I've been struggling with this issue for days, I hope somebody here can help.
DNS records gets randomly deleted in our ad-integrated dns server when Windows 7 clients comes back froms sleep (S3 or S4)
- about 4 times out of 10 the dns record seems to be deleted then recreated
- about 1 times out of 10 the dns record is tombstoned (thus not resolvable anymore)
Dns server is a 2008R2 DC with 2003 functionality level, dns scavenging disabled, clients have static ip. We don't have this problem with WinXP clients.
I set-up audit rules on the MicrosoftDns tree on the dns server, here are the event 4662 i got first in both cases :
Write Property by Client computer account
An operation was performed on an object
Security ID: MYDOMAIN\AWIN7PC$
Account Name: AWIN7PC$
Account Domain: MYDOMAIN
Logon ID: 0xee200a93
Object Server: DS
Object Type: dnsNode
Object Name: DC=AWIN7PC\0ADEL:acb4b3a9-86db-46e0-9947-a685df55d575,CN=Deleted Objects,DC=mydomain,DC=com
Operation Type: Object Access
Accesses: Write Property / Access Mask: 0x20
Properties: Write Property {771727b1-31b8-4cdf-ae62-4fe39fadf89e}{e0fa1e69-9b45-11d0-afdd-00c04fd930c9}
{d5eb2eb7-be4e-463b-a214-634a44d7392e}{e0fa1e8c-9b45-11d0-afdd-00c04fd930c9}`
If the dns is lost that's the only event I got. When it's deleted and re-created i got two more events a couple of seconds later :
DELETE by SYSTEM account on dns server
Security ID: System
Account Name: MYDC$
Account Domain: MYDOMAIN
Logon ID: 0xc7d4360d
Object Server: DS
Object Type: dnsNode
Object Name: DC=AWIN7PC\0ADEL:acb4b3a9-86db-46e0-9947-a685df55d575,CN=Deleted Objects,DC=mydomain,DC=com
Operation Type: Object Access
Accesses: DELETE / Access Mask: 0x20
Properties: DELETE {e0fa1e8c-9b45-11d0-afdd-00c04fd930c9}`
CREATE CHILD by Client computer account
Security ID: MYDOMAIN\AWIN7PC
Account Name: AWIN7PC$ /Account Domain: MYDOMAIN
Logon ID: 0xee201f0b
Object Server: DS / Object Type: dnsNode
Object Name: DC=mydomain.com,CN=MicrosoftDNS,CN=System,DC=mydomain,DC=com
It happens whether or not the timestamp of the dynamic record past the No-refresh interval configured on the dns server. I really don't know what's going on here, any hints on how to fix this ?
Best Answer
I suspect this is part of the granularity MS introduced in power saving the network adapter for win 7 vs win XP. ( http://support.microsoft.com/kb/2740020 ). The idea was to reduce "spurious wakes" on by having the network adapter turn off during sleep. You can maintain the sleep function but keep the network adapter from going to sleep ( http://technet.microsoft.com/en-us/library/ee617165%28v=ws.10%29.aspx ). I have not played around with this enough in a production environment to contrast whether fast logon being enabled or not makes enough of a difference in this situation though I would imagine it would exacerbate the issue. ( http://support.microsoft.com/kb/305293 ). Recommend keeping network adapter from sleeping while letting computer sleep and test from there. HTH