Windows Server 2008 R2 – RRAS Duplicate DNS Entries

I recently installed the Routing & Remote Access service on a Windows Server 2008 R2 domain controller. While this is not a recommended approach, it was unfortunately the only server available to host the role. Shortly after installing the role and binding it to the DHCP service, I noticed that when pinging the domain controller it was returning an IP address in the DHCP range. On further inspection it appeared the IP address assigned to the virtual RRAS adapter was registering against DNS and therefore creating two entries for the domain controller. To resolve this issue, the following steps were performed.

1. Navigate to Start -> Administrative Tools and click the DNS option.

2. When the DNS console opens, expand the “Forward Lookup Zones” container and then expand your local domain name.

3. Locate the incorrect host A record for your domain controller and delete it by right clicking the record and selecting delete.

4. In the DNS console, right click the servers name and select properties.

5. In the properties window click the listeners tab and select the “Only the following IP addresses” radio button.

6. In IP addresses list remove the incorrect IP address and then click ok and exit the DNS console.

That’s it, you should no longer experience duplicate DNS entries for your domain controller.

Windows Server 2008 – Time Synchronisation

Time synchronisation on Windows servers is an issue that comes around every so often, which can cause some serious problems in an infrastructure. I recently had a customer with a time problem which was affecting several services from starting correctly, which were mainly Microsoft Exchange related. There is a ton of information on the internet about ways to fix time issues in Windows based domains, most of which reference third party time applications or registry fixes. Whenever I experience a time issue across an infrastructure I always utilise the following procedure:

1. Open up a command prompt window, if you have User Account Control enabled on your server ensure you open the command prompt window as an administrator

2. Firstly I like to find out the time difference between my domain controllers and an external trusted time source, to obtain this information run the following command. You can change the “computer” attribute to a time server in your geographical area, I have set this to to reflect greenwich meantime:

w32tm /stripchart / /samples:5 /dataonly

3. You should now be able to see how far out of sync your domain controller is compared to an accurate external time source. To sync your domain controller with this external time source and rectify the issue, enter the following command into the same command prompt window. As with the previous command you can change the “manualpeerlist” entry to reflect an external time server in your geographical location:

w32tm /config / /syncfromflags:manual /reliable:yes /update

4. That’s it, your domain controllers time you should have correctly synchronised against the external time source specified and other machines in your domain should also now inherit this time if they are configured to obtain time information from a domain controller.

You can find more information on external time sources at

Windows Server 2008 – Disabling Dynamic DNS Updates

I recently experienced an issue with Dynamic DNS updates on Windows Server 2008. Since upgrading VMware tools on a Windows Server 2008 virtual machine, all six network adapters that were assigned to the VM were now registering themselves on my internal DNS servers, despite me having unchecked the “Register the connections address in DNS” checkbox on each adapters properties. This resulted in me having six host A records in my internal DNS for the same server, however I only wanted one of the servers IP addresses to be registered against it’s hostname.

Unfortunately enabling and then disabling the “Register the connections address in DNS” option again did not resolve the issue. I figured this occurred as when upgrading VMware tools the servers network adapters are removed and re-added. To resolve this issue I opted to disable Dynamic DNS updates on the server all together using a registry entry. To disable Dymanic DNS on a Windows Server 2008 or Server 2008 R2 machine, perform the following actions.

1. Login to the server with the issue.

2. Click the Start menu and select Run.

3. In the Run dialog box type the following entry without the quotation marks and then click ok:

“reg add hklm\system\currentcontrolset\services\tcpip\parameters /v DisableDynamicUpdate /t REG_DWORD /d 1 /f”

4. Reboot the server to complete the process.

I would recommend keeping a watch on your internal DNS servers for 24 hours after applying this registry key, to completely ensure the issue is resolved. You can find additional information on methods of disabling Dynamic DNS on Windows Server platforms at the following Microsoft  KB article: