Ошибка 8018 dns client events
Конфигурация компьютера | |
Процессор: Core i9 -9900k 3.6 GHz. Cooler Master V8 GTS | |
Материнская плата: ASUS ROG Strix Z390-F Gaming. Корпус:Thermaltake Chaser MK-I | |
Память: Corsair Vengeance LPX 32GB DDR4 DRAM 2666MHz | |
HDD: 1 шт.WD 1002 FAEX 00Z3AO(1TB),SSD Samsung 860EVO 250GB,SSD Samsung 860EVO 1TB | |
Видеокарта: ASUS GTX 1070 DirectCU III.Версия видео драйвера 441.87 WHQ | |
Звук: встроенный | |
Блок питания: Corsair 650WT power suply 2009г | |
CD/DVD: Привод ASUS DVD/RW Black | |
Монитор: ЖК Телевизор LG 32LD750 | |
ОС: Windows 10 Home x 64(лицензия) сборка 1809 |
Конфигурация компьютера | |
Процессор: Intel Core i7-3770K | |
Материнская плата: ASUS P8Z77-V LE PLUS | |
Память: Crucial Ballistix Tactical Tracer DDR3-1600 16 Гб (2 x 8 Гб) | |
HDD: Samsung SSD 850 PRO 256 Гб, WD Green WD20EZRX 2 Тб | |
Видеокарта: ASUS ROG-STRIX-GTX1080-O8G-11GBPS | |
Звук: Realtek ALC889 HD Audio | |
Блок питания: be quiet! Straight Power 11 650W | |
CD/DVD: ASUS DRW-24B5ST | |
Монитор: ASUS VG248QE 24" | |
ОС: Windows 8.1 Pro x64 | |
Индекс производительности Windows: 8,1 | |
Прочее: корпус: Fractal Design Define R4 |
Для отключения данного рекламного блока вам необходимо зарегистрироваться или войти с учетной записью социальной сети.
Конфигурация компьютера | |
Процессор: QuadCore Intel Core i7 860, 2800 MHz | |
Материнская плата: Gigabyte GA-P55A-UD4 | |
Память: GoodRAM GR1600D364L9/2G 2х2Гб | |
HDD: KINGSTON SNVP325S264GB | |
Видеокарта: Zotac PCI-Ex GeForce GTX 470 | |
Блок питания: Chieftec APS-700C 2010 | |
CD/DVD: Optiarc DVD RW AD-7243S ATA Device | |
Монитор: Samsung SyncMaster T220(G)/MagicSyncMaster T220(G) (Analog) [22" LCD] | |
ОС: Microsoft Windows 7 Enterprise | |
Индекс производительности Windows: 7,0 |
2. Выполните следующую команду в командной строке в Windows 7:
netsh interface tcp set global rss=disabled
netsh interface tcp set global autotuninglevel=disabled
netsh int ip set global taskoffload=disabled
3.Отключить SNP в Windows 7 путем внесения в реестр таких изменений (сначала создайте полную резервную копию реестра):
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
EnableTCPChimney=dword:00000000
EnableTCPA=dword:00000000
EnableRSS=dword:00000000
Если ключей не существует, то их нужно создать и присвоить указанные значения.
4. Если проблема остается, пожалуйста, поменяйте сетевой адаптер и посмотрите, как он работает.
Последний раз редактировалось volneb, 02-05-2011 в 17:07 .
Конфигурация компьютера | |
Процессор: Intel(R) Core(TM)2 Duo E6750 2.66Hz | |
Материнская плата: MSI MS 7507 Ver:1.0 | |
Память: Patriot DDR2 4Gb (2 планки по 2гб) | |
HDD: Western Digital,1.0TB,SATA | |
Видеокарта: NVIDIA GeForce GTX 660 Gigabyte | |
Звук: Realtek | |
Блок питания: Thermalteke TR2 RX 850W/750W Bronze | |
CD/DVD: Pioneer и LG | |
Монитор: ViewSonic VE500 | |
ОС: Windwos 7 SP1 Домашняя базовая x86 | |
Индекс производительности Windows: 6,1 |
Windows 8.1 ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : PCUVT1
Primary Dns Suffix . . . . . . . : faf.cuni.cz
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : faf.cuni.cz
System Quarantine State . . . . . : Not Restricted
Ethernet adapter Síť Ethernet:
DNS Servers . . . . . . . . . . . : 2001:718:1201:100::1
2001:718:1201:100::17
172.18.100.1
172.18.100.17
Quarantine State. . . . . . . . . : Not Restricted
NetBIOS over Tcpip. . . . . . . . : Enabled
Connection-specific DNS Suffix Search List :
faf.cuni.cz
Tunnel adapter isatap.faf.cuni.cz:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : faf.cuni.cz
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
This issue is on wired clients.
