[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Cannot delete reverse lookup zone on SBS 2003

Posted on 2006-04-20
16
Medium Priority
?
1,285 Views
Last Modified: 2011-01-08
I am troubleshooting a SBS 2003 server someone had set up. Whoever set it up did not choose a typical Subnet (255.255.255.224) and I suspect that may have caused it. The zone is 101.168.192.in-addr.arpa, active directory integrated, and shows as expired with a red x. When I attenpt to change or delete this zone I get this error:

"The Zone cannot be deleted. The Active Directory service is not available"

The dns event log is full of 4004 and 4015 errors:

The DNS server was unable to complete directory service enumeration of zone 101.168.192.in-addr.arpa.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "000020EF: SvcErr: DSID-020D0731, problem 5012 (DIR_ERROR), data 0". The event data contains the error.


The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "000020EF: SvcErr: DSID-020D0731, problem 5012 (DIR_ERROR), data 0". The event data contains the error.


I have tried to uninstall dns and delete the zone from active directory users and computers, But I get an error there too. I have tried everything. The server is the only domain controller so it is running all the fsmo roles and seems to be operating normally other than this.
0
Comment
Question by:hindsight
  • 5
  • 4
  • 2
  • +2
14 Comments
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 16503718
That subnet should pose no problems..  it is a variable length subnet mask, allowing for 30 IP Addresses in each network..

First, I would read through this page:

http://www.experts-exchange.com/Operating_Systems/Win2000/Q_20900153.html

And, run Netdiag, dnslint, and dcdiag on this server to identify other errors that are occuring here..  (BTW:  these have the ability to fix small errors, using the /fix switch..)

FE
0
 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16518216
For AD, the reverse address given above is likely the most common; a full class C subnet based on 255.255.255.0

What is the local subnet on the server? 192.168.0.0?
0
 
LVL 1

Author Comment

by:hindsight
ID: 16522050
Ip of the server is 192.168.101.6 255.255.255.224

Reverse lookup with the issue is: 101.168.192.in-addr.arpa

Ran dcdiag and all tests passed

Ran netdiag and the only warning I got was:

NetBT name test. . . . . . . . . . : Passed
    [WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.

This is the dnslint report:

dnslint /ad 192.168.101.6 /s 192.168.101.6

Root of Active Directory Forest:

    mydomain.local

Active Directory Forest Replication GUIDs Found:

DC: HQSERVER
GUID: 0c020ba0-8fac-4375-86a0-ef63f02a2b12


Total GUIDs found: 1

--------------------------------------------------------------------------------

The following 2 DNS servers were checked for records related to AD forest replication:

DNS server: User Specified DNS Server
IP Address: 192.168.101.6
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: Unknown

SOA record data from server:
Authoritative name server: hqserver.mydomain.local
Hostmaster: hostmaster
Zone serial number: 15
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds


Additional authoritative (NS) records from server:
hqserver.mydomain.local Unknown




Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: 0c020ba0-8fac-4375-86a0-ef63f02a2b12._msdcs.mydomain.local
Alias: hqserver.mydomain.local
Glue: 192.168.101.6


Total number of CNAME records found on this server: 1

Total number of CNAME records missing on this server: 0

Total number of glue (A) records this server could not find: 0



--------------------------------------------------------------------------------

DNS server: hqserver.mydomain.local
IP Address: 192.168.101.6
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES

SOA record data from server:
Authoritative name server: hqserver.mydomain.local
Hostmaster: hostmaster
Zone serial number: 15
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds


Additional authoritative (NS) records from server:
hqserver.mydomain.local Unknown




Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: 0c020ba0-8fac-4375-86a0-ef63f02a2b12._msdcs.mydomain.local
Alias: hqserver.mydomain.local
Glue: 192.168.101.6


Total number of CNAME records found on this server: 1

Total number of CNAME records missing on this server: 0

Total number of glue (A) records this server could not find: 0



--------------------------------------------------------------------------------

Notes:
One or more DNS servers may not be authoritative for the domain





0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 51

Expert Comment

by:Keith Alabaster
ID: 16522549
Got you. (Sorry, missed the 101 when I read your post, getting too old.

If we create the correct reverse zone first, this might assist.
You have used 255.255.255.224 as the mask so you have 32 addresses.
You have used 192.168.101.6 as the IP so you have 192.168.101.0 - 192.168.101.32 as your 'assigned'

The reverse zone created should be "0-32.101.168.192.in-addr.arpa"  (do not put the quotes in)
Will it allow you to create this? Versions of DNS running on W2K had problems creating these split zones but 2003 is fine with it.

My own DNS reverse zone is 192-255.x.y.z.in-addr.arpa for example (I have
0
 
LVL 1

Author Comment

by:hindsight
ID: 16529866
Yes. I can create this zone, thank you.

Still can't delete the other though. Is there a way to manually delete the expired zone?
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 16531150
Curious..  could this be a permission issue on the 'bad' reverse zone?  might want to ck the security tab to be sure..

Also, it may be possible to delete the record from the actual zone file in the %systemroot%\system32\dns directory...  just a thought..  if you do this, be careful..  and you will have to flush and re-register the zone data files..

FE
0
 
LVL 1

Author Comment

by:hindsight
ID: 16549766
Checked security. Made sure domain admins,enterprise admins,schema admins already have full control. Checked effective permissions and it looks fine. I can't find anything in the windows\system32\dns directory except for files with sample data. I even tried deleting through adsiedit.msc and get the same error
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 16566457
Well, you might want to try the dnscmd command to delete the zone..

http://technet2.microsoft.com/WindowsServer/en/Library/ed0e4eeb-34a5-420e-aa6a-961ae5fa0f291033.mspx
0
 
LVL 1

Author Comment

by:hindsight
ID: 16654347
I attempted to delete the zone that way and got this error:

DNS_ERROR_INVALID_ZONE_TYPE    9611
0
 
LVL 40

Accepted Solution

by:
Fatal_Exception earned 1000 total points
ID: 16654404
It may just come down to flattening out this server and starting over...  not something I would look forward to, since you are running only one DC here...
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 1000 total points
ID: 16672250
hindsight,

Good name for this particular issue!

Having been in a number of similar situations with bad SBS installs, I'd highly recommend that you flatten it out and start over.  The DNS configuration is just a sign that there may be many other things that were not done correctly.  Since SBS is a pre-configured all-in-one solution, there are many very experienced IT Pros who think they can do things manually, yet they don't realize that the interoperability of most server functions requires that the wizards be used and that the basic configuration not be modified.

Good overview is here:  http://sbsurl.com/itpro

Jeff
TechSoEasy

0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 16687136
Boy are you ever right about that TechSoEasy!  The first SBS server I installed was without the wizards..  I realized my mistake after reading some comments from you and found the error of my ways!

FE
0
 
LVL 74

Expert Comment

by:Jeffrey Kane - TechSoEasy
ID: 16687187
:-)

What most folks don't realize is that SBS is PRE-CONFIGURED.  This is a strange concept for those who have worked in the enterprise space for many years!  :-)

Jeff
TechSoEasy
0
 

Expert Comment

by:premiertechconsulting
ID: 34508027
I just ran into the same issue.  Rebuilding the server is not an option that I want to pursue.  Does anyone have any ideas?

TIA

Bill
0

Featured Post

Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
Enterprise networks where VoIP phones have been deployed frequently use port configurations that allow both a computer and an IP phone to be plugged into the same switch port but use different VLANs. On Cisco equipment I'm referring to the "native V…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question