Enabling DNS scavenging on several hundred servers

Similar Messages

• Enabling DNS on production UCCX servers

  Hi all,
  We have a client that has a UCCX install that was not configured to use DNS and we'd like to rectify that. Is there a documented procedure for enabling DNS after a server has been in production for a while? I see commands for setting a primary and secondary address in the CLI, but will this actually enable DNS as well? I imagine the license MAC will also change, so I'll need to get Cisco licensing involved.
  Any advice would be very much appreciated
  Thanks in advance,
  Jason

  Hi Jason,
  DNS is mandatory for UCCX 8.x installation .How u  have installed it earlier?
  The license MAC would change.It depends on parmeters .
  Modifying any of these parameters can change License MAC thereby invalidating current License files.
  Here are the parameters on which the validity of a License MAC depends:
  • Time zone
  • NTP server 1 (or ‘none’)
  • NIC speed (or ‘auto’)
  • Hostname
  • IP Address
  • IP Mask
  • Gateway Address
  Primary DNS
  • SMTP server
  • Certificate Information (Organization, Unit, Location, State, Country)
  You can refer the URL
  http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/crs/express_8_5/installation/guide/uccx851ig.pdf
  regds,
  aman

• Are my DNS scavenging settings correct? Server 2008 r2

  hi
  i cant seem to get my DNS scavenging to work correctly.
  i have inherited the network from another network admin who has left.
  Scavenging is enabled on the server 
  when i went into the
  dnscmd /zoneinfo domain.com
  , it never returned a DNS scavenging server, think this was because a domain controller was removed serveral years ago and that was set as the scavenger perhaps? not sure. 
  so i ran the command
  dnscmd /ZoneResetScavengeServers domain.com 192.168.1.194
  This added a new scavenging server but still cant get scavanging to work these are my settings do they look correct?
  i noticed directory partition is set to AD-legacy is this correct some of the screenshots i have seen online show this as AD-Domain not AD-legacy can anyone compare with there settings that function and let me know?
  Any suggestions would be highly appreciated. 
  Thank you
  Gordon

  AD-Legacy means they aren't in an application partition, which didn't come until after 2003, so I'm guessing this domain was built originally as Windows 2000 and then been upgraded.  Nothing to worry about.
  I have never done this but you can change this via dnscmd and the switch zonechangedirectorypartition
  As far as scavenging, it takes 14 days for this to kick in.  How long have you waited since you reconfigured the settings?
  Paul Bergson
  MVP - Directory Services
  MCITP: Enterprise Administrator
  MCTS, MCT, MCSE, MCSA, Security, BS CSci
  2012, 2008, Vista, 2003, 2000 (Early Achiever), NT4
  Twitter @pbbergs http://blogs.dirteam.com/blogs/paulbergson
  Please no e-mails, any questions should be posted in the NewsGroup.
  This posting is provided AS IS with no warranties, and confers no rights.

• DNS Scavenging - Which Record are scavenged?

  I am about to enable scavenging in a domain that has never had scavenging enabled properly.  There are hundreds of records with old time stamps.  We have done our due diligence in researching records to disable deleting the old record if it has
  an old time stamp.  Previous admin's would let a server grab a DHCP server and then static IP the DHCP address.
  I know that Event ID 2501 will give me a summary of how many records were scavenged.  I seem to remember that (its been a while since I have been in a mess like this), there is a way to get a list/log of the records that were scavenged.  I hope
  we have all the records set, but I the first scavenging period may be painful.
  Is there a way to get a list of each record that was scavenged?

