DetailPage-MSS-KB

Microsoft small business knowledge base

Article ID: 977158 - Last Review: March 3, 2011 - Revision: 3.0

Hotfix Download Available
View and request hotfix downloads
 

On This Page

SUMMARY

This article (KB977158) provides a fix for a problem in which errors are recorded after a successful DNS update. This problem occurs when you use a third-party server application for DNS resolution. When this problem occurs, you may experience the following symptoms:
  • Events 1196, 1578, or 5774 are logged unexpectedly.
  • Management software like System Center Configuration Manager or System Center Operations Manager may raise false alarms.
  • A cluster resource that points to the third-party server application for DNS registration does not come online.
For detailed information, see the “Symptoms,” “Cause,” and “Resolution” sections of this article. To download the fix for this problem, click the View and request hotfix downloads link that is located on the upper-left of the screen.

SYMPTOMS

You are using a third-party DNS server application for DNS updates on a computer that is running Windows Server 2008 R2 or Windows 7. Additionally, you enable the dynamic update feature on the DNS server. The DNS records are updated successfully. However, some DNS update errors may be recorded in the event logs or in other error logs. Therefore, some management software may raise false alarms. For example, System Center Configuration Manager or System Center Operations Manager may raise false alarms.

The specific symptoms of this problem may vary. For example, the following one or more scenarios:

Scenario 1

You use a third-party server application for DNS registration in a Windows Server 2008 R2-based domain. Domain controllers that are running Windows Server 2008 R2 register the DNS SRV records successfully. However, the following event is logged in the System log every time that the DNS SRV records are dynamically registered:

Log Name: System
Source: NETLOGON
Event ID: 5774
Level: Error
Description: The dynamic registration of the DNS record ' <record> . <DNS zone> . 600 IN A <DNS Server IP> ' failed on the following DNS server:
DNS server IP address: <DNS IP>
Returned Response Code (RCODE): 0
Returned Status Code: 9502

For computers and users to locate this domain controller, this record must be registered in DNS.

USER ACTION

Determine what might have caused this failure, resolve the problem, and initiate registration of the DNS records by the domain controller. To determine what might have caused this failure, run DCDiag.exe. To learn more about DCDiag.exe, see Help and Support Center. To initiate registration of the DNS records by this domain controller, run 'nltest.exe /dsregdns' from the command prompt on the domain controller or restart Net Logon service. Or, you can manually add this record to DNS, but it is not recommended.
ADDITIONAL DATA

Error Value: Bad DNS packet

Note For computers and users to locate the domain controllers, the DNS SRV records must be registered to a DNS server. Typically, the Active Directory domain controllers dynamically register approximately 15 to 30 SRV records every hour and log this event for each registration attempt. Event 5774 is also logged in the Netlogon.log file in the %SystemRoot%\Debug folder that is located on the domain controller. The event 5774 entry resembles the following entry:

YY/MM HH:MM:SS [MISC] Eventlog: 5774 (1) "<record>.<DNS zone>.<AD DNS domain>. 600 IN A <DNS IP>" 9502 "<IP Address>" "0" "9502" <snip>

If you run the DCDiag.exe tool, the output contains the following:

An Error Event occurred.
EventID: 0x0000168E
Time Generated: <date><time>
Event String: The dynamic registration of the DNS record '<record>.<DNS zone>. 600 IN A <DNS Server IP>' failed on the following DNS server:

The domain controller locator code assumes that the DNS record registration failed. Therefore, the domain controller locator does not unregister the DNS records if it is required for demotion. This causes stale DNS records to remain until the DNS expires the records or scavenges the records.

Monitoring systems may raise an alert for Error event 5774 that has a symbolic name of NELOG_NetlogonDynamicDnsRegisterFailure. This behavior may cause unnecessary administrative work for the administrators who investigate the false alert.

The symptoms that are described here were found by using some third-party DNS server application, such as BIND or Lucent QIP.

Scenario 2

A Windows Server 2008 R2-based cluster resource that points to third-party DNS server application for DNS registration does not come online. When this behavior occurs, the following "Microsoft-Windows-FailoverClustering" events 1196 and 1578 are logged:

Event 1196

Log Name: System
Source: Microsoft-Windows-FailoverClustering
Date: <date><time>
Event ID: 1196
Task Category: Network Name Resource
Level: Error
Keywords:
User: SYSTEM
Computer: <Computer name>
Description: Cluster network name resource 'Resource Name' failed registration of one or more associated DNS name(s) for the following reason: Bad DNS packet.

Event 1578

Log Name: System
Source: Microsoft-Windows-FailoverClustering
Date: <date> <time>
Event ID: 1578
Task Category: Network Name Resource
Level: Warning
Keywords:
User: SYSTEM
Computer: < Computer name>
Description: Cluster network name resource '%1' failed to register dynamic updates for name '%2' over adapter '%4'. The DNS server may not be configured to accept dynamic updates. The error code was '%3'. Please contact your DNS server administrator to verify that the DNS server is available and configured for dynamic updates.

CAUSE

The Request for Comments (RFC) 2136 allows for a dynamic update response to be formed by using the following two methods:
  1. Respond by using the ZOCOUNT, PRCOUNT, UPCOUNT and ADCOUNT fields copied.
  2. Respond by using the ZOCOUNT, PRCOUNT, UPCOUNT and ADCOUNT fields set to 0.
The DNS server on a computer that is running Windows Server 2008 R2 uses method 1, while the third-party DNS servers use method 2.

