"Clayton" <claytonbNOSPAM@xtra.co.nz> wrote in message
news:eEcFf$T7JHA.1372@TK2MSFTNGP05.phx.gbl...
> Hi,
> I have several XP machines logging on to a domain (Server 2003) using the
> same username (to keep things simple) and all has been going ok for
> several months until Saturday morning when no machines could logon or from
> what I hear from the users took ages to logon, then the server had been
> restarted, then today Monday, same thing happened, had to restart the
> server before the workstations could logon.
> I have gone into the Event Viewer and found the follow error
>
> Event Type: Warning
> Event Source: DhcpServer
> Event Category: None
> Event ID: 1056
> Date: 13/06/2009
> Time: 9:02:06 a.m.
> User: N/A
> Computer: CCSBS001
> Description:
> The DHCP service has detected that it is running on a DC and has  no
> credentials configured for use with Dynamic DNS registrations  initiated
> by the DHCP service.   This is not a recommended security configuration.
> Credentials for Dynamic DNS registrations may be configured using the
> command line "netsh dhcp server set dnscredentials" or via the  DHCP
> Administrative tool.
>
> For more information, see Help and Support Center at
> http://go.microsoft.com/fwlink/events.asp.
>
> I have no idea where to start
>
> Thanks

"Ace Fekay [Microsoft Certified Trainer]" <ace***@mvps.RemoveThisPart.org>
wrote in message news:eWrDk3W7JHA.1424@TK2MSFTNGP02.phx.gbl...
> "Clayton" <claytonbNOSPAM@xtra.co.nz> wrote in message
> news:eEcFf$T7JHA.1372@TK2MSFTNGP05.phx.gbl...
>> Hi,
>> I have several XP machines logging on to a domain (Server 2003) using the
>> same username (to keep things simple) and all has been going ok for
>> several months until Saturday morning when no machines could logon or
>> from what I hear from the users took ages to logon, then the server had
>> been restarted, then today Monday, same thing happened, had to restart
>> the server before the workstations could logon.
>> I have gone into the Event Viewer and found the follow error
>>
>> Event Type: Warning
>> Event Source: DhcpServer
>> Event Category: None
>> Event ID: 1056
>> Date: 13/06/2009
>> Time: 9:02:06 a.m.
>> User: N/A
>> Computer: CCSBS001
>> Description:
>> The DHCP service has detected that it is running on a DC and has  no
>> credentials configured for use with Dynamic DNS registrations  initiated
>> by the DHCP service.   This is not a recommended security configuration.
>> Credentials for Dynamic DNS registrations may be configured using the
>> command line "netsh dhcp server set dnscredentials" or via the  DHCP
>> Administrative tool.
>>
>> For more information, see Help and Support Center at
>> http://go.microsoft.com/fwlink/events.asp.
>>
>> I have no idea where to start
>>
>> Thanks
>
>
> Create a non-admin user account. Add the account to the DnsUpdateProxy
> group. Go into DHCP console, right click the server name, properties, last
> tab to the right, select the credentials tab, and enter the user account
> you created and it's password. This way the DHCP server can register
> machines into DNS as well as update the registrations when machines get a
> new or different IP than the last one they had, else DHCP cannot update
> any records, and will simply create a new record with the same name but
> with a different IP.
>
> Configure DNS dynamic update credentials: Dynamic Host ...Jan 21, 2005 ...
> To configure DNS dynamic update credentials. Open DHCP. In the console
> tree, click the applicable DHCP server. Where? DHCP/applicable DHCP ...
> http://technet.microsoft.com/en-us/library/cc775839(WS.10).aspx
>
> I would also suggest to implement Scavenging in DNS.
>
> How to configure DNS dynamic updates in Windows Server 2003.
> http://support.microsoft.com/kb/816592
>
> Using DNS Aging and ScavengingAging and scavenging of stale resource
> records are features of Domain Name System (DNS) that are available when
> you deploy your server with primary zones.
