Troubleshoot an issue with DNSSEC not signing main domain zone, The Signing operation failed. Reason: 87 - The Parameter is incorrect.

Dominic Rozzo 0 Reputation points
2023-03-28T18:44:33.65+00:00

Hello,

I am having an issue signing my primary domain zone in DNS to enable DNSSEC. All other zones signed without any issues, but this zone (the most important one) is failing to sign every time.

The error I receive is:

The Signing operation failed. Reason: 87 - The Parameter is incorrect.

This is very vague, and i cannot find anything via searches to get a hint of where to go. sfc /scannow was ran, and so was DISM /online /cleanup-image \restorehealth. Three other zones signed with the same parameters (default) with no issues.

any direction?

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,691 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Limitless Technology 44,206 Reputation points
    2023-03-29T10:56:02.6833333+00:00

    QHello there,

    This issue occurs because the DNS server cannot resolve the Canonical Name (CNAME) records in signed zones

    Performing a clean boot will start Windows with the minimal set of drivers and startup programs. This procedure will help us figure out if the issue is caused by some sort of software conflict .

    You can use tools like procmom to dig more.

    Process Monitor is an advanced monitoring tool for Windows that shows real-time file

    system, Registry and process/thread activity. You can get the tool from here

    https://docs.microsoft.com/enus/sysinternals/downloads/procmon

    System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log

    system activity to the Windows event log.You can get the tool from here

    https://docs.microsoft.com/enus/sysinternals/downloads/sysmon

    Hope this resolves your Query !!

    --If the reply is helpful, please Upvote and Accept it as an answer--


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.