Cannot delete reverse lookup zone on SBS 2003
I am troubleshooting a SBS 2003 server someone had set up. Whoever set it up did not choose a typical Subnet (255.255.255.224) and I suspect that may have caused it. The zone is 101.168.192.in-addr.arpa, active directory integrated, and shows as expired with a red x. When I attenpt to change or delete this zone I get this error:
"The Zone cannot be deleted. The Active Directory service is not available"
The dns event log is full of 4004 and 4015 errors:
The DNS server was unable to complete directory service enumeration of zone 101.168.192.in-addr.arpa. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "000020EF: SvcErr: DSID-020D0731, problem 5012 (DIR_ERROR), data 0". The event data contains the error.
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "000020EF: SvcErr: DSID-020D0731, problem 5012 (DIR_ERROR), data 0". The event data contains the error.
I have tried to uninstall dns and delete the zone from active directory users and computers, But I get an error there too. I have tried everything. The server is the only domain controller so it is running all the fsmo roles and seems to be operating normally other than this.
"The Zone cannot be deleted. The Active Directory service is not available"
The dns event log is full of 4004 and 4015 errors:
The DNS server was unable to complete directory service enumeration of zone 101.168.192.in-addr.arpa. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "000020EF: SvcErr: DSID-020D0731, problem 5012 (DIR_ERROR), data 0". The event data contains the error.
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "000020EF: SvcErr: DSID-020D0731, problem 5012 (DIR_ERROR), data 0". The event data contains the error.
I have tried to uninstall dns and delete the zone from active directory users and computers, But I get an error there too. I have tried everything. The server is the only domain controller so it is running all the fsmo roles and seems to be operating normally other than this.
For AD, the reverse address given above is likely the most common; a full class C subnet based on 255.255.255.0
What is the local subnet on the server? 192.168.0.0?
What is the local subnet on the server? 192.168.0.0?
ASKER
Ip of the server is 192.168.101.6 255.255.255.224
Reverse lookup with the issue is: 101.168.192.in-addr.arpa
Ran dcdiag and all tests passed
Ran netdiag and the only warning I got was:
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
This is the dnslint report:
dnslint /ad 192.168.101.6 /s 192.168.101.6
Root of Active Directory Forest:
mydomain.local
Active Directory Forest Replication GUIDs Found:
DC: HQSERVER
GUID: 0c020ba0-8fac-4375-86a0-ef
Total GUIDs found: 1
--------------------------
The following 2 DNS servers were checked for records related to AD forest replication:
DNS server: User Specified DNS Server
IP Address: 192.168.101.6
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: Unknown
SOA record data from server:
Authoritative name server: hqserver.mydomain.local
Hostmaster: hostmaster
Zone serial number: 15
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds
Additional authoritative (NS) records from server:
hqserver.mydomain.local Unknown
Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: 0c020ba0-8fac-4375-86a0-ef
Alias: hqserver.mydomain.local
Glue: 192.168.101.6
Total number of CNAME records found on this server: 1
Total number of CNAME records missing on this server: 0
Total number of glue (A) records this server could not find: 0
--------------------------
DNS server: hqserver.mydomain.local
IP Address: 192.168.101.6
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES
SOA record data from server:
Authoritative name server: hqserver.mydomain.local
Hostmaster: hostmaster
Zone serial number: 15
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds
Additional authoritative (NS) records from server:
hqserver.mydomain.local Unknown
Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: 0c020ba0-8fac-4375-86a0-ef
Alias: hqserver.mydomain.local
Glue: 192.168.101.6
Total number of CNAME records found on this server: 1
Total number of CNAME records missing on this server: 0
Total number of glue (A) records this server could not find: 0
--------------------------
Notes:
One or more DNS servers may not be authoritative for the domain
Reverse lookup with the issue is: 101.168.192.in-addr.arpa
Ran dcdiag and all tests passed
Ran netdiag and the only warning I got was:
NetBT name test. . . . . . . . . . : Passed
[WARNING] You don't have a single interface with the <00> 'WorkStation Servi
ce', <03> 'Messenger Service', <20> 'WINS' names defined.
This is the dnslint report:
dnslint /ad 192.168.101.6 /s 192.168.101.6
Root of Active Directory Forest:
mydomain.local
Active Directory Forest Replication GUIDs Found:
DC: HQSERVER
GUID: 0c020ba0-8fac-4375-86a0-ef
Total GUIDs found: 1
--------------------------
The following 2 DNS servers were checked for records related to AD forest replication:
DNS server: User Specified DNS Server
IP Address: 192.168.101.6
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: Unknown
SOA record data from server:
Authoritative name server: hqserver.mydomain.local
Hostmaster: hostmaster
Zone serial number: 15
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds
Additional authoritative (NS) records from server:
hqserver.mydomain.local Unknown
Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: 0c020ba0-8fac-4375-86a0-ef
Alias: hqserver.mydomain.local
Glue: 192.168.101.6
Total number of CNAME records found on this server: 1
Total number of CNAME records missing on this server: 0
Total number of glue (A) records this server could not find: 0
--------------------------
DNS server: hqserver.mydomain.local
IP Address: 192.168.101.6
UDP port 53 responding to queries: YES
TCP port 53 responding to queries: Not tested
Answering authoritatively for domain: YES
SOA record data from server:
Authoritative name server: hqserver.mydomain.local
Hostmaster: hostmaster
Zone serial number: 15
Zone expires in: 1.00 day(s)
Refresh period: 900 seconds
Retry delay: 600 seconds
Default (minimum) TTL: 3600 seconds
Additional authoritative (NS) records from server:
hqserver.mydomain.local Unknown
Alias (CNAME) and glue (A) records for forest GUIDs from server:
CNAME: 0c020ba0-8fac-4375-86a0-ef
Alias: hqserver.mydomain.local
Glue: 192.168.101.6
Total number of CNAME records found on this server: 1
Total number of CNAME records missing on this server: 0
Total number of glue (A) records this server could not find: 0
--------------------------
Notes:
One or more DNS servers may not be authoritative for the domain
Got you. (Sorry, missed the 101 when I read your post, getting too old.
If we create the correct reverse zone first, this might assist.
You have used 255.255.255.224 as the mask so you have 32 addresses.
You have used 192.168.101.6 as the IP so you have 192.168.101.0 - 192.168.101.32 as your 'assigned'
The reverse zone created should be "0-32.101.168.192.in-addr.
Will it allow you to create this? Versions of DNS running on W2K had problems creating these split zones but 2003 is fine with it.
My own DNS reverse zone is 192-255.x.y.z.in-addr.arpa
If we create the correct reverse zone first, this might assist.
You have used 255.255.255.224 as the mask so you have 32 addresses.
You have used 192.168.101.6 as the IP so you have 192.168.101.0 - 192.168.101.32 as your 'assigned'
The reverse zone created should be "0-32.101.168.192.in-addr.
Will it allow you to create this? Versions of DNS running on W2K had problems creating these split zones but 2003 is fine with it.
My own DNS reverse zone is 192-255.x.y.z.in-addr.arpa
ASKER
Yes. I can create this zone, thank you.
Still can't delete the other though. Is there a way to manually delete the expired zone?
Still can't delete the other though. Is there a way to manually delete the expired zone?
Curious.. could this be a permission issue on the 'bad' reverse zone? might want to ck the security tab to be sure..
Also, it may be possible to delete the record from the actual zone file in the %systemroot%\system32\dns directory... just a thought.. if you do this, be careful.. and you will have to flush and re-register the zone data files..
FE
Also, it may be possible to delete the record from the actual zone file in the %systemroot%\system32\dns directory... just a thought.. if you do this, be careful.. and you will have to flush and re-register the zone data files..
FE
ASKER
Checked security. Made sure domain admins,enterprise admins,schema admins already have full control. Checked effective permissions and it looks fine. I can't find anything in the windows\system32\dns directory except for files with sample data. I even tried deleting through adsiedit.msc and get the same error
Well, you might want to try the dnscmd command to delete the zone..
http://technet2.microsoft.com/WindowsServer/en/Library/ed0e4eeb-34a5-420e-aa6a-961ae5fa0f291033.mspx
http://technet2.microsoft.com/WindowsServer/en/Library/ed0e4eeb-34a5-420e-aa6a-961ae5fa0f291033.mspx
ASKER
I attempted to delete the zone that way and got this error:
DNS_ERROR_INVALID_ZONE_TYP
DNS_ERROR_INVALID_ZONE_TYP
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Boy are you ever right about that TechSoEasy! The first SBS server I installed was without the wizards.. I realized my mistake after reading some comments from you and found the error of my ways!
FE
FE
:-)
What most folks don't realize is that SBS is PRE-CONFIGURED. This is a strange concept for those who have worked in the enterprise space for many years! :-)
Jeff
TechSoEasy
What most folks don't realize is that SBS is PRE-CONFIGURED. This is a strange concept for those who have worked in the enterprise space for many years! :-)
Jeff
TechSoEasy
I just ran into the same issue. Rebuilding the server is not an option that I want to pursue. Does anyone have any ideas?
TIA
Bill
TIA
Bill
First, I would read through this page:
https://www.experts-exchange.com/questions/20900153/Event-ID-4000-causing-DNS-problems-and-Event-ID-1000-userenv-problems.html
And, run Netdiag, dnslint, and dcdiag on this server to identify other errors that are occuring here.. (BTW: these have the ability to fix small errors, using the /fix switch..)
FE