Submit a ticketCall us

Have You Auto Renewed? If not, you're missing out.
The SolarWinds Renewal Program comes with a host of benefits including the most recent product updates, 24/7 technical support, virtual instructor-led training and more. Experience all of this with the convenience of Auto Renewal, and never worry about missing any of these great benefits. Learn More.

Home > Success Center > Orion Platform > Required DNS Permissions to set up a High Availability Pool and access Microsoft DNS

Required DNS Permissions to set up a High Availability Pool and access Microsoft DNS

Updated November 9, 2017

Overview

This article describes the required DNS Permissions and steps to set up a High Availability Pool and access Microsoft DNS.

Environment

  • High Availability 2

Detail

Prerequisites

DNS Server WMI Permissions: In order to update the virtual hostname record on Microsoft DNS servers, HA 2.0 needs to use a DNS Server Administrator account that is allowed to make changes on the DNS Server. With a standalone DNS server, this could be a Local Administrator configured for WMI access.

 

Administrators are by default configured to make DNS Server management tasks. Within the AD & DNS setup, this would be an account with full DACL with remote WMI management enabled.

Granting access to non-administrator account for HA 2.0 DNS Management

The following steps detail how to use a non-administrator account.

To configure DCOM Services

  1. Start dcomcnfg.
  2. Expand Component Services\Computers, right-click on My Computer, and select Properties.
  3. Click the COM Security tab.
  4. In the Access Permissions group, click Edit Default, add your account, and Enable Local Access and Remote Access Checkboxes.
  5. In the Access permissions, group click  Edit Limits, add your account, and enable Local and Remote Access.
  6. In the Launch and Activation permissions, click Edit Default, add your account, and Allow all checkboxes.
  7. In the Launch And Activation permissions, click Edit Limits, add your account, and Allow all checkboxes.

To configure access to the WMI root\MicrosoftDNS Branch

One option is to add the User to the DNSAdmin group. Another possibility is to configure permissions to manage DNS using WMI for the newly created user:

  1. Start MMC console and add WMI Control Snapin.
  2. Right-click snapin and click Properties.
  3. In the Security tab, select root\MicrosoftDNS branch, and then click the Security button.
  4. Add your account, and Allow:
    • Execute Methods
    • Provider Write
    • Enable Account
    • Remote Enable
  5. Verify the new user you created has DNSAdmin rights on DNS Security tab.
  6. Start dnsmgmt.msc.
  7. Right-click Server/Service and view Properties.
  8. Click the Security tab.
  9. Add your account and allow Read/Write and Create/Delete all child object permissions.

Setup Virtual Hostname in HA 2.0

  1. Choose the virtual hostname for the pool. the hostname cannot contain a dot character and internationalized names are not supported by HA 2.0. Ensure that the virtual hostname is not already used on your network and fill the Virtual Host Name input box.
  2. In the next step of the create pool wizard, enter the User Name and Password that will be used to authenticate WMI connections to Microsoft DNS server. User Name could be entered in User Principal Name (user@domain) or Down-Level Logon Name (domain\user) format.

 

To test the connection to a DNS Server with specific credentials, use the wbemtest tool and connect to a machine using a namespace like: \\remote_hostname\root\MicrosoftDNS

 

 

 

 

Last modified

Tags

Classifications

Public