No announcement yet.

Problem with AD-Integrated DNS

  • Filter
  • Time
  • Show
Clear All
new posts

  • Problem with AD-Integrated DNS

    We're seeing many of our clients with the error below. We've got an AD-Integrated DNS environment with three DCs (Server 2008R2) in two AD sites. When I look at the DNS zone properties, dynamic updates are set to "Secure only" and we're set to scavange stale resource records. The no-refresh and refresh intervals are both three days.
    Event Type: Warning
    Event Source: DnsApi
    Event Category: None
    Event ID: 11163
    Date: 10/21/2011
    Time: 12:04:47 AM
    User: N/A
    Computer: computerName
    The system failed to register host (A) resource records (RRs) for network adapter with settings:

    Adapter Name : {4289B34B-E624-4D58-89AC-19784205E70F}
    Host Name : computerName Primary Domain Suffix :
    DNS server list :,,
    Sent update to server :
    IP Address(es) :

    The reason the system could not register these RRs was because the DNS server failed the update request. The most likely cause of this is that the authoritative DNS server required to process this update request has a lock in place on the zone, probably because a zone transfer is in progress.

    You can manually retry DNS registration of the network adapter and its settings by typing "ipconfig /registerdns" at the command prompt. If problems still persist, contact your DNS server or network systems administrator.

    For more information, see Help and Support Center at
    0000: 2d 23 00 00 -#..
    Since this is widespread and running "ipconfig /registerdns" doesn't seem to help, I don't think a zone transfer in in progress.

    I ran dcdiag on a DC and got back the following result for each DC:

    TEST: Delegations (Del)
    Error: DNS server: IP:
    [Broken delegated domain]
    Error: DNS server: IP:
    [Broken delegated domain]
    Error: DNS server: IP:
    [Broken delegated domain]
    What does that mean and could it be related to our dynamic update failure?

    I supposed it goes without saying, but looking at the list of DNS entries on the server shows a bunch of mis-matches. How would I go about finding and fixing the source of this issue?

  • #2
    Re: Problem with AD-Integrated DNS

    you have an entry somewhere in your zone file that is missing the trailing .

    That's what it looks like.. and it's makin a mess of your delegation. consider removing, or re-creating, your delegations.
    Please do show your appreciation to those who assist you by leaving Rep Point


    • #3
      Re: Problem with AD-Integrated DNS

      That sounds like a reasonable resolution to the second message but I'm not sure how that'd cause the first.


      • #4
        Re: Problem with AD-Integrated DNS

        I was caught out once with DCDIAG in windows 2008 and R2. Did you explicitly run CMD as administrator when running the DCDIAG within it? You probably did but just in case.