Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

What is the impact of Reloading a zone on DNS server

Posted on 2009-04-01
10
Medium Priority
?
893 Views
Last Modified: 2012-05-06
I have been battling a very strange situation of trying to simply add another Domain controller to the network. When I run DCPROMO everything seems to go well, but I am missing OU's and content from the OU's that have replicated. On the new server called newDC this is the error under DNS event.  

The DNS server was unable to open zone CCL.local in the Active Directory from the application directory partition DomainDnsZones.CCL.local. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

On the current Domain controller with DNS installed, If I reload the zone, what impact will that have on all DNS entries?
Does anyone have any ideas?
0
Comment
Question by:camoIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
10 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24039529

> If I reload the zone, what impact will that have on all DNS entries?

None, they should have been written back to AD anyway. A reload would occur whenever you restarted the DNS service or the server anyway.

You might consider running DCDiag / NetDiag considering some of the issues you describe.

Chris
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24039564
Are you running AD integrated DNS?
How is that server configured for DNS (Is it pointing to itself for primary DNS or pointing to another DC for primary DNS)
Are there 4015 errors in your logs?
No issues if you reload the zone.
Thanks
Mike
0
 
LVL 2

Author Comment

by:camoIT
ID: 24039627
Mike / Chris

I am the NA. As you can see there is only one Domain Controller. Windows 2003 Stnd R2.

I purchased a new server HP PRoliant DL360 and loaded Windows 2003 Stnd R2, to add to the domain, then promote, then sending back the original DC to D_LL :)

I am receiving 4001, 4007 event ID's.
 Question: The moment I set foot in here, I purchased and installed Backup Exec 12.5 and have everything backed up to tape. Is there a way I can recreate the domain without loosing SIDS, if running this promotion fails??
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 71

Expert Comment

by:Chris Dent
ID: 24039702

Recreating the domain is unlikely to be necessary except where we're suffered from a really catestrophic failure.

If it's having problems promoting DCDiag, NetDiag and browsing the Event Logs are the best starting points. They will quickly highlight the most serious errors that may need to be given a little attention.

Chris
0
 
LVL 2

Author Comment

by:camoIT
ID: 24040010
Application Logs on Domain Controller
1.MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: %1

2. MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351, Pid: 1216
No Callstack,
 CmdLine: C:\WINDOWS\system32\msdtc.exe

DNS Server
3.The DNS server was unable to complete directory service enumeration of zone conexsys.net.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error. 4004

4.The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error. 4015

0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24040034

These are on your new DC aren't they? Anything on the current one?

Chris
0
 
LVL 2

Author Comment

by:camoIT
ID: 24040072
These events are from the current DC

On the new DC that is failing...These are the logs
The DNS server was unable to open zone domain.local in the Active Directory from the application directory partition DomainDnsZones.domain.local. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code. 4007

The DNS server was unable to open zone 100.168.192.in-addr.arpa in the Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code. 4001

The File Replication Service has enabled replication from AD to ADSERVER for c:\windows\sysvol\domain after repeated retries.

0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24040109

Okay, so can we also see:

RepAdmin /ShowReps

And if you could run DCDiag and NetDiag the output would be helpful :)

Chris
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1500 total points
ID: 24040124
We had 4015s on some of our DCs and what we did was point the DCs to each other for primary DNS to prevent the race condition.
DC1
Points to DC2 for primary DNS and points to itself as secondary
DC2
Points to DC1 for primary DNS and points to itself as secondary
Have you tried demoting and promoting the box again?
Thanks
Mike
0
 
LVL 2

Author Closing Comment

by:camoIT
ID: 31565309
Thanks for your help in resolving this issue
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory can easily get cluttered with unused service, user and computer accounts. In this article, I will show you the way I like to implement ADCleanup..
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question