  You might want to setup DHCP credentials and add the DHCP server to the DnsUpdateProxy group. This way it will update the IP of the host instead of creating another one.
  And you really don't want to go below 24 hours with a lease, because technically scavenging is in multiple of days. And you must set the scavenging NOREFRESH and REFRESH values
  combined to be equal or greater than the DHCP Lease length.
  DHCP DNS Update summary:
  - Configure DHCP Credentials.
    The credentials only need to be a plain-Jane, non-administrator, user account.
    But give it a really strong password.
  - Set DHCP to update everything, whether the clients can or cannot.
  - Set the zone for Secure & Unsecure Updates. Do not leave it Unsecure Only.
  - Add the DHCP server(s) computer account to the Active Directory,  Built-In DnsUpdateProxy security group.
    Make sure ALL other non-DHCP servers are NOT in the DnsUpdateProxy group.
    For example, some folks believe that the DNS servers or other DCs not be
    running DHCP should be in it.
    They must be removed or it won't work.
    Make sure that NO user accounts are in that group, either.
    (I hope that's crystal clear - you would be surprised how many
    will respond asking if the DHCP credentials should be in this group.)
  - On Windows 2008 R2 or newer, DISABLE Name Protection.
  - If DHCP is co-located on a Windows 2008 R2, Windows 2012, Windows 2012 R2,
   or NEWER DC, you can and must secure the DnsUpdateProxy group by running
   the following command:
    dnscmd /config /OpenAclOnProxyUpdates 0
  - Configure Scavenging on ONLY one DNS server. What it scavenges will replicate to others anyway.
  - Set the scavenging NOREFRESH and REFRESH values combined to be equal or greater than the DHCP Lease length.
  More info:
  This blog covers the following:
  DHCP Service Configuration, Dynamic DNS Updates, Scavenging, Static Entries, Timestamps, DnsUpdateProxy Group, DHCP Credentials, prevent duplicate DNS records, DHCP has a "pen" icon, and more...
  Published by Ace Fekay, MCT, MVP DS on Aug 20, 2009 at 10:36 AM  3758  2 
  http://blogs.msmvps.com/acefekay/2009/08/20/dhcp-dynamic-dns-updates-scavenging-static-entries-amp-timestamps-and-the-dnsproxyupdate-group/
  I also recommend reviewing the discussion in the link below:
  Technet thread: "DNS Scavenging "
  https://social.technet.microsoft.com/Forums/windowsserver/en-US/334973fd-52b4-49fc-b1d8-9403a9481392/dns-scavenging
  Some other things to keep in mind with registration and ownership to help eliminate duplicate DNS host records registered by DHCP:
  =====================================================
  1. By default, Windows 2000 and newer statically configured machines will
  register their own A record (hostname) and PTR (reverse entry) into DNS.
  2. If set to DHCP, a Windows 2000, 2003 or XP machine, will request DHCP to allow
  the machine itself to register its own A (forward entry) record, but DHCP will register its PTR
  (reverse entry) record.
  3. If Windows 2008/Vista, or newer, the DHCP server always registers and updates client information in DNS.
     Note: "This is a modified configuration supported for DHCP servers
           running Windows Server 2008 and DHCP clients. In this mode,
           the DHCP server always performs updates of the client's FQDN,
           leased IP address information, and both its host (A) and
           pointer (PTR) resource records, regardless of whether the
           client has requested to perform its own updates."
           Quoted from, and more info on this, see:
  http://technet.microsoft.com/en-us/library/dd145315(v=WS.10).aspx
  4. The entity that registers the record in DNS, owns the record.
     Note "With secure dynamic update, only the computers and users you specify
          in an ACL can create or modify dnsNode objects within the zone.
          By default, the ACL gives Create permission to all members of the
          Authenticated User group, the group of all authenticated computers
          and users in an Active Directory forest. This means that any
          authenticated user or computer can create a new object in the zone.
          Also by default, the creator owns the new object and is given full control of it."
          Quoted from, and more info on this:
  http://technet.microsoft.com/en-us/library/cc961412.aspx
  =====================================================
  Ace Fekay
  MVP, MCT, MCSE 2012, MCITP EA & MCTS Windows 2008/R2, Exchange 2013, 2010 EA & 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
  Microsoft Certified Trainer
  Microsoft MVP - Directory Services
  Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
  This posting is provided AS-IS with no warranties or guarantees and confers no rights.