> http://technet.microsoft.com/en-us/library/cc757041.aspx
>
> Microsoft Enterprise Networking Team : Don't be afraid of DNS ...Mar 19,
> 2008 ... DNS Scavenging is a great answer to a problem that has been
> nagging everyone since RFC 2136 came out way back in 1997.
> http://blogs.technet.com/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
> Microsoft Certified Trainer
> ace***@mvps.RemoveThisPart.org
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> "Efficiency is doing things right; effectiveness is doing the right
> things." - Peter F. Drucker
> http://twitter.com/acefekay
>
>

"Clayton" <claytonbNOSPAM@xtra.co.nz> wrote in message
news:uENgr$X7JHA.5780@TK2MSFTNGP04.phx.gbl...
> How about if I disable DNS and DHCP on there server and allocate each
> computer it's IP address and DNS address's from the ISP?
>
>
> "Ace Fekay [Microsoft Certified Trainer]" <ace***@mvps.RemoveThisPart.org>
> wrote in message news:eWrDk3W7JHA.1424@TK2MSFTNGP02.phx.gbl...
>> "Clayton" <claytonbNOSPAM@xtra.co.nz> wrote in message
>> news:eEcFf$T7JHA.1372@TK2MSFTNGP05.phx.gbl...
>>> Hi,
>>> I have several XP machines logging on to a domain (Server 2003) using
>>> the same username (to keep things simple) and all has been going ok for
>>> several months until Saturday morning when no machines could logon or
>>> from what I hear from the users took ages to logon, then the server had
>>> been restarted, then today Monday, same thing happened, had to restart
>>> the server before the workstations could logon.
>>> I have gone into the Event Viewer and found the follow error
>>>
>>> Event Type: Warning
>>> Event Source: DhcpServer
>>> Event Category: None
>>> Event ID: 1056
>>> Date: 13/06/2009
>>> Time: 9:02:06 a.m.
>>> User: N/A
>>> Computer: CCSBS001
>>> Description:
>>> The DHCP service has detected that it is running on a DC and has  no
>>> credentials configured for use with Dynamic DNS registrations  initiated
>>> by the DHCP service.   This is not a recommended security configuration.
>>> Credentials for Dynamic DNS registrations may be configured using the
>>> command line "netsh dhcp server set dnscredentials" or via the  DHCP
>>> Administrative tool.
>>>
>>> For more information, see Help and Support Center at
>>> http://go.microsoft.com/fwlink/events.asp.
>>>
>>> I have no idea where to start
>>>
>>> Thanks
>>
>>
>> Create a non-admin user account. Add the account to the DnsUpdateProxy
>> group. Go into DHCP console, right click the server name, properties,
>> last tab to the right, select the credentials tab, and enter the user
>> account you created and it's password. This way the DHCP server can
>> register machines into DNS as well as update the registrations when
>> machines get a new or different IP than the last one they had, else DHCP
>> cannot update any records, and will simply create a new record with the
>> same name but with a different IP.
>>
>> Configure DNS dynamic update credentials: Dynamic Host ...Jan 21, 2005
>> ... To configure DNS dynamic update credentials. Open DHCP. In the
>> console tree, click the applicable DHCP server. Where? DHCP/applicable
>> DHCP ...
>> http://technet.microsoft.com/en-us/library/cc775839(WS.10).aspx
>>
>> I would also suggest to implement Scavenging in DNS.
>>
>> How to configure DNS dynamic updates in Windows Server 2003.
>> http://support.microsoft.com/kb/816592
>>
>> Using DNS Aging and ScavengingAging and scavenging of stale resource
>> records are features of Domain Name System (DNS) that are available when
>> you deploy your server with primary zones.
>> http://technet.microsoft.com/en-us/library/cc757041.aspx
>>
>> Microsoft Enterprise Networking Team : Don't be afraid of DNS ...Mar 19,
>> 2008 ... DNS Scavenging is a great answer to a problem that has been
>> nagging everyone since RFC 2136 came out way back in 1997.
