Standard DNS zones failing to transfer, Event id 6525.6527

We have two Win2k3 dns servers, not on the same network or same location.
Primary DNS has all of the zones created and functioning, running as Primary non-AD integrated zones. The Secondary DNS server is listed on all of the Name Server tabs for all of the zones, Zone Transfers are enabled for servers in the Name Servers, and dynamic updates are allowed.

Some zones are failing to transfer to the Secondary server. The two event id's we are seeing for this are
Event Id 6525:
A zone transfer request for the secondary zone was refused by the master DNS server at [ip]. Check the zone at the master server [ip] to verify that zone transfer is enabled to this server.  To do so, use the DNS console, and select master server [ip] as the applicable server, then in secondary zone Properties, view the settings on the Zone Transfers tab.  Based on the settings you choose, make any configuration adjustments there (or possibly in the Name Servers tab) so that a zone transfer can be made to this server.

And Event Id 6527:
Zone expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone.  The zone has been shut down.

Some zones are able to transfer from the Primary to the Secondary, but there are a handful that will not. Have tried to deleted/recreate the zones on the Secondary server, transfer/reload from the Master, with no success.
The registry keys for the xferthrottling do not exist on either server.
Again, zone transfers are allowed for these zones, with the Secondary being listed in the Name Servers tab.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Check this... for Event Id 6525:

For Event Id 6527........ From newsgroup posts:

- "It means that your server has not performed a zone transfer from whomever the master DNS server is for <zone name> in the allocatted time, so the zone file you have has expired and your DNS server will no longer answer queries for that zone. Investigate the DNS server holding the master zone"

- "Looks like a problem on the master. Are any of the other slaves (if any) having any problems with zone transfers of the zone? On your slave, try doing a non-recursive, TCP AXFR query for the domain from the master. The error you get back should help you troubleshoot the problem. If you're
not getting any kind of error back, then there is something wrong with your nameserver."

- "You should probably be looking for a problem like the secondary being unable to connect to the primary on TCP/IP port 53, or the primary being configured to deny zone transfer requests from the secondaries IP address. On the secondary server start by using ping to establish that it can reach
the primary at all.  Then, also on the secondary, use NSLOOKUP. Use the SERVER command to point it to the primary. Then try to manually transfer a copy of the zone using the ls -d command.  This should tell you if the secondary cannot reach the primary on port 53 or if there is a problem in
the transfer."  
bigjdveAuthor Commented:
We can try again, however there are 14 zones that do replicate and 1 that does not. I will let you know what we find out from another attempt.

bigjdveAuthor Commented:
Deleted the zone from the Primary and Secondary server. Recreated the zone on the Primary server, then tried to create the zone as a secondary and transfer from the Primary, again it failed with the same errors.
Many other zones have transferred successfully, so we know the Secondary is able to contact the Primary.
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Did the posts help you resolve the error?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
bigjdveAuthor Commented:
The posts didn't actually fix the issue on the whole as the problem didn't lie with the syncing of the servers. There seemed to be something corrupt with the zone file on the master server. We deleted the zone on all servers and recreated the zone manually and that got us working but never truly explained the issue.
Thanks for the help
I'm struggling with this issue as well. I have 20+ zones that I'm authoritative for, but only a select few will not transfer to the secondary DNS server.

I managed to work around the issue by doing the following:
delete the secondary zone
delete the zone files from \winnt\system32\dns and ..\dns\backup
recreate the zone
manually copy the zone file from the primary to the secondary

After that, DNS refreshes as expected. I'm still concerned about what the root cause of the issue could be, though.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.