting:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
and add a DWORD value DnsUpdateOnAllAdapters and set it to 1.
Netlogon will now be able to register A and SRV records. We have also turned off
netlogon from registering A records via the following registry setting:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\
and add a DWORD value RegisterDnsARecords and set it to 0.
Note that the registry key DnsUpdateOnAllAdapters is referenced in a KB article
280439. This article explains theregistry key, though it only makes reference to
Windows 2000. I have requested the article be updated to include Server 2003. I have
also created an internal article explaining this behavior.
Mike Thommes
-----Original Message-----
From: Tony Machotka [mailto:[EMAIL PROTECTED]
Sent: Wed 10/6/2004 7:42 PM
To: Thommes, Michael M.
Cc:
Subject: RE: [ActiveDir] DNS/prisoner.iana.org Error
Michael,
I ran across your posting to the Active Directory Mail Archive list in
response to Noah Eiger dated Mon, 20 Sep 2004 regarding the
DNS/prisoner.iana.org Error he was getting on his server.
You mentioned that you could send him the solution to his eventid issue if
he couldn't find it. Well, I couldn't find it in the list and would very
much appreciate a copy of that solution if you're so inclined.
Thanks in Advance,
Tony Machotka
Tosuma Technology Consulting
[EMAIL PROTECTED]
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
