DNSAPI 11163 errors

In event logs for some of your desktops you might see this message:

The system failed to register host (A) resource records (RRs) for network adapter
with settings: [Followed by network adapter information]

The reason the system could not register these RRs was because the DNS server failed the update request…

What you can expect to see happening from the user’s point of view varies. In this case, there appeared to be a normal user logon process taking place. However I found that I could not log remotely into this particular computer, the most likely cause for this being that the system’s local IP address was different from the one that the DNS server listed in its forward lookup zone for the LAN domain. When I replaced the name of the computer with the IP address shown in the event log entry, remote login was able to take place normally.

There are a number of reasons why this error can occur. In this case, I checked out the configuration of the DNS servers, and found that one of them did not have a reverse lookup zone covering the entire subnet. Our original network had a 24 bit subnet mask. To make DHCP redundant I chose to expand the subnet to 512 addresses instead of 256 (with each DHCP server managing its own half of the address pool) and this meant a change to a 23 bit subnet mask. But in one of the DNS servers the reverse lookup zones only covered the original 256 address subnet. As soon as I added another reverse lookup zone for the other half of the subnet and restarted about 30 machines for testing, the A records for all those machines appeared in the new reverse lookup zone almost immediately.

The other DNS server already had this zone present so there was not a problem with it. The two DNS servers are Active Directory replicating, but I take it that zone changes on one are not automatically replicated to the other. Not that I have assumed that in the past; somehow the change in zone configuration was overlooked. The computers are no longer generating these DNSApi events in their event logs. Since we have had problems with some machines randomly losing network connections I am keen to run down all issues like these, to see if any of them are responsible for these types of problems that have been occurring.

Several other possible causes for this error include:

  1. Cloning machines (identical SIDs)
  2. Unknown or obsolete SID
  3. Local RTC too far out
  4. Single label domain name

Although many of our desktops were originally cloned with Ghost we ran Ghostwalker on them to give them each a new SID at the time. In addition the sample desktop in this case had recently been reimaged using RIPREP which gives it a unique SID.