• DNS Scavenging

  Guys,
  whats the difference between the "set Scavenging for All Zones" and the enable auto scavenging of stale records in the advanced settings of dns?

  Correct - it will not. If you are looking for clarification regarding this and the best practice recommendations, read through the article I referenced above -
  http://blogs.technet.com/b/networking/archive/2008/03/19/don-t-be-afraid-of-dns-scavenging-just-be-patient.aspx
  In particular:
  Scavenging is set in three places on a Windows Server:
  On the individual resource record to be scavenged.
  On a zone to be scavenged.
  At one or more servers performing scavenging.
  It must be set in all three places or nothing happens.
  and
  My best practices
  Here is how I set scavenging up on a preexisting zone.  This procedure is designed for maximum safety.  Using default settings this process can take as long as 4-5 weeks (2 weeks Sanity phase, 2-3 weeks for Enable phase)
  Setup phase
  Turn off scavenging on all servers.  To confirm scavenging won't inadvertently run use the DNSCmd /ZoneResetScavengeServers to confine scavenging to a single server then ensure this server has scavenging disabled.
  Turn on scavenging on the zones you wish to scavenge.  Set the refresh and No-refresh intervals as desired.  If you want things to scavenge more aggressively I would recommend lowering the No-refresh interval at the cost of some replication traffic. 
  Leave the refresh at the default.
  Add today's date plus the Refresh and No-Refresh intervals.  Come back in a few weeks when this time has elapsed.  Seriously you can't rush this.
  Sanity check phase
  Sift through your DNS records looking for any records older than the Refresh + No-Refresh interval.  If you see any then something has gone wrong with the dynamic registration process and it must be corrected before proceeding. 
  A thorough check at this point is the most important step in setup
  Things to check if you find old records:
  Does an IPConfig /registerdns work?
  Who is the owner of the record (see security tab in the record properties)?
  Was the record statically created by an admin then later enabled for scavenging?  If so you may need to delete the record to clear ownership and run an IPConfig /registerdns to get it updated.
  Is the server replicating OK with AD?
  Do not proceed unless you can explain any outdated records.  In the next phase they will be deleted.
  Enable phase
  The final step is to actually enable scavenging.  Enable scavenging on the single server you used the /ZoneResetScavengServers command on.
  Once enabled create a new test record and enable it for scavenging.  Then map out the point in time when this record will disappear.  Here is how:
  Start with the timestamp on the record
  Add the refresh interval
  Add the no refresh interval
  The result will be your "eligible to scavenge" time.  The record will not disappear at this time though.  It's just eligible.
  Check your DNS event logs for 2501 and 2502 events to find what hour the DNS server is doing a scavenging run.
  Take your "eligible to scavenge" time, find the most recent 2501/2502 event and add the server's Scavenging Period (from server properties | advanced tab) to it.  This is the point in time when the test record you just created will disappear.
  hth
  Marcin

• CUPS enable DNS and domain

  Hello All,
  I'm planning to enable the DNS for an installed UC environment in ver. 9.1.
  I'll configure the dns server and the domain name for the IM&P as well as for the CUCM.
  I already populated my DNS server with A/PTR for the servers.
  What is the best way enabling DNS? I know the constraint with ITL for CUCM cluster but for presence cluster?
  thanks
  lorenz

  Please refer to this documentation.
  http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/im_presence/ip_address_hostname/9_0_1/sip_domain.html
  http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/im_presence/deployment/9_0_1/CUP0_BK_D41159BD_00_deployment-guide-for-cup_chapter_0101.html#CUP0_TK_C61F6E2D_00
  You will need tp restart Tomcat service because tomcat certificates will be regenerated when you change the domain name. You will also need to set the sip domain on the server(s)
  Please rate all useful posts
  "opportunity is a haughty goddess who waste no time with those who are unprepared"

• Domain requirements for DNS scavenging

  Hello, what is minimum domain functional level and forest level to enable automatic dns scavenging and aging ? Ours is Windows 2003 currently.  Do we have to be on windows 2008 domain level to enable it ?
   I am not getting any straight answer to my question online so i am checking on forums here.

