SolarWindw Orion Failover Engine - DNSUpdate Fails to Update DNS Servers Running on Windows Server 2008



This Knowledgebase article details a known issue in environments where the DNS servers are running on Windows Server 2008.

More Information


During a switchover, DNS servers are not updated and DNSUpdate shows " Exit code 10 " in the Orion Failover Engine Manager. If the debug option is enabled in the DNSUpdate command the Orion Failover Engine logs will show the following error message when DNSUpdate is run:

Command failed:  ERROR_ACCESS_DENIED    5 (00000005)


DNSUpdate uses the dnscmd.exe to automate the change of IP addresses in a WAN environment. On Windows 2008 DNS servers, a new security setting for RPCAuthLevel was introduced that may block communications with pre - Windows 2008 dnscmd.exe commands.


  1. Set the RPCAuthLevel to 0, 1 or 2 on at least one DNS server from the domain using the command

    dnscmd /config /rpcauthlevel 0

    Then run DNSUpdate only against that server using the –ns option on the DNSUpdate command (the rest of the DNS servers should be updated through AD replication) following the instructions in Knowledge Base article #1492 - How to Use the Orion Failover Engine Utility DNSUpdate.exe (DNS).

    Note: this workaround will apply on both Windows 2003 and Windows 2008 servers.
  2. On Windows 2008 server pairs, the DNS Server Tools sub-feature can be installed. This can be found under feature Remote Server Administration Tools, sub-feature Role Administration Tools.

    Afterwards, the new dnscmd.exe command can be used to update the DNS servers.

Applies To

All Versions

Related Information



0 out of 0 found this helpful



Please sign in to leave a comment.