4662 events for DNS issues Expand / Collapse
Author
Message
Posted 6/5/2012 11:10:20 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 10/6/2010 9:24:06 AM
Posts: 3, Visits: 0
Randy, first let me explain our environment.  Currently we have 7 Windows 2008 R2 domain controllers and 1 legacy Windows 2003 R2 domain controller.  We are working to decommission the Windows 2003 DC, but a lot has to change in the network before we can remove this.  We are setup for Active Directory integrated Dyanamic DNS.  Every so often, DNS drops static assigned DNS records.  We have a case open with MS, but this is baffling them.  They wanted me to search for 566 events (but this is only on the Windows 2003 DC).  According to your encyclopedia, the Windows 2008 comparitive event is 4662.  When I search any of the 2008 DC's for this event, I have none.  How should I enable auditing to log these events and are there any others I should enable and watch for.
Post #1019
Posted 8/13/2012 8:59:40 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 8/13/2012 8:46:26 AM
Posts: 2, Visits: 3
We had the same issue here but it was for 2008r2 servers dropping their own static record from a 2003 AD domain.

MS suggestion was the following:

1. Install the hotfix on the server http://support.microsoft.com/kb/2520155

2. Uncheck the “Register this connection’s addresses in DNS” option on all NICs

3. Delete the dynamic records in DNS and replace with Static records. (both A and PTR records)

4. Reboot the server

5. Once rebooted make sure “Register this connection’s addresses in DNS” option is still unchecked on all interfaces

6. Confirm Static records still exist

Worked for us, maybe it can help your issue as well.
Post #1058
Posted 9/19/2012 11:32:01 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 9/19/2012 4:09:36 PM
Posts: 4, Visits: 4
whsmith (6/7/2012)
You must enable Directory Service Access auditing and then set the SACL to audit objects with the object type: domainDNS. You may be interested in Randy's webinar on Directory Service object auditing http://www.ultimatewindowssecurity.com/webinars/register.aspx?id=84 Security Log Exposed: Auditing Changes, Deletions and Creations in Active Directory

I have enabled full auditing for successes and failures on every item, i have went into adsiedit and to forestdnszones \ microsoftdns \ mydomainnamezone and properties \ security tab \ auditing tab \ and set everyone to successfull and failed write all properties, delete, delete subtree and still do not see event id 4662 with dnsnode write property entries when i delete dns entries in that dns zone. Something else that i am missing? 2003 native domain, active directory integrated dns forest wide.

Post #1092
« Prev Topic | Next Topic »


Permissions Expand / Collapse

All times are GMT -5:00, Time now is 3:21am