Windows 2008 DNS error when trying to create a DNS A Record, "The host record cannot be created. Refused”

March 9, 2011


Recently I ran into an issue where after promoting 2 new Windows 2008 R2 Servers to Domain Controllers in a Windows 2003 Active Directory Forest that I was experiencing issues trying to create DNS A records on the 2nd Windows 2008 R2 DC Server I promoted.  I had no issues creating DNS A records on the 1st Windows 2008 R2 DC I deployed, it just seemed to be an issue with the 2nd one.  The error I was receiving was,

"The host record “DC FQDN” cannot be created. Refused

After some digging, I found the following fix:

  1. Open Group Policy Management
  2. Expand Domain Controllers under the Domain you are experiencing the issue with
  3. Select Default Domain Controller Policy
  4. Verify that Link Enabled is on and choose edit.
  5. Expand Computer configuration
  6. Expand Policies
  7. Expand Windows Settings
  8. Expand Security Settings
  9. Expand Local Policies
  10. Select User Rights Assignment
  11. Locate Manage auditing and security log and add the Administrators Group from your domain
  12. Run gpupdate to update the Group Policy on the Windows 2008 R2 DC
  13. Stop and Restart the DNS Service

**You should now be able to create the DNS A Record



  1. No idea how you figured that out but it was a stroke of genius! Many thanks this has been bugging me for ages!

  2. “Windows 2008 DNS error when trying to create a DNS A Record, “The host record cannot be created. Refused Hugh Griffins Blog” definitely makes me personally imagine a small bit further. I loved every single piece of this blog post. I appreciate it ,Hassan

  3. Thanks for the instructions. Worked great!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: