Tag Archives: secure dynamic DNS update

Error: DHCP: Credentials for DNS update should be configured if secure dynamic DNS update is enabled and the domain controller is on the same host as the DHCP server.

Symptom: In Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 you receive the following Warning when running the Microsoft Best Practices Analyzer.

Severity: Error
DHCP: Credentials for DNS update should be configured if secure dynamic DNS update is enabled and the domain controller is on the same host as the DHCP server.
BPA - Error DHCP Credentials for DNS update should be configured if secure dynamic DNS update is enabled and the domain controller is on the same host as the DHCP server

What does this mean?

If you have the DHCP service installed on your domain controller without a service account configured, by default, DNS registrations from DHCP clients will be prevented from being registered and will log event 1056 in event viewer.

Solution: Complete the following steps below to change the credentials of the service account used for DHCP.

  1. Before beginning, make sure you have a service account you can use to set the DHCP Server to run as.  This account should be a domain account (not a local account) and should not have any fancy privileges (standard user account, not an administrator).
  2. Open up Server Manager
    Server 2012 R2 - Server Manager
  3. Click Tools and select DHCP
    Server Manager - Tools - DHCP
  4. Expand your DHCP server and right click on the IPv4 service and select Properties
    DHCP - IPv4 - Properties
  5. Select the Advanced tab and then click the Credentials... button
    DHCP - IPv4 Properties - Advanced - Credentials...
  6. Enter in the User name, domain, password, and confirmation password to the user and click OK
    DNS dynamic update credentials
  7. Click OK on the IPv4 Properties screen
  8. Repeat this step on each of the DHCP servers in your domain.  It is recommended to use the same service account on each of the machines.

Notes: The official KB article from Microsoft on this subject can be found here: http://technet.microsoft.com/en-us/library/ee941181(v=ws.10).aspx
Another very good Technet article written by karammasri on this subject can be found here: http://blogs.technet.com/b/stdqry/archive/2012/04/03/dhcp-server-in-dcs-and-dns-registrations.aspx