Lets say you have a server – MAILSERVER1
And you rebuild it for some reason. It’s a clean rebuild. As part of this rebuild you delete the Computer Account from AD. When you add the computer to the domain again, a new computer account is created.
BUT – if you have “Only Secure Updates” enabled in DNS, the new computer account doesn’t have permission to modify or overwrite the existing DNS entries. You’ll get an Event ID 11166 on boot up of the new server from DnsApi in it’s System Event Log. It’s only a Warning, not an Error, but the consequences could be significant. In my case Exchange Auth kept failing, despite logging no other errors in the event log. Don’t forget this applies to the PTR or Reverse lookup as well.
The simple solution is to delete the DNS records manually, then run IPCONFIG /refreshdns – and presto, all will be good.
The Event Log will say something like
The system failed to register host (A) resource records (RRs) for network adapter
with settings:Adapter Name : {A7648FC7-7952-4AB5-9670-20E84EE3D8A8}
Host Name : ***srv012
Primary Domain Suffix : somewhere.com
DNS server list :
10.1.2.2, 10.1.1.2
Sent update to server : 10.1.2.2
IP Address(es) :
10.1.2.10The reason the system could not register these RRs was because of a security related problem. The cause of this could be (a) your computer does not have permissions to register and update the specific DNS domain name set for this adapter, or (b) there might have been a problem negotiating valid credentials with the DNS server during the processing of the update request.
You can manually retry DNS registration of the network adapter and its settings by typing “ipconfig /registerdns” at the command prompt. If problems still persist, contact your DNS server or network systems administrator. For specific error code, see the record data displayed below.