Active Directory Domain Services (AD DS) uses Domain Name System (DNS) name resolution services to make it possible for clients to locate domain controllers and for the domain controllers that host the directory service to communicate with each other. AD DS enables easy integration of the Active Directory namespace into an existing DNS namespace. Features such as Active Directory-integrated DNS zones make it easier for you to deploy DNS by eliminating the need to set up secondary zones, and then configure zone transfers.
Kindly refer to the following related guides: How to setup a cache-only DNS server, how to locate and edit the hosts file on Windows, how to install RSAT tools: DNS manager console missing from RSAT tools on Windows 10, how to setup SPF and TXT Records in AWS, how to add and verify a custom domain name to Azure Active Directory, Active Directory: How to Setup a Domain Controller, how to locate and edit the host file on macOS, and how to know when an IP or domain has been blacklisted.
When you first create a cluster, Hyper-V creates a Cluster network name resource for use in identifying your cluster via DNS. Also, a DNS record for the static IP address of the cluster is created in AD DNS. Here is a similar error that you might encounter: Failover Cluster Manager failed while managing one or more clusters, the error was unable to determine if the computer exists in the domain.
Problem – Invalid DNS Entry:
Physical nodes must update the cluster name resource added to DNS before setting up an active-passive cluster. When the active node owns the resources it want to update the A record in the DNS database and DNS record which was created won’t allow any authenticated user to update the DNS record with the same owner.
- Follow the solution recommended below and ensure the “Allow any authenticated user to update DNS records with the same owners name” is checked. Here is a similar error: Domain Name System: How to create a DNS record. To fix this issue, you will have to delete you the DNS record your precreated for the cluster node in order to associate the “Allow any authenticated user to update DNS records with the same owners name”. Below are the associated error for your information only.
Furthermore, Select the specic record and right click on it. Select Delete to delete the DNS record previously created.
However, Confirm by clicking Yes that you want to delete the record as shown below.
DNS Bad key 9017: Accessing DNS Snap-In in Server Manager
To add an A record, kindly launch the DNS snap-in as shown below. From the
Server Manager, click on Tools and then select Server Manager.
– Moreover, In the console tree, right-click the applicable forward lookup zone, and then click New Host (A or AAAA) as shown below. See this guide for the different types of DNS Records you can create. See this guide for more information: Domain Name System: How to create a DNS record
Nonetheless, Ensure the “Allow any authenticated user to update DNS records with the same owners name.” Additionally, ensure you check ‘Create Associated PTR Record’ if you have configured the Reverse Arpa zone for automatic PTR record addition.
– Click on Add Host when you are done.
Consequently, the record has been successfully created. Kindly refer to these troubleshooting guides for some insights: The following error occurred when DNS was queried for the service location (SRV): Error code 0x0000232B RCODE_NAME_ERROR, and the following errors occurred attempting to join the domain: The specified domain either does not exist or could not be contacted.
The figure below shows the events clearing and errors no longer persist.
Other Suggestions: To prevent “DNS Bad key 9017,” use internal DNS records only.
Remove the external DNS address. Check that your DNS Server does not have any public DNS servers specified; for example 188.8.131.52 or 184.108.40.206
Lastly, if all the above mentioned steps do not work for you, please take your Cluster resource offline, run a repair! - This will not affect your VMs.
I hope you found this blog post on DNS Bad key 9017 helpful. If you have any questions, please let me know in the comment session.