If you are working with, well almost anything network intensive these days, like Antivirus or management tools, your Reverse DNS (rDNS) lookups need to be in good shape. If you find that you can not resolve IP’s back to a name on your network check your DNS REVERSE LOOKUP ZONE. If there are missing entries, you likely have your DHCP missing one of two settings:
SET DHCP TO AUTOMATICALLY CREATE DNS ENTRIES
- Launch DHCP
- Right click on your SCOPE and select PROPERTIES
- Click the DNS tab
- Make sure that the following settings are on
- ENABLE DNS DYNAMIC UPDATES
- ALWAYS DYNAMICALLY UPDATE DNS A AND PTR RECORDS
- DISCARD A AND PTR RECORDS WHEN LEASE IS DELETED
- DYNAMICALLY IPDATE DNSA a AND PTR RECORDS FOR DHCP CLEINTS THAT DO NOT REQUEST UPDATES
- ENABLE DNS DYNAMIC UPDATES
SET CREDENTIALS TO ALLOW DHCP SET TO DYNAMICALLY UPDATED DNS ENTRIES
- Using Active Directory Users and Computers create a standard domain user and set the password to DOES NOT EXPIRE.
- Launch DHCP
- Right click on IPv4 and select PROPERTIES
- Select the ADVANCED tab
- Click the CREDENTIALS button
- Enter the user information you created in step one
This is required if you have DHCP installed on a Domain Controller. It is an issue on Server 2000, 2003, 2008, 2008R2, Server 2012, Server 2012 R2 and will likely be an issue in the newer builds. If you check your servers event viewer you will see EVENT ID 1056:
The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration. Credentials for Dynamic DNS registrations may be configured using the command line “netsh dhcp server set dnscredentials” or via the DHCP Administrative tool.
If you want more information you may find the following useful:
http://technet.microsoft.com/en-us/library/c0e87732-985c-4c9c-83b4-70c679cad748.aspx
http://support.microsoft.com/kb/282001
http://jackstromberg.com/tag/dhcp/
http://social.technet.microsoft.com/Forums/windowsserver/en-US/d97cf295-1345-4be7-bfcd-6d59436d93b2/ttl-times-on-a-records-dns-records-disappearing?forum=winserverNIS
The DHCP service is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service.Microsoft strongly recommends the use of DNSCredentials when you are running the DHCP Server service and DNS services on the same domain controller to ensure the integrity of Secure Dynamic Updates.
A DHCP server can enable dynamic updates in the DNS namespace for any one of its clients that support these updates. Clients can use the DNS dynamic update protocol to update their host name-to-address mapping information whenever changes occur to their DHCP-assigned address. (This mapping information is stored in zones on the DNS server.) A DHCP server can perform updates on behalf of its DHCP clients to any DNS server, but it must first supply proper credentials.
The Netsh.exe tool can be used to configure the impersonation credentials. You must create a dedicated user account in Active Directory Domain Services before you use the Netsh.exe tool to configure the use of impersonation credentials.
========
Events:
========
| Event ID | Source | Message |
| 1055 | Microsoft-Windows-DHCP-Server | The DHCP service was unable to impersonate the credentials necessary for DNS registrations:
%1. The local system credentials are being used. |
| 1056 | Microsoft-Windows-DHCP-Server | The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration. Credentials for Dynamic DNS registrations may be configured using the command line “netsh dhcp server set dnscredentials” or via the DHCP Administrative tool. |
Log Name: System
Source: Microsoft-Windows-DHCP-Server
Date: 20/04/2017 10:54:22 AM
Event ID: 1056
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: Domain.com
Description:
The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration. Credentials for Dynamic DNS registrations may be configured using the command line “netsh dhcp server set dnscredentials” or via the DHCP Administrative tool.
================
Requirements:
================
— Membership in the Administrators or DHCP Administrators group is the minimum required to complete this procedure.
— A “normal” user account with below requirements.
Recommendations for Credentials:
— To configure the credentials you need to use a “normal” user account, not an administrative or privileged account, for the alternate credentials.
— Just make sure to use the Password Never Expires option. There is not need to add this account to any special group. The steps to configure these credentials are documented in http://support.microsoft.com/kb/282001.
— If there are more than one DHCP Server in the environment, try to use the same account for the alternate credentials in all of them.
========================
Resolution:
========================
— Run “netsh dhcp server show dnscredentials” to find any credentials are configured on DHCP server.
C:\Windows\system32>netsh dhcp server show dnscredentials
The credentials used for DNS Dynamic registrations:
User Name :
Domain :
— You can also verify by opening DHCP console.
Under the server(SERVER) → Right Click on IPV4 and go to properties → Go to advance tab → click on Credentials.
Procedure to set credentials:
A) Using the DHCP manager:
- Start → Administrative Tools → DHCP.
- Under server → Right-click the IPv4 or IPv6 → Select Properties.
- Select the Advanced tab → Select credentials.
- Add the user credentials that was previously created..
- Click OK
- You can repeat these same steps to change the DHCP credentials for the updates of IPv6-related DNS entries, except this time you must start from the IPv6 container in the DHCP snap-in.
B) Using CMD:
— Run below command on CMD (Administrator Mode) by replacing UserID & Password.
C:\Windows\system32/netsh dhcp server set dnscredentials UserID Password
Command completed successfully.
— Restart DNS for changes to take effect.
C:\Windows\system32/net stop dhcpserver & net start dhcpserver
The DHCP Server service is stopping.
The DHCP Server service was stopped successfully.
The DHCP Server service is starting…
The DHCP Server service was started successfully.
— To confirm if the credentials has been successfully configured.
C:\Windows\system32/netsh dhcp server show dnscredentials
The credentials used for DNS Dynamic registrations:
Username : UserID
Domain : Domain.com
— Check if below event has been generated.
Log Name: System
Source: Microsoft-Windows-DHCP-Server
Date: 9/11/2016 9:49:34 PM
Event ID: 1044
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Domain.com
Description:
The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain ironworkers.local, has determined that it is authorized to start. It is servicing clients now.
— The event should now be stopped occurring in the eventvwr.
=======
Ref:
=======
- https://technet.microsoft.com/en-us/library/cc774834(v=ws.10).aspx
- http://blogs.technet.com/b/stdqry/archive/2012/04/03/dhcp-server-in-dcs-and-dns-registrations.aspx
Event ID 1056 — DHCP Server DNS Registration
The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration. Credentials for Dynamic DNS registrations may be configured using the command line «netsh dhcp server set dnscredentials» or via the DHCP Administrative tool.
Resolve:
1) create a new domain user account with default properties
C:\Users\Administrator>
netsh dhcp server delete dnscredentials dhcpfullforce
REStart DHCP Server ,
C:\Users\Administrator>
netsh dhcp server set dnscredentials <USERNAME> <DOMAINNAME> <USERPASSWORD>
REStart DHCP Server ,
C:\Users\Administrator>
netsh dhcp server show dnscredentials
You should see something like this:
The credentials used for DNS Dynamic registrations:
User Name : USERNAME
Domain : DOMAINNAME
Имеется виртуальный DC Windows server 2012 R2. Резервного DC пока что нет.
На физическом диске где он размещен много хлама, как результат не доглядел виртуалка приостановилась. Почистил место перезапустил виртуалку. Теперь нормально DHCP сервер не работает. Не возможно получить IP адрес по DHCP с этого сервера, невозможно зарезервировать IP адрес. При этом те адреса которые были зарезервированы ранее работают нормально, НО если удалить адрес из резервации то он перейдет в BAD_ADRESS а затем по истечению срока аренды как и для остальных компов я не смогу получить с него адрес либо зарезервировать.
Ошибка при попытке вручную резервировать адрес:
Ошибка при обращении к базе данных DHCP, дополнительные сведения об этой ошибке содержатся в журнале событий DHCP-сервера.
В журнале «журналы приложений и служб-> microsoft->DHCP Server-> Microsoft-Windows-DHCP Server Events/admin «:
Событие 20287
Запрос DHCP-клиента из 00155D000290 был отброшен, так как в применимых диапазонах IP-адресов области или суперобласти Scope1 нет доступных IP-адресов. Причиной этого может быть отсутствие доступных IP-адресов в диапазонах IP-адресов политики
В общих журналах, журнале «Приложение»:
Событие 11
Возможная утечка памяти. Приложение («C:\Windows\system32\mmc.exe» «C:\Windows\system32\dhcpmgmt.msc» ) (PID: 2572) передало указатель, не допускающий значения NULL, в RPC для параметра [out], помеченного [allocate(all_nodes)]. параметры [allocate(all_nodes)] всегда перераспределяются; если исходный указатель содержит адрес допустимой памяти, произойдет ее утечка. Вызов поступил на интерфейс с UUID ({6bffd098-a112-3610-9833-46c3f874532d}), Номер метода (18). Действие пользователя: Обратитесь к поставщику за обновленной версией приложения.
Событие 6005 (х3 но может быть связано с DHCP сервером соыбите)
Подписчик уведомлений winlogon тратит слишком много времени на обработку события уведомления (CreateSession).
В общих журналах, журнале «Система»:
Событие 1041
Служба DHCP не обслуживает клиентов DHCPv4, поскольку ни один активный сетевой интерфейс не имеет статически настроенного IPv4-адреса либо активных интерфейсов нет.
Событие 1059
Служба DHCP не смогла обнаружить папку для авторизации сервера.
Событие 1342
В диапазоне IP-адресов области Scope1 нет доступных IP-адресов.
Событие 1063
Для аренды области или суперобласти «Scope1» нет IP-адреса.
Событие 1056 (выполнял рекомендацию netsh dhcp server set dnscredentials — не помогло)
Служба DHCP обнаружила, что она запущена на контроллере домена (DC) и не имеет учетных данных, настроенных для использования с динамическими DNS-регистрациями, производимыми службой DHCP. Подобная конфигурация безопасности не рекомендуется. Учетные данные динамических DNS-регистраций можно настроить с помощью утилиты командной строки «netsh dhcp server set dnscredentials» или с помощью программы администрирования DHCP.
Событие 1065
Были удалены некоторые потерянные элементы конфигурации из-за удаления класса или определения параметра. Проверьте конфигурацию сервера.
Короче всё весело я х3 что делать. Бэкапа dhcp базы отдельного нету. Бэкапа виртуалки тоже нету. Что произойдет если я деактивирую и активирую скобу? Надо ли в таком случае заново выполнять резервирование и настройки, или не поможет? Второй вариант переустановить роль DHCP сервера?