WTF! You mean merely creating the relevant Reverse Lookup zone and making sure that your computers are properly registering their PTRs in there did NOT fix the problem for you?
Sincerely,
D�j� Ak�m�l�f�, MCSE MCSA MCP+I
D�j� Ak�m�l�f�, MCSE MCSA MCP+I
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
From: Thommes, Michael M.
Sent: Wed 10/6/2004 6:41 PM
To: Tony Machotka; [EMAIL PROTECTED]
Subject: RE: [ActiveDir] DNS/prisoner.iana.org Error/40961 error
Hi Tony,
I checked also and could not find a trace of my posting to the Active Directory newsgroup, so I am reposting it to you and them:
Yep! Worked with Microsoft and came up with the following registry changes:
===================================================================================
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters]
"RegisterDnsARecords"=dword:00000000
"DnsUpdateOnAllAdapters"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
"DisableDynamicUpdate"=dword:00000001
===================================================================================
The problem/solution is detailed here:
Problem:
Windows Server 2003 DC's are reporting event 40961 every hour. Currently the only dynamic updates that are allowed are for SRV records in the underscore zone. A BIND server is the SOA for xxx.xxx which does not allow DDNS updates.
Resolution:
The 40961 errors were being caused by the DHCP client service attempting to dynamically update it's A and PTR records. That behavior can be turned off via the DisableDynamicUpdate key.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
Add a DWORD value DisableDynamicUpdate and set it to 1
We set it to be global, so if there are multiple NICs in any of the servers, it would stop all of the NICs from registering. Note that the same can be done via the network control panel and un-checking the register this adapter.
Once that key is set, no updates will be allowed so we had to tell netlogon to ignore this via the following registry setting:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters
and add a DWORD value DnsUpdateOnAllAdapters and set it to 1.
Netlogon will now be able to register A and SRV records. We have also turned off netlogon from registering A records via the following registry setting:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters\
and add a DWORD value RegisterDnsARecords and set it to 0.
Note that the registry key DnsUpdateOnAllAdapters is referenced in a KB article 280439. This article explains theregistry key, though it only makes reference to Windows 2000. I have requested the article be updated to include Server 2003. I have also created an internal article explaining this behavior.
Mike Thommes
-----Original Message-----
From: Tony Machotka [mailto:[EMAIL PROTECTED]
Sent: Wed 10/6/2004 7:42 PM
To: Thommes, Michael M.
Cc:
Subject: RE: [ActiveDir] DNS/prisoner.iana.org Error
Michael,
I ran across your posting to the Active Directory Mail Archive list in
response to Noah Eiger dated Mon, 20 Sep 2004 regarding the
DNS/prisoner.iana.org Error he was getting on his server.
You mentioned that you could send him the solution to his eventid issue if
he couldn't find it. Well, I couldn't find it in the list and would very
much appreciate a copy of that solution if you're so inclined.
Thanks in Advance,
Tony Machotka
Tosuma Technology Consulting
[EMAIL PROTECTED]
List info : http://www.activedir.org/mail_list.htm
List FAQ : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
