Manage DNS server on Server 2019 from Server 2012

Greg Smid 1 Reputation point
2021-03-05T23:29:51.807+00:00

I have a non-AD Windows Server 2012 machine (192.168.200.10) that has the DNS Server role installed, and it is the primary server for a number of zones. Unfortunately, I'm stuck with this server being 2012 for now, we can't replace it or do an in-place OS upgrade.

I have a new Server 2019 machine (192.168.200.20) that holds the secondary copy of all of the DNS zones, but I need to be able to manage it from the 2012 machine. Specifically, I need to be able to add and remove secondary zones using dnscmd.exe from the 2012 server.

When I try and add or remove zones with all the security settings at default values, I get:

dnscmd.exe 192.168.200.20 /ZoneAdd test.com /Secondary 192.168.200.10

Command failed: ERROR_ACCESS_DENIED 5 0x5

I know that I can change the dnscmd 'rpcprotocol' and 'rpcauthlevel' values on the 2019 like this:

dnscmd /config /rpcprotocol 7
dnscmd /config /rpcauthlevel 0

And I've confirmed that if I do that, using dnscmd on the 2012 server to add/remove zones on the 2019 server does start working. However, I don't want to leave the rpcprotocol/rpcauthlevel values like this if possible, I'd rather be more secure and have them both set to '5' on the 2019 server. My understanding is that MS implemented these new security protocols back in Server 2008 R2, so I'm not sure why this is even happening when I connect from my 2012 server to my 2019 server.... shouldn't they both already be using the more secure method?

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,034 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Candy Luo 12,686 Reputation points Microsoft Vendor
    2021-03-08T09:17:19.347+00:00

    Hi ,

    Thanks for your posting here.

    My understanding is that MS implemented these new security protocols back in Server 2008 R2, so I'm not sure why this is even happening when I connect from my 2012 server to my 2019 server.... shouldn't they both already be using the more secure method?

    I agree with you. Since I did not find any Microsoft Official documents talking about this symptom, it is hard for us to find the root cause from forum support level. We need to trace network traffic and monitor log to find the cause. However, analysis of log is beyond our forum support level and due to forum security policy, we have no such channel to collect user log information. So we recommend you open a case with MS Professional tech support service, they will help you open a phone or email case to Microsoft, so that you would get a technical support on a one-to-one basis while ensuring private information.

    Here is the link:

    https://support.microsoft.com/en-us/gp/customer-service-phone-numbers

    Best Regards,

    Candy

    --------------------------------------------------------------

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments