Solved

What is the impact of Reloading a zone on DNS server

Posted on 2009-04-01
10
868 Views
Last Modified: 2012-05-06
I have been battling a very strange situation of trying to simply add another Domain controller to the network. When I run DCPROMO everything seems to go well, but I am missing OU's and content from the OU's that have replicated. On the new server called newDC this is the error under DNS event.  

The DNS server was unable to open zone CCL.local in the Active Directory from the application directory partition DomainDnsZones.CCL.local. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

On the current Domain controller with DNS installed, If I reload the zone, what impact will that have on all DNS entries?
Does anyone have any ideas?
0
Comment
Question by:camoIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 2
10 Comments
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24039529

> If I reload the zone, what impact will that have on all DNS entries?

None, they should have been written back to AD anyway. A reload would occur whenever you restarted the DNS service or the server anyway.

You might consider running DCDiag / NetDiag considering some of the issues you describe.

Chris
0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 24039564
Are you running AD integrated DNS?
How is that server configured for DNS (Is it pointing to itself for primary DNS or pointing to another DC for primary DNS)
Are there 4015 errors in your logs?
No issues if you reload the zone.
Thanks
Mike
0
 
LVL 2

Author Comment

by:camoIT
ID: 24039627
Mike / Chris

I am the NA. As you can see there is only one Domain Controller. Windows 2003 Stnd R2.

I purchased a new server HP PRoliant DL360 and loaded Windows 2