  Looks like it should
  check out this link
  Aging and scavenging in 2003
  [BTW always good to upgrade to newer versions]

• CISCO ASA Enable DNS Lookup Problem

  I have Cisco ASA 5510 , from ASA CLI i can not resolved the hostname. ( cisco.com or google.com)
  At many form say do this.
  1. Whilst in enable mode > enter configure terminal mode, then enable DNS Lookups.
  CiscoASA#conf t
  CiscoASA(config)# dns domain-lookup Outside
  2. Then specify the external DNS Servers (Change IP addresses appropriately).
  CiscoASA(config)# dns server-group DefaultDNS
  CiscoASA(config-dns-server-group)# name-server 122.122.122.199
  CiscoASA(config-dns-server-group)# name-server 122.122.122.198
  CiscoASA(config-dns-server-group)# exit
  3. Test it by pinging a name/URL.
  CiscoASA(config)# ping www.20best.blogspot.com
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 123.123.123.123, timeout is 2 seconds:
  But there is no command ( dns server-group ) in my ASA
  Please tell me how to do this or any way
  My ASA is showing only
  ail-ASA# sh runn
  : Saved
  ASA Version 7.0(8)
  hostname Mail-ASA
  domain-name rawabiholding.com
  enable password QuzxIf5jNzzT5kki encrypted
  passwd 2KFQnbNIdI.2KYOU encrypted
  names
  name 172.16.0.94 Test-web-mail
  name 172.16.5.63 Mail-server
  name 172.16.0.40 Web-Mail
  name 172.16.0.24 MX-A
  name 172.16.0.93 Test-Mail-MX
  name 172.16.1.55 DNS-1
  name 172.16.1.17 Web-Server
  name 172.16.0.41 Helpdesk.rawabiholding.com
  name 172.16.0.98 Test-Server
  no dns-guard
  interface Ethernet0/0
  nameif outside
  security-level 10
  ip address 82.118.161.34 255.255.255.224
  interface Ethernet0/1
  nameif LAN
  security-level 100
  ip address 172.16.1.65 255.255.252.0
  interface Ethernet0/2
  nameif inside-Mail
  security-level 100
  ip address 172.16.5.37 255.255.255.0
  interface Management0/0
  nameif management
  security-level 100
  ip address 192.168.100.1 255.255.255.0
  management-only
  banner exec ************* If you are not Rawabi IT Member Please logout ********
  banner login *****************   Do not open or login , if you are not allowed *
  ftp mode passive
  dns domain-lookup outside
  dns name-server 212.102.0.82
  dns name-server 212.102.0.11
  access-list outside_access_in extended permit tcp any host 82.118.161.35 eq pop3
  access-list outside_access_in extended permit tcp any host 82.118.161.35 eq smt.

  http://20best.blogspot.com
  Dear Jennifer,
  From Router-ISP, I check it is resolving the name to IP
  but from ASA 5510 not, it giving error
  Jennifer Halim wrote:Doesn't look like the DNS servers that you configured is resolving any DNS requests.I have just tried both DNS server, and it is refusing the DNS:> www.google.comServer:  ns3.shabakah.net.saAddress:  212.102.0.82*** ns3.shabakah.net.sa can't find www.google.com: Query refused> www.google.comServer:  [212.102.0.11]Address:  212.102.0.11*** [212.102.0.11] can't find www.google.com: Query refused
  http://20best.blogspot.com/2011/06/visit-to-grand-canyon-in-10-days.html

• Setting up the Apache HTTP Plugin for several BEA Servers

  Hey together,
  i would like to setup the apache http plugin for several bea-servers.
  I am running apache 1.x on my hp-ux system. There are 2 bea-server-domains on this box and both should be proxied by the plugin simultaneously.
  As far as i know it isn't possible to run 2 or more instances of the apache webserver. I heard of virtualhosts, maybe i should try this one out.
  Somebody knows how to deal with this problem or does any1 know if virtualhosts could cope with my needs?
  Thanks in advance