>> http://blogs.technet.com/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx
>>
>> --
>> Ace
>>
>> This posting is provided "AS-IS" with no warranties or guarantees and
>> confers no rights.
>>
>> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
>> Microsoft Certified Trainer
>> ace***@mvps.RemoveThisPart.org
>>
>> For urgent issues, you may want to contact Microsoft PSS directly. Please
>> check http://support.microsoft.com for regional support phone numbers.
>>
>> "Efficiency is doing things right; effectiveness is doing the right
>> things." - Peter F. Drucker
>> http://twitter.com/acefekay
>>
>>

"Bill Grant" <not.available@online> wrote in message
news:ObPz#5Z7JHA.2456@TK2MSFTNGP02.phx.gbl...
>  No, that won't do. If you are using Active Directory, the clients must
> use the local DNS server, not a DNS server at your ISP.
>    Domain members use DNS to find domain resources (including the logon
> server). The DNS server at your ISP cannot do the job for you.
>
> "Clayton" <claytonbNOSPAM@xtra.co.nz> wrote in message
> news:uENgr$X7JHA.5780@TK2MSFTNGP04.phx.gbl...
>> How about if I disable DNS and DHCP on there server and allocate each
>> computer it's IP address and DNS address's from the ISP?
>>
>>
>> "Ace Fekay [Microsoft Certified Trainer]"
>> <ace***@mvps.RemoveThisPart.org> wrote in message
>> news:eWrDk3W7JHA.1424@TK2MSFTNGP02.phx.gbl...
>>> "Clayton" <claytonbNOSPAM@xtra.co.nz> wrote in message
>>> news:eEcFf$T7JHA.1372@TK2MSFTNGP05.phx.gbl...
>>>> Hi,
>>>> I have several XP machines logging on to a domain (Server 2003) using
>>>> the same username (to keep things simple) and all has been going ok for
>>>> several months until Saturday morning when no machines could logon or
>>>> from what I hear from the users took ages to logon, then the server had
>>>> been restarted, then today Monday, same thing happened, had to restart
>>>> the server before the workstations could logon.
>>>> I have gone into the Event Viewer and found the follow error
>>>>
>>>> Event Type: Warning
>>>> Event Source: DhcpServer
>>>> Event Category: None
>>>> Event ID: 1056
>>>> Date: 13/06/2009
>>>> Time: 9:02:06 a.m.
>>>> User: N/A
>>>> Computer: CCSBS001
>>>> Description:
>>>> The DHCP service has detected that it is running on a DC and has  no
>>>> credentials configured for use with Dynamic DNS registrations
>>>> initiated by the DHCP service.   This is not a recommended security
>>>> configuration. Credentials for Dynamic DNS registrations may be
>>>> configured using the command line "netsh dhcp server set
>>>> dnscredentials" or via the  DHCP Administrative tool.
>>>>
>>>> For more information, see Help and Support Center at
>>>> http://go.microsoft.com/fwlink/events.asp.
>>>>
>>>> I have no idea where to start
>>>>
>>>> Thanks
>>>
>>>
>>> Create a non-admin user account. Add the account to the DnsUpdateProxy
>>> group. Go into DHCP console, right click the server name, properties,
>>> last tab to the right, select the credentials tab, and enter the user
>>> account you created and it's password. This way the DHCP server can
>>> register machines into DNS as well as update the registrations when
>>> machines get a new or different IP than the last one they had, else DHCP
>>> cannot update any records, and will simply create a new record with the
>>> same name but with a different IP.
>>>
>>> Configure DNS dynamic update credentials: Dynamic Host ...Jan 21, 2005
>>> ... To configure DNS dynamic update credentials. Open DHCP. In the
>>> console tree, click the applicable DHCP server. Where? DHCP/applicable
>>> DHCP ...
>>> http://technet.microsoft.com/en-us/library/cc775839(WS.10).aspx
>>>
>>> I would also suggest to implement Scavenging in DNS.