I have DCHP static clients (MAC reservations)
This zone is set secure only.
(The same working fine for Windows 7 clients)
Windows 7 ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : PCUVT2
Primary Dns Suffix . . . . . . . : faf.cuni.cz
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : faf.cuni.cz
System Quarantine State . . . . . : Not Restricted
Ethernet adapter Připojení k místní síti:
Connection-specific DNS Suffix . : faf.cuni.cz
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
Physical Address. . . . . . . . . : 00-01-80-7C-ED-6E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:718:1201:128:201:80ff:fe7c:ed6e(Preferred)
Link-local IPv6 Address . . . . . : fe80::201:80ff:fe7c:ed6e%11(Preferred)
IPv4 Address. . . . . . . . . . . : 172.18.130.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.224.0
Lease Obtained. . . . . . . . . . : 30. prosince 2013 11:22:02
Lease Expires . . . . . . . . . . : 5. února 2150 17:53:29
Default Gateway . . . . . . . . . : fe80::eab7:48ff:fee5:f17f%11
DHCP Server . . . . . . . . . . . : 172.18.100.241
DHCPv6 IAID . . . . . . . . . . . : 234881408
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-DD-29-B0-00-01-80-7C-ED-6E
DNS Servers . . . . . . . . . . . : 2001:718:1201:100::1
Quarantine State. . . . . . . . . : Not Restricted
NetBIOS over Tcpip. . . . . . . . : Enabled
Connection-specific DNS Suffix Search List :
Thank you for the detailed info. A couple of more questions:
- Have you tried setting the zone faf.cuni.cz, to Unsecure to see if that works? If it does work, then it's a Kerberos Authentication issue on the Windows 8.1 clients.
- I assume it does not occur with statically configured machines, such as your servers (any of them), and which I do not mean DHCP MAC reservations.
DHCP server configuration?
Do you have DHCP configured with Credentials, the DHCP servers added to the DnsUpdateProxy group, and have set DHCP to update ALL clients whether they can or not?
If you haven't configured DHCP this way, I recommend going this route, because this setup will take care of registering all clients.
The reason I say this, is because with this setup, we are altering the default registration mechanism, whereas the client is trying to register so instead, we force DHCP to register.
Here's the default registration mechanism:
Therefore, to set it all up, in summary:
- Configure DHCP Credentials. The credentials only need to be a plain-Jane, non-administrator, user account. But give it a really strong password.
- Set DHCP to update everything, whether the clients can or cannot.
- Set the zone for Secure & Unsecure Updates. Do not leave it Unsecure Only.
- Add the DHCP server(s) to the Active Directory, Built-In DnsUpdateProxy security group. Make sure ALL other non-DHCP servers are NOT in the DnsUpdateProxy group. For example, some believe that the DNS servers or other DCs not running DHCP should be in it. They must be removed or it won't work. Make sure that NO user accounts are in that group, either. (I hope that's crystal clear - you would be surprised how many will respond asking if the DHCP credentials should be in this group.)
- On Windows 2008 R2 or newer, DISABLE Name Protection.
- If DHCP is co-located on a Windows 2008 R2 or Windows 2012 DC, you can and must secure the DnsUpdateProxy group by running the following:
dnscmd /config /OpenAclOnProxyUpdates 0 - Configure Scavenging on ONLY one DNS server. What it scavenges will replicate to others anyway. Set the scavenging NOREFRESH and REFRESH values combined to be equal or greater than the DHCP Lease length.
Details on how to set it up with screenshots:
More reading on DNS registration:
This post is provided AS-IS with no warranties or guarantees and confers no rights.
Source DNS Client Events, ID 8015
So of course I tried /registerdns but no luck. I had a problem with RDNS, seemed in the settings the new IP was not updated for both servers. Did that. No luck.
I set up my DHCP to "always dynamically update DNS records".
Discard A and PTR records. is not checked.
Disable dynamic updates for DNS PTR records is not checked.
Name Protection is enabled but I tried it with disabled, too.
I did setup Dynamic Update credentials in "advanced".
I did activate that debug log but for my eyes this was no help. I can reactivate it and send information if needed.
I get the error in event log of DHCP:
The DNS registration for DHCPv4 Client IP address , FQDN and DHCID AAEBDYM07K5AQw0/6Mp/TJChTUSfKowjv4ZzOLcJi0BnW+I= has been denied as there is probably an existing client with same FQDN already registered with DNS. Source DHCP-server ID 1340
maybe an additional issues caus in my unifi controller not every AP is running. Still I am confused by this, too ->cause as I said the APs have a management IP of our "problem Wifi" and not as mentioned in that error one IP from our Guest-Wifi. But FQDN is correct.
I've been searching a lot for the mentioned error IDs
I am really desperate. Maybe I oversee an easy thing. last days were pretty hard so it is possible. Anyway thanks for any help.
Best regards,
Ben
--please don't forget to Accept as answer if the reply is helpful--
I am not allowed to post the error message? Well at least here is the source and ID missing in the middle : Source DNS Client Events, ID 8015
also if the subnet changed the you'll need to recreate the reverse lookup zone.
--please don't forget to Accept as answer if the reply is helpful--
Thanks for posting in Q&A platform.
Based on the provided information, my understanding is you encounter Event 1340 on DHCP server and Event 8015 on DNS client.
Regarding of your issue, I would suggest to handle Event 1340 firstly and then we can monitor if the Event 8015 is still existed after resolving event 1340. For Event 1340, when you enable name protection, event 1340 may occur when multiple clients have the same FQDN. When one clients register the DNS records first, the other one may unable to register any more, and event 1340 may be recorded.
Therefore, please check if there are conflict FQDN of clients in your environment.
The following article is talking about the related information about name protection and event 1340, please kindly check:
If there are no duplicated FQDN in your environment in your environment, you may ignore the event, if there is, then, related clients may unable to register DNS records, we need to find them out and rename the computers.
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi you guys,
thank you very much for the replies so far! Had a day off so hopefully I can solve that issued more freshly.
I have not mentioned we moved the RADIUS in that core-VLAN, too. So it got a new IP as well (and I changed it in the unifi and tried it with a new certificate, too)
We got no RADIUS proxy. As mentioned the client get access granted according to NFS log. I will try to deactivate the policy so RADIUS has temporarily no role in that - to make sure it is really not the RADIUS.
What do you mean by I need to change the RDNS? Which one? I created it for the new CORE Subnet and edited every existing one so in the Name Servers tab already so it resolves the new IPs of the DCs (and some tries with nslookup for different entries work as well.) Do I need to recreate every single one? If so what is the reason for this? I had a look to the log adain that tells me now EventID 20139 from source DHCP-Server. I realized DHCP have not replicated the state (DHCP is on both DCs)? So one DHCP did not have the credentials for name protection. It still showed up (credentials must be valid at it is checked in the window directly). AFAIR there is no additional permission necessary? Anyway I deactivated name protection for test purposes and it disappeared. I deleted and recreated one Reverse Lookup Zone for the problem Wi-Fi. Still no luck.
So I will deactivate the RADIUS policy as mentioned above and see what happens.
Will also take a look at the linkg about event 1340. Thank you.
BEst regards
BenSe
RAIDUS deactivation did not work. But without it I get an IP of the wrong IP range. This explains some things.
Well with RADIUS I get to the right VLAN but I do not find anything about it in the policies. And if RADIUS would not let me in I would not get an IP anyway, would I?
In the end the problem was caused by a switch port. Traffic was only partly sent through. It is weird though that one of the Wi-Fi still worked permanently and the other permanently not. Thank you for your help.
I still do not understand why the AccessPoints demand an address from the VLAN of our guest wi-fi. They got a permanent address in our productive vlan set as their management IP. But this is nothing about our change, it has been logged before. Well, something one might can ignore.
I am glad to hear that your issue was successfully resolved. If there is anything else we can do for you, please feel free to post in the forum.
В этой статье рассматривается устранение неполадок DNS-клиентов.
Проверка IP-конфигурации
Откройте окно командной строки от имени администратора на клиентском компьютере.
Выполните следующую команду:
Убедитесь, что у клиента есть допустимый IP-адрес, маска подсети и шлюз по умолчанию для сети, к которой он присоединен и используется.
Проверьте DNS-серверы, указанные в выходных данных, и убедитесь, что указанные IP-адреса указаны правильно.
Проверьте в выходных данных DNS-суффикс подключения и убедитесь, что он указан правильно.
Если у клиента нет допустимой конфигурации TCP/IP, используйте один из следующих методов.
Для динамически настроенных клиентов используйте ipconfig /renew команду, чтобы вручную обновить конфигурацию IP-адресов на DHCP-сервере.
Для статически настроенных клиентов измените свойства TCP/IP клиента, чтобы они использовали допустимые параметры конфигурации, или завершите настройку DNS для сети.
10 Answers
Not able to post full text!
Problems on client after moving DHCP/DNS to another subnet with new IP
Hello there,
I am very frustrated and exhausted so please don't spit on me if I offer lack of information. But I give it a try:
Last weekend we moved servers to a new created VLAN. including two DCs which run DHCP and DNS roles (OS 2019, AD scheme 2012 R2). So they are both in the same subnet. Replication status is ok.
We got LAN clients in another subnet - getting new leases from DHCP with current DNS. Ok, access to intranet and internet.
