Unsolved
This post is more than 5 years old
51 Posts
0
424
February 26th, 2008 08:00
Problem with Dynamic DNS
Hi,
This is my first time here. I've been working and researching on this problem that got my head hurt. Hopefully you guys can assist me.
We periodically have CIFS servers that start having problem update its "A" record to DNS server using DDNS. I've verified that DNS server is allowing update and also allowing secure update. I've also verified the CIFS server has secure update. This happened to the CIFS servers that had been working just fine and all the sudden started having problem. They were properly joined. This also happen on 1 out of 4 CIFS that on the same physical data movers. I tried to unjoin and rejoin and still getting this error message every 20 minutes.
Update of "A" record failed during update: Operation refused for policy or security reasons
I've worked AD people and Windows people and checked everything that we could check and found nothing. Have any of you guys experience this type of problems?
Thanks in advance for your help.
HT
This is my first time here. I've been working and researching on this problem that got my head hurt. Hopefully you guys can assist me.
We periodically have CIFS servers that start having problem update its "A" record to DNS server using DDNS. I've verified that DNS server is allowing update and also allowing secure update. I've also verified the CIFS server has secure update. This happened to the CIFS servers that had been working just fine and all the sudden started having problem. They were properly joined. This also happen on 1 out of 4 CIFS that on the same physical data movers. I tried to unjoin and rejoin and still getting this error message every 20 minutes.
Update of "A" record failed during update: Operation refused for policy or security reasons
I've worked AD people and Windows people and checked everything that we could check and found nothing. Have any of you guys experience this type of problems?
Thanks in advance for your help.
HT
jimg5
90 Posts
0
February 27th, 2008 05:00
I got the following suggestion from the subject matter expert:
This error indicates the DNS server refuses the dynamic update because there might be a security conflict on the DNS A record of the CIFS server is attempting to update.
First the DNS server must support DDNS. I guess it supports since it seems working for other CIFS servers of the dart, assuming they are in the same DNS domain.
I suggest having a look at the DNS server responsible of the DNS zone for the domain. You will probably find an A record of the CIFS server in conflict. Then check in the security tab of this record and compare it with another A record of a CIFS server which does not have update issue.
In a ¿correct¿ record, you should normally find the machine account name $NETBIOS_NAME in the list of ACE. In a ¿wrong¿ record, you should find instead another computer name than the CIFS server of the dart, or ¿SID-1¿¿ string, meaning the A record entry is owned by an old computer account machine.
This entry should be then removed manually by the DNS administrator.
Let me know how if this was helpful.
Jim