Hello there, I am very frustrated and exhausted so please don't spit on me if I offer lack of information. But I give it a try: Last weekend we moved servers to a new created VLAN...including two DCs which run DHCP and DNS roles (OS 2019, AD scheme 2012 R2). So they are both in the same subnet. Replication status is ok. We got LAN clients in another subnet - getting new leases from DHCP with current DNS. Ok, access to intranet and internet. We got Wifi clients in another productive subnet, the access points (unifi) are in that subnet, too - getting new leases from DHCP with current DNS. it depends on the client: mobile phones (not part of the AD) getting access to intra- and internet. domain clients get nothing but a valid IP address. But no access at all. Not even IPs are pingable. RADIUS is included here! So reading the first two points you can easily spot on it - but log says "Ok, domain client. I let you pass." For non-domain clients it is user authenticated, for domain clients it is...well domain clients - so two different RADIUS policies. We got guest Wifi which works on the same APsm they get a DHCP address by the same servers, too. It works. The APs itselves are able to ping the internet. I could get rid of some errors but the one that still has my attention is when you connect to the "problem Wi-Fi":

In the end the problem was caused by a switch port. Traffic was only partly sent through. It is weird though that one of the Wi-Fi still worked permanently and the other permanently not. Thank you for your help. I still do not understand why the AccessPoints demand an address from the VLAN of our guest wi-fi. They got a permanent address in our productive vlan set as their management IP. But this is nothing about our change, it has been logged before. Well, something one might can ignore...

Source DNS Client Events, ID 8015 So of course I tried /registerdns but no luck. I had a problem with RDNS, seemed in the settings the new IP was not updated for both servers. Did that. No luck. I set up my DHCP to "always dynamically update DNS records". Discard A and PTR records.... is not checked. Disable dynamic updates for DNS PTR records is not checked. Name Protection is enabled but I tried it with disabled, too. I did setup Dynamic Update credentials in "advanced". I did activate that debug log but for my eyes this was no help. I can reactivate it and send information if needed. I get the error in event log of DHCP: The DNS registration for DHCPv4 Client IP address <IPofGuestWifi?!> , FQDN <anaccesspoint> and DHCID AAEBDYM07K5AQw0/6Mp/TJChTUSfKowjv4ZzOLcJi0BnW+I= has been denied as there is probably an existing client with same FQDN already registered with DNS. Source DHCP-server ID 1340 maybe an additional issues caus in my unifi controller not every AP is running. Still I am confused by this, too ->cause as I said the APs have a management IP of our "problem Wifi" and not as mentioned in that error one IP from our Guest-Wifi. But FQDN is correct. I've been searching a lot for the mentioned error IDs I am really desperate. Maybe I oversee an easy thing. last days were pretty hard so it is possible. Anyway thanks for any help. Best regards, Ben

Maybe something here helps. https://video2.skills-academy.com/en-us/windows-server/networking/technologies/nps/nps-manage-verify --please don't forget to Accept as answer if the reply is helpful--

I am not allowed to post the error message? Well at least here is the source and ID missing in the middle : Source DNS Client Events, ID 8015

Problems on client after moving DHCP/DNS to another subnet with new IP

Ben Se 11

Hello there,
I am very frustrated and exhausted so please don't spit on me if I offer lack of information. But I give it a try:
Last weekend we moved servers to a new created VLAN...including two DCs which run DHCP and DNS roles (OS 2019, AD scheme 2012 R2). So they are both in the same subnet. Replication status is ok.
We got LAN clients in another subnet - getting new leases from DHCP with current DNS. Ok, access to intranet and internet.

We got Wifi clients in another productive subnet, the access points (unifi) are in that subnet, too - getting new leases from DHCP with current DNS.

it depends on the client: mobile phones (not part of the AD) getting access to intra- and internet.
domain clients get nothing but a valid IP address. But no access at all. Not even IPs are pingable.
RADIUS is included here! So reading the first two points you can easily spot on it - but log says "Ok, domain client. I let you pass." For non-domain clients it is user authenticated, for domain clients it is...well domain clients - so two different RADIUS policies.

We got guest Wifi which works on the same APsm they get a DHCP address by the same servers, too. It works.
The APs itselves are able to ping the internet.

I could get rid of some errors but the one that still has my attention is when you connect to the "problem Wi-Fi":

10 answers

Ben Se 11 Reputation points

2020-11-27T09:12:51.763+00:00

In the end the problem was caused by a switch port. Traffic was only partly sent through. It is weird though that one of the Wi-Fi still worked permanently and the other permanently not. Thank you for your help.
I still do not understand why the AccessPoints demand an address from the VLAN of our guest wi-fi. They got a permanent address in our productive vlan set as their management IP. But this is nothing about our change, it has been logged before. Well, something one might can ignore...
Please sign in to rate this answer.

1 person found this answer helpful.
Sunny Qi 11,036 Reputation points Microsoft Vendor

2020-11-30T02:24:03.817+00:00

I am glad to hear that your issue was successfully resolved. If there is anything else we can do for you, please feel free to post in the forum.
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Ben Se 11 Reputation points

2020-11-24T15:55:46.633+00:00

Not able to post full text!
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Ben Se 11 Reputation points

2020-11-24T15:56:37.157+00:00

Source DNS Client Events, ID 8015

So of course I tried /registerdns but no luck. I had a problem with RDNS, seemed in the settings the new IP was not updated for both servers. Did that. No luck.

I set up my DHCP to "always dynamically update DNS records".
Discard A and PTR records.... is not checked.
Disable dynamic updates for DNS PTR records is not checked.
Name Protection is enabled but I tried it with disabled, too.
I did setup Dynamic Update credentials in "advanced".

I did activate that debug log but for my eyes this was no help. I can reactivate it and send information if needed.
I get the error in event log of DHCP:
The DNS registration for DHCPv4 Client IP address <IPofGuestWifi?!> , FQDN <anaccesspoint> and DHCID AAEBDYM07K5AQw0/6Mp/TJChTUSfKowjv4ZzOLcJi0BnW+I= has been denied as there is probably an existing client with same FQDN already registered with DNS. Source DHCP-server ID 1340

maybe an additional issues caus in my unifi controller not every AP is running. Still I am confused by this, too ->cause as I said the APs have a management IP of our "problem Wifi" and not as mentioned in that error one IP from our Guest-Wifi. But FQDN is correct.

I've been searching a lot for the mentioned error IDs

I am really desperate. Maybe I oversee an easy thing. last days were pretty hard so it is possible. Anyway thanks for any help.
Best regards,
Ben
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Anonymous

2020-11-24T15:57:16.627+00:00

Maybe something here helps.
https://video2.skills-academy.com/en-us/windows-server/networking/technologies/nps/nps-manage-verify

--please don't forget to Accept as answer if the reply is helpful--
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.
Ben Se 11 Reputation points

2020-11-24T15:57:40.85+00:00

I am not allowed to post the error message? Well at least here is the source and ID missing in the middle : Source DNS Client Events, ID 8015
Please sign in to rate this answer.

0 comments No comments
Sign in to comment

Use comments to ask for clarification, additional information, or improvements to the question.

Share via

Problems on client after moving DHCP/DNS to another subnet with new IP

10 answers

Your answer