>>>
>>> How to configure DNS dynamic updates in Windows Server 2003.
>>> http://support.microsoft.com/kb/816592
>>>
>>> Using DNS Aging and ScavengingAging and scavenging of stale resource
>>> records are features of Domain Name System (DNS) that are available when
>>> you deploy your server with primary zones.
>>> http://technet.microsoft.com/en-us/library/cc757041.aspx
>>>
>>> Microsoft Enterprise Networking Team : Don't be afraid of DNS ...Mar 19,
>>> 2008 ... DNS Scavenging is a great answer to a problem that has been
>>> nagging everyone since RFC 2136 came out way back in 1997.
>>> http://blogs.technet.com/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx
>>>
>>> --
>>> Ace
>>>
>>> This posting is provided "AS-IS" with no warranties or guarantees and
>>> confers no rights.
>>>
>>> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
>>> Microsoft Certified Trainer
>>> ace***@mvps.RemoveThisPart.org
>>>
>>> For urgent issues, you may want to contact Microsoft PSS directly.
>>> Please
>>> check http://support.microsoft.com for regional support phone numbers.
>>>
>>> "Efficiency is doing things right; effectiveness is doing the right
>>> things." - Peter F. Drucker
>>> http://twitter.com/acefekay
>>>
>>>

"Alister" <alister.***@hotmail.co.uk> wrote in message
news:#qS9p1k7JHA.6084@TK2MSFTNGP04.phx.gbl...
>
> "Clayton" <claytonbNOSPAM@xtra.co.nz> wrote in message
> news:%23i7ZGvj7JHA.1380@TK2MSFTNGP05.phx.gbl...
>> How about if I disable only the DHCP and allocate IP addresses to the
>> other computers?
>
> Nope, that won't work either, because the DNS still won't update
> correctly.
>
> I think you are missing the point. In an Active Directory domain, the DHCP
> and DNS /should/ be working together,
> such that when a new DHCP lease is assigned, the DNS records are
> automatically updated.
>
> This appears not to be happening on your domain, and is one cause of slow
> or non-working logons. The other problem, if I understand you correctly,
> is that your client machines' primary DNS should be pointed at your DC's
> IP address (Ideally this should be set in the DHCP scope) whereas you
> currently have them pointed at an external DNS server. As Bill said, the
> client machines on the domain need to use the LOCAL DNS in order to
> correctly find and talk to the logon server and other resources on your
> network.
>
> What I suggest you do is remove the DHCP and DNS server roles from your DC
> and then start again, making sure that the DNS zone is created as an
> Active Directory Integrated Zone.
>
> Make sure you install DNS before DHCP, and DHCP should be able to
> configure itself to update the DNS.
>
> Alister
>

"Clayton" <claytonbNOSPAM@xtra.co.nz> wrote in message
news:OZe8S#p7JHA.1196@TK2MSFTNGP03.phx.gbl...
> Hi All,
> All the client machines primary DNS is pointing to the DC's IP which is
> 192.168.0.2
> The slow logon's happens once in awhile
>
> I haven't tried what you guys suggested as I am trying to figure out how
> it is done, Ace suggested I create a non-admin user account and have found
> the credentials tab but not sure what user account and password to use, I
> have added 10 users on the server as I was only using 2 accounts, do I
> need to add every user in the credentials tab in DHCP console?
>
>
> "Alister" <alister.***@hotmail.co.uk> wrote in message
> news:#qS9p1k7JHA.6084@TK2MSFTNGP04.phx.gbl...
>>
>> "Clayton" <claytonbNOSPAM@xtra.co.nz> wrote in message
>> news:%23i7ZGvj7JHA.1380@TK2MSFTNGP05.phx.gbl...
>>> How about if I disable only the DHCP and allocate IP addresses to the
>>> other computers?
>>
>> Nope, that won't work either, because the DNS still won't update
>> correctly.
