?
Solved

Secondary DNS spitting multiple event ID 9999 and 6522 and after a while chokes DNS to a halt

Posted on 2008-02-01
5
Medium Priority
?
1,457 Views
Last Modified: 2008-08-26
I have Active Directory Integrated DNS servers (about 7 AD DNS) which are transfering there zones to Secondary DNS.  I noticed a trend where the secondady DNS servers chokes to a halt after every 12-13 days.  On the Secondary DNS servers DNS event log there are several informational event ID 6522 and 3150 before I get Event ID 3000.  After that I get multiple event ID 6522 and 9999 alternativley and continously for several days which then chokes DNS and hangs the DNS service.  I have to reboot the secondary DNS servers for it to resume work.  Anybody have an Idea what I can do to stop this trend from happening over and over.

Any input would be highly appreciated.
0
Comment
Question by:KMacakiage
  • 3
  • 2
5 Comments
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 20809304
This is all coppied from eventid.net

Event ID 6522
This is a self-explanatory event. If your DNS server is of "Standard Secondary" type, it requests the new version of the authoritative zone from the Master DNS server. This can be inititated in two ways:
1. Your DNS server is checking periodically the version of the SOA record on the primary and if it is found larger than the last time, the server requests a zone transfer.
2. Instantly after a zone change, if you use DNS notify on the primary server.

Event ID 3150
See M181600 to find out how to configure a secondary DNS Server with Windows NT.

This event should be self-explanatory (and probably it is for most of the cases). However, we have received a report for this event occuring in the following conditions: "No symptoms other than event log entries in the DNS log file under Windows 2000 server (SP2 currently). This Information entry will occur 6 to 10 times and then a Warning Event Id 9999. The cycle repeats (3150s and then 9999 event IDs. The domain has only one server, thus no Active Directory transfers can occur. However, DNS is Active Directory Integrated and is set to deny any Zone Transfers.". We don't have any info about what would cause this

Event ID 3000
Casey C (Last update 10/7/2003):
In my case, I had accidentally deleted an Active Directory domain zone file for a test domain that was pointing to the server. See M249868 for more details.

Adrian Grigorof
The reason why this happens is that the DNS server is logging too many events and for this reason, it's stopping temporarily (so logging won't affect it's main duty, DNS resolution. One suggestion from newsgroups is to turn on verbose logging. From the server properties in the DNS console, turn on all loging.  

Event ID 9999
Description
DNS Server has encounters numerous run-time events. These are usually caused by the reception of bad or unexpected packets, or from problems with or excessive replication traffic. The data is the number of suppressed events encountered in the last 15 minute interval.  
English please! Request a translation of the event description in plain English! An example of "English please" is available here.  

Things to understand
What is a runtime?
What is the role of a DNS server?  

Comments
As per Microsoft: "The occurrence of these event error messages does not necessarily indicate a problem with the DNS service" This event  indicates that a number of events were blocked by DNS from being logged in Event Viewer (the number itself is in the "Data" section). After this event, the logging starts again.  

Links
http://support.microsoft.com/default.aspx?scid=kb;en-us;198757
http://support.microsoft.com/default.aspx?scid=kb;en-us;199792

I hope some of this helps out, and highley recomend a membership at eventid.net

eb


0
 

Author Comment

by:KMacakiage
ID: 20823235
True event ID 9999 refers to the number of suppressed events encountered in the last 15 minute interval..... and I have already turned on All loggings.  These logs would not been a problem, however like I said, after every 13 days I start getting  Error event ID 111 and DNS thinks that  the system is running low on resources .... "Close any applications not in use or reboot the computer to free memory.

I will try to run dnscmd /config /eventcontrolsuppression 1 and see what happens.
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 20823404
I did not see mention of eventid 111, I will research that one and get back to you.
eb
0
 
LVL 23

Expert Comment

by:Erik Bjers
ID: 20823440
This is all I've found so far

You may also want to run some sort of performance monitoring soulution to track the actual usage of system resources, it may actualy be running low.

As per Microsoft: "To check the NetBIOS over TCP/IP configuration: 1. Open Control Panel, and double-click Network and Dial-up Connections . 2. Click the Protocols  tab, and click TCP/IP Protocol  in the Network Protocols list. 3. Click Properties , and then click the WINS Address  tab. 4. Verify that the IP addresses for both the primary and secondary WINS servers are correct, and that the Enable DNS for Windows Resolution  check box is selected. 5. Click the Bindings tab, and verify that the WINS (TCP/IP) protocol is bound to the network adapter. If you continue to receive this message, verify that the WINS reverse lookup record has been configured correctly by using DNS Manager or by opening the appropriate XXX.XXX.in-addr.arpa database file located in the Systemroot /System32/Dns folder. You can edit this database file using Notepad but you must stop DNS first".  

eb
0
 

Accepted Solution

by:
KMacakiage earned 0 total points
ID: 21250359
This problem was caused by DNS patch that was released in November 2007.  I cannot remember the KB number, but called MS and they confirmed that it is a known issue. .... solution was to uninstal the patch.
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Measuring Server's processing rate with a simple powershell command. The differences in processing rate also was recorded in different use-cases, when a server in free and busy states.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
There may be issues when you are trying to access Outlook or send & receive emails or due to Outlook crash which leads to corrupt or damaged PST file. To eliminate the corruption from your PST file, you need to repair the corrupt Outlook PST file. U…

594 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question