  Ok here i am again and i'm stuck. Here my wishes again:
  there are 2 weblogic-instances (domains) running on a machine xxx, instance A listening on port 8041, instance B listening on port 8051. I want to configure apache virtualhosts in combination with weblogic plugins, so that request with /ld will be sent to instance A while requests with /ldd will be sent to instance B. Both are no clusters. Therefore i tried it with the following configuration (httpd.conf):
  <VirtualHost xxx:8080>
       DocumentRoot "/opt/hpws/apache/htdocs"
       ServerName xxx:8080
       <IfModule mod_weblogic.c>
       WebLogicHost xxx
       WebLogicPort 8041
       #MatchExpression *
       #PathPrepend=/test2
       </IfModule>
       <Location /ld>
       SetHandler weblogic-handler
       PathTrim /ld
       </Location>
  </VirtualHost>
  # VirtualHost2 = xxx:8090
  <VirtualHost xxx:8090>
       DocumentRoot "/opt/hpws/apache/htdocs"
       ServerName xxx:8090
       <IfModule mod_weblogic.c>
       WebLogicHost xxx
       WebLogicPort 8051
       #MatchExpression *
       #PathPrepend=/test2
       </IfModule>
       <Location /ldd>
       SetHandler weblogic-handler
       PathTrim /ldd
       </Location>
  Doesnt really work. Can some1 help please?
  Thanks

• HT3819 Bought new iMac & moved (or thought so) music from old PC to new Mac. Now several hundred songs are orphaned on old PC; , I can "see" them with both machines turned on & iTunes open. "Missing" songs show in iMac Shared folder. How do I move & retir

  Bought new iMac & moved (or thought I had) all of my music from the old PC to the new iMac. Have discovered several hundred songs are orphaned on old PC; I can "see" them with both machines turned on & iTunes open. "Missing" songs show in iMac itunes Shared folder. How do I move them all so I can then & retire the old PC?

  From things you are saying, such as "shared folder" and having both machines on, it doesn't sound to me like you truly moved the whole iTunes collection. 
  iTunes: How to move [or copy] your music to a new computer [or another drive] - http://support.apple.com/kb/HT4527
  do not confuse moving your whole folder and library with moving just media files as in
  iTunes for Mac: Moving your iTunes Media folder - http://support.apple.com/kb/HT1449
  Quick answer if you let iTunes manage your music:  Copy the entire iTunes folder (and in doing so all its subfolders and files) intact to the other drive.  Start iTunes with the option key held down and guide it to the new location of the library.
  Macworld - How to transfer iTunes libraries between PC and Mac - http://www.macworld.com/article/46248/2005/08/shiftitunes.html

• Returned from trip and downloaded several hundred photos. I photo will not allow identifying faces on most pictures. why and is there a fix

  Returned from trip and imported several hundred photos to Iphoto from a Nikon 3200.  I photo will not allow me to catalog Faces on most pictures. Some randomly will accept Faces.  Key words and Descriptions work.
  Why and how do I fix this?

  As a test launch iPhoto with the Option key held down and create a new, test library.  Import a few photos from your camera and test to see if the same problem persists. Does it?
  OT

• Creating several hundred playlists

  Latest iTunes: I have a friend who has a need to create several hundred playlists for his music biz and jump around at will.
  That's a ton of scrolling and I don't see a way to create Sub Folders to put playlists in.
  Is there any good way to manage this many playlists?

  I don't see a way to create Sub Folders to put playlists in.
  iTunes menu File -> New playlist folder.

• Current user location return from GetGeopositionAsync always several hundred meters away fromm actual location

  When I tested my app which uses Geolocator.GetGeopositionAsync to get the current user's location, the returned coordinate is always several hundred meters away from the actual location, even if the returned PositionSource is from GPS with accuracy of several
  meters.
  I was using Lumia 930 as a testing tool.
  The following is my code:
  //get current location
  var geo = new Geolocator { DesiredAccuracy = PositionAccuracy.High, DesiredAccuracyInMeters = 10};
  var currentLocation = await geo.GetGeopositionAsync();
  //mark location on the map.
  var point=currentLocation .Coordinate.Point;
  MapIcon MapIcon1 = new MapIcon();
  MapIcon1.Location = point;
  MapIcon1.NormalizedAnchorPoint = new Point(0.5, 1.0);
  MapIcon1.Title = "I'm here";
  MapControl1.MapElements.Add(MapIcon1);
  await MapControl1.TrySetViewAsync(point, 18D, 0, 0, MapAnimationKind.Bow);
  Any idea why is this?

  From an API perspective, there's not much we can do about it.  Do you know if the problem reproduces on other phones, other Lumia 930s?  Maybe there's a problem with your specific phone?
  Matt Small - Microsoft Escalation Engineer - Forum Moderator
  If my reply answers your question, please mark this post as answered.
  NOTE: If I ask for code, please provide something that I can drop directly into a project and run (including XAML), or an actual application project. I'm trying to help a lot of people, so I don't have time to figure out weird snippets with undefined
  objects and unknown namespaces.

• Help with Will Print - Current Date to apply to several hundred files

  Hello,
  So I've spent all morning trying to find a solution for my problem, but I know nothing about Javascript, and the more detailed answers I've found are that give step-by-step tips are for older versions of Adobe (I have Adobe Acrobat X Pro).
  My Situation: I have several hundred SOP PDFs that I wanted to add "Printed On: current date" and "Notice: Printed copies of SOPs are only valid for 30 days past "Printed On" date. Printed SOPs must be disposed of by confidential shredding." in the footer. These PDFs are then linked to our intranet where all employees open them to print.
  What I Did: I went to Tools>Pages>Add Header & Footer entered all the information, entered the "Insert Date" then clicked "Apply to multiple files" and thought that I had done everything. However, the date is not changing...it is staying on the date that I did the whole batch of files with the "apply to multiple files"
  What I have found is that evidently i need to do batch processing, with the will print java script to put the following code in (but i'm not sure if this code will put it in the footer?):
  var f = this.getField("Today");
  f.value = util.printd('dddd mmmm dd yyyy h:MM tt   ', new Date())
  but i have no idea where to get to batch processing, will print, etc.
  I can redo the apply to multiple files so that only the "notice" part will be on the right part of the footer, but can some nice forum person give step-by-step for dummies instructions on how to fix this so the date is current on the left part of the footer whenever someone opens the file?
  Thanks!
  Heather

  Right, so I did find the Actions section under tools....So I did Create New Action>More Tools>Execute Javascript
  Then I clicked on the little "Options" box, and all that pops up is an empty javascript window with "/* Put script title here */" Is that were I paste the code I had? Do I leave the /* or erase everything and put the code? Also, i don't see anything about adding a field....
  ...sorry to be dense about this, but this is way beyond anything i've attempted in acrobat. I do appreciate your help though.
  Also, what options will i want selected on the "start with" and "Save to" options...i don't want the end users to have to mess with any prompts or anything, will Start With > a file open in acrobat run the script as soon as that file is opened via the intranet? Also, i'm assuming i then want "don't save changes" so the date will always change? Thanks.

• Configure E-Mail Notification with several smtp servers

  Hi all,
      We want to configure "reset password" and we must configure E-Mail notification.As http://help.sap.com/saphelp_nw2004s/helpdata/en/44/bf8f2069665991e10000000a422035/content.htm shown,we can "Separate multiple SMTP server entries with a semicolon (;)" So we can add several smtp servers,right?
  But I add some,only the company SMTP servers can be used,others cannot receive notification emails. What else should i configure?Can portal send emails to multiple domains ?
  Best regards,
  delma

  How can I configure my SMTP server for allow the SAP system to send mail through it.?
  I don´t know - I don´t know which mail server you use (software).
  Markus