We got Wifi clients in another productive subnet, the access points (unifi) are in that subnet, too - getting new leases from DHCP with current DNS.
- it depends on the client: mobile phones (not part of the AD) getting access to intra- and internet.
- domain clients get nothing but a valid IP address. But no access at all. Not even IPs are pingable.
- RADIUS is included here! So reading the first two points you can easily spot on it - but log says "Ok, domain client. I let you pass." For non-domain clients it is user authenticated, for domain clients it is. well domain clients - so two different RADIUS policies.
We got guest Wifi which works on the same APsm they get a DHCP address by the same servers, too. It works.
The APs itselves are able to ping the internet.
I could get rid of some errors but the one that still has my attention is when you connect to the "problem Wi-Fi":
Проверка сетевого подключения
Тесты запросов DNS
Если DNS-клиент может проверить связь с компьютером DNS-сервера, попробуйте использовать следующие nslookup команды, чтобы проверить, может ли сервер отвечать на DNS-клиенты. Так как nslookup не использует кэш DNS клиента, разрешение имен будет использовать настроенный клиент DNS-сервер.
Тестирование клиента
Например, если клиентский компьютер имеет имя КЛИЕНТ1, выполните следующую команду:
Если успешный ответ не возвращается, попробуйте выполнить следующую команду:
При выполнении этого теста необходимо включить конечную точку.
если Windows успешно найдет полное доменное имя, но не сможет найти его, проверьте конфигурацию dns-суффикса на вкладке dns расширенного протокола TCP/IP Параметры сетевого адаптера. Дополнительные сведения см. в разделе Настройка разрешения DNS.
Тестирование DNS-сервера
Например, если DNS-сервер называется DC1, выполните следующую команду:
Если предыдущие тесты были успешными, этот тест также должен быть успешным. Если проверка не прошла успешно, проверьте подключение к DNS-серверу.
Тестирование записи, в которой происходит сбой
Проверка общедоступного адреса в Интернете
Чтобы устранить эту проблему, очистите кэш, выполнив ipconfig /flushdns .
3 Replies
You can try this on Windows hosts, from technet.
To configure DHCP clients to register with DNS
(short version, do this in the advanced section of IPv4 properties of the network connection)
At the DHCP client computer, Click Start, click Run, in Search programs and files type ncpa.cpl, and then press ENTER.
Right-click the applicable network connection, click Properties, click Internet Protocol Version 4 (TCP/IPv4) and then click Properties.
Click Advanced, click DNS, check Register this connection’s addresses in DNS and then click OK.
Mastatech, LLC is an IT service provider.
The article you linked says " To enable dynamic DNS updates
At the DHCP Server, click Start, point to Administrative Tools and then click DHCP.
In the console tree, expand the applicable DHCP server, expand IPv4, right-click the applicable scope and then click Properties.
Click DNS, check Enable DNS dynamic updates according to the settings below: and then click OK.
Above was taken from the article you sent. As you can see it says go to admin tool then click DHCP. Again DHCP does not exist as there are no windows DHCP servers on my network. PTR records have always worked fine without the windows DHCP server. Computers on the network should not be getting even 8015 just because there is no windows dhcp server and I use other methods for DHCP
All computers can ping the dns servers and everything just fine. however they get this event 8015 constantly. Please assist.
Дальнейшие действия
Если разрешение имен по-прежнему не выполняется, перейдите к разделу Устранение неполадок DNS-серверов .
Please help I have been battling this issue for a long time. Before you ask I do not use a windows DHCP server at this time but I want to resolve this issue. Please do not focus on the fact that I don't use a windows DHCP which could be auto generating the PTR records, I understand that but is not in the cards for me at this time.
Bottom line is computers on the network are getting the 8015 Warning generated in their event logs and are not generating PTR records because of it and I am trying to find out why these events are generating.
Mastatech, LLC is an IT service provider.
Enter to win a Bose Sleepbuds II and more!
Contest ends 2022-05-20 Contests Fill out the form fill, and answer a question in the thread! Contest Details View all contests
Проверка связи
Убедитесь, что клиент может связаться с предпочитаемым (или альтернативным) DNS-сервером, обратившись к предпочитаемому DNS-серверу по его IP-адресу.
Например, если клиент использует предпочитаемый DNS-сервер 10.0.0.1, выполните следующую команду в командной строке:
Если ни один настроенный DNS-сервер не отвечает на прямую проверку связи с IP-адресом, это означает, что источником проблемы является более вероятное сетевое подключение между клиентом и DNS-серверами. В этом случае выполните основные действия по устранению неполадок сети TCP/IP, чтобы устранить проблему. Помните, что для работы команды ping трафик ICMP должен быть разрешен через брандмауэр.
Читайте также: