During a switchover, DNS servers are not updated and DNSUpdate shows "Exit code 10". If the debug option is enabled in the DNSUpdate, command logs shows the following error message when DNSUpdate is run:
Command failed: ERROR_ACCESS_DENIED 5 (00000005)
The DNSUpdate uses the dnscmd.exe to automate the change of IP addresses in a WAN environment. In Windows 2008 DNS servers, a new security setting for RPCAuthLevel is introduced that may block communications with pre-Windows 2008 dnscmd.exe commands.
Set the RPCAuthLevel to 0, 1 or 2 on at least one DNS server from the domain using the command:
dnscmd /config /rpcauthlevel 0
Then run DNSUpdate only against that server using the –ns option on the DNSUpdate command. The rest of the DNS servers should be updated through AD replication.