>>
>> I think you are missing the point. In an Active Directory domain, the
>> DHCP and DNS /should/ be working together,
>> such that when a new DHCP lease is assigned, the DNS records are
>> automatically updated.
>>
>> This appears not to be happening on your domain, and is one cause of slow
>> or non-working logons. The other problem, if I understand you correctly,
>> is that your client machines' primary DNS should be pointed at your DC's
>> IP address (Ideally this should be set in the DHCP scope) whereas you
>> currently have them pointed at an external DNS server. As Bill said, the
>> client machines on the domain need to use the LOCAL DNS in order to
>> correctly find and talk to the logon server and other resources on your
>> network.
>>
>> What I suggest you do is remove the DHCP and DNS server roles from your
>> DC and then start again, making sure that the DNS zone is created as an
>> Active Directory Integrated Zone.
>>
>> Make sure you install DNS before DHCP, and DHCP should be able to
>> configure itself to update the DNS.
>>
>> Alister
>>

"Ace Fekay [Microsoft Certified Trainer]" <ace***@mvps.RemoveThisPart.org>
wrote in message news:un5mjFt7JHA.3592@TK2MSFTNGP02.phx.gbl...
> "Clayton" <claytonbNOSPAM@xtra.co.nz> wrote in message
> news:OZe8S%23p7JHA.1196@TK2MSFTNGP03.phx.gbl...
>> Hi All,
>> All the client machines primary DNS is pointing to the DC's IP which is
>> 192.168.0.2
>> The slow logon's happens once in awhile
>>
>> I haven't tried what you guys suggested as I am trying to figure out how
>> it is done, Ace suggested I create a non-admin user account and have
>> found the credentials tab but not sure what user account and password to
>> use, I have added 10 users on the server as I was only using 2 accounts,
>> do I need to add every user in the credentials tab in DHCP console?
>
> Sorry, I meant to re-post that link for you to read. Here it is:
>
> How to configure DNS dynamic updates in Windows Server 2003.
> http://support.microsoft.com/kb/816592
>
> Ace
>
>
>

"Ace Fekay [Microsoft Certified Trainer]" <ace***@mvps.RemoveThisPart.org>
wrote in message news:eBM9TBw7JHA.5932@TK2MSFTNGP03.phx.gbl...
> "Clayton" <claytonbNOSPAM@xtra.co.nz> wrote in message
> news:%23jtDAxu7JHA.5008@TK2MSFTNGP05.phx.gbl...
>> ok, I will create a non-admin account, once done what permissions do I
>> give that account? i.e domain admin, domain users, Administrators etc?
>
> Just create the account and leave it default, eg, part of the Domain Users
> group.
>
> As far as everyone logging on as the same username, that really isn't
> advised. Security-wise, and best practice wise. Why wouldn't you want a
> specific user name for everyone in your office? It reminds me of that old
> TV show, Bob Newhart, where the guy has two brothers wtih the same name,
> named Larry. Well, that may be not exactly a good analogy, but with
> individual accounts, you create accountability, they can be monitored,
> etc, and not sure if you do or even think about going that far, but if you
> are using Exchange email, then everyone will be the same email address.
>
> It's just not best practice. I've run across it once with a customer years
> ago. I sat and explained the differences to them, and they wound up
> agreeing it wasn't a good practice.
>
> Ace
>
>
>

"Ace Fekay [Microsoft Certified Trainer]" <ace***@mvps.RemoveThisPart.org>
wrote in message news:#76CGz07JHA.5356@TK2MSFTNGP05.phx.gbl...
> "Clayton" <claytonbNOSPAM@xtra.co.nz> wrote in message
> news:ujKcP5y7JHA.1380@TK2MSFTNGP05.phx.gbl...
>> Yeh, we have that effect on customers don't we?
>>
>> The security is not a major issues in this business, they are all family
>>
>
> Family? Hmm... I don't know the arrangements, but that could be a good
> thing or a bad thing! :-)
>
> Ace
>
>