This problem occurs because of the way a computer that is running Windows Server 2008 R2 interprets the response packet received from a DNS server. This interpretation occurs after you try to dynamically register SRV records.

A DNS client that is running Windows Server 2008 R2 treats a response that uses method 2 as a bad packet, even though the returned status code for the update is "success." This behavior causes the NETLOGON Error event ID 5774 that has a status code of 9502 (DNS_ERROR_BAD_PACKET) to be logged or blocks the cluster from bringing resources online in scenario 2.

RESOLUTION

After you install this hotfix, the DNS client does not report an update error when DNS servers use method 2 that is mentioned in the "Cause" section to respond to a dynamic update request.

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support (http://support.microsoft.com/contactus/?ws=support)
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

To apply this hotfix, the computer must be running one of the following operating systems:
  • Windows Server 2008 R2
  • Windows 7

Restart requirement

You must restart the computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfix.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Windows Server 2008 R2 and Windows 7 file information note

The MANIFEST files (.manifest) and the MUM files (.mum) that are installed for each environment are listed separately. MUM and MANIFEST files, and the associated security catalog (.cat) files, are critical to maintaining the state of the updated component. The security catalog files (attributes not listed) are signed with a Microsoft digital signature.
For all supported x86-based versions of Windows 7

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Dnsapi.dll6.1.7600.20563270,33631-Oct-200906:01x86
Dnscacheugc.exe6.1.7600.2056328,67231-Oct-200906:00x86
Dnsrslvr.dll6.1.7600.20563132,60831-Oct-200906:01x86
For all supported x64-based versions of Windows Server 2008 R2 and of Windows7

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatformService branch
Dnsapi.dll6.1.7600.20563356,35231-Oct-200906:40x64Not Applicable
Dnscacheugc.exe6.1.7600.2056330,20831-Oct-200906:38x64Not Applicable
Dnsrslvr.dll6.1.7600.20563182,27231-Oct-200906:40x64Not Applicable
Dnsapi.dll6.1.7600.20563270,33631-Oct-200906:01x86WOW
Dnscacheugc.exe6.1.7600.2056328,67231-Oct-200906:00x86WOW
For all supported Itanium-based versions of Windows Server 2008 R2

Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatformService branch
Dnsapi.dll6.1.7600.20563686,08031-Oct-200905:11IA-64Not Applicable
Dnscacheugc.exe6.1.7600.2056362,46431-Oct-200905:08IA-64Not Applicable
Dnsrslvr.dll6.1.7600.16385354,81614-Jul-200901:46IA-64Not Applicable
Dnsapi.dll6.1.7600.20563270,33631-Oct-200906:01x86WOW
Dnscacheugc.exe6.1.7600.2056328,67231-Oct-200906:00x86WOW


STATUS

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

MORE INFORMATION

For more information about software update terminology, click the following article number to view the article in the Microsoft Knowledge Base:
824684  (http://support.microsoft.com/kb/824684/LN/ ) Description of the standard terminology that is used to describe Microsoft software updates

Additional file information for Windows Server 2008 R2 and for Windows 7

Additional files for all supported x86-based versions of Windows 7


Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Package_for_kb977158_rtm~31bf3856ad364e35~x86~~6.1.1.0.mumNot Applicable1,94701-Nov-200923:13Not Applicable
X86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20563_none_e25610f5fcbc2b3d.manifestNot Applicable55,89631-Oct-200908:07Not Applicable

Additional files for all supported x64-based versions of Windows Server 2008 R2 and of Windows 7


Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Ia64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20563_none_e257b4ebfcba3439.manifestNot Applicable57,75901-Nov-200923:13Not Applicable
Package_for_kb977158_rtm~31bf3856ad364e35~ia64~~6.1.1.0.mumNot Applicable1,68301-Nov-200923:13Not Applicable
Wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20563_none_48c956cbe97a5e6e.manifestNot Applicable51,90031-Oct-200908:02Not Applicable

Additional files for all supported Itanium-based versions of Windows Server 2008 R2


Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Amd64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20563_none_3e74ac79b5199c73.manifestNot Applicable55,90231-Oct-200909:33Not Applicable
Package_for_kb977158_rtm~31bf3856ad364e35~amd64~~6.1.1.0.mumNot Applicable2,18101-Nov-200923:13Not Applicable
Wow64_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7600.20563_none_48c956cbe97a5e6e.manifestNot Applicable51,90031-Oct-200908:02Not Applicable

REFERENCES

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

For more information about the dynamic update feature in the Domain Name System, refer to the section 3.8 of article RFC 2136 on the IETF Web site 
More information about DNS update (http://www.ietf.org/rfc/rfc2136.txt)

APPLIES TO
  • Windows 7 Enterprise
  • Windows 7 Home Basic
  • Windows 7 Home Premium
  • Windows 7 Professional
  • Windows 7 Starter
  • Windows 7 Ultimate
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Standard
Keywords: 
kbqfe kbhotfixserver kbsurveynew kbautohotfix kbexpertiseinter kbbug kbfix KB977158
Share
Additional support options
Ask The Microsoft Small Business Support Community
Contact Microsoft Small Business Support
Find Microsoft Small Business Support Certified Partner
Find a Microsoft Store For In-Person Small Business Support