2 Replies Latest reply on Apr 12, 2016 8:24 AM by mikegale

    DNSUpdate won't update DNS during FailOver


      I'm still building out our new environment with one core and 8 additional pollers and have noticed that DNSUpdate doesn't function. FoE is installed and seems to work fine except for the DNSUpdate piece. I'm looking for some logs that could help our Active Directory team (who maintains DNS) troubleshoot why it's not working. They have just made the service account I'm using a full DNSAdmin and they are saying the account should have rights to do pretty much anything in DNS. Unfortunately, it's not changing the entry when I fail over. Any help troubleshooting this would be greatly appreciated.



        • Re: DNSUpdate won't update DNS during FailOver
          1. Create a dedicated domain username that will be used only for the DNSUpdate process.
          2. Add the following necessary permissions:

            Note: These steps should be performed on all the Microsoft DNS servers that will need to have records updated / zone refreshed during a switchover or a failover.

            1. Membership in the BUILTIN\Distributed COM Users group.
            2. Membership in the DNSAdmins group (domain wide) OR equivalent via ACLs on the DNS server / zones.
            3. Remote Enable permissions for the ROOT\MicrosoftDNS WMI namespace. Follow the steps below to do this:
              1. Go to Start > Run and type wmimgmt.msc, then click OK.
              2. Right-click on WMI Control (Local) and select Properties.
              3. Select the Security tab.
              4. Expand ROOT, navigate to MicrosoftDNS and select the namespace.
              5. Click on the Security button at the bottom right of the window. This action edits the security settings for the Root\MicrosoftDNS WMI namespace.
              6. Click Advanced.
              7. Add the designated DNSUpdate user to the list, and select Allow for at least the Remote Enable permission.
              8. Click OK (on all windows opened previously) to save the new permissions.
            4. Only for DNS Serves running on Windows 2003:
              1. From Start > All Programs > Administrative Tools, open DNS.
              2. Right click the name of the DNS server and select Properties.
              3. Select the Security tab.
              4. Add the DNSAdmins group to the list and give it Full Control.
              5. Click OK on all windows open previously to save the new security settings.
          3. Test the DNSUpdate task, while being run under the new user, by performing a switchover / switchback.
          1 of 1 people found this helpful
            • Re: DNSUpdate won't update DNS during FailOver

              Thanks for the feedback and sorry it has taken this long to respond. The fix for us was letting the switchover task actually create the DNS record. We started out with a manually created DNS record with the correct permissions and access levels and that did not work. We then deleted the DNS record and performed a switchover which created a new record and now it works fine. Sometimes it takes a while for the change to populate across servers but that's something our Active Directory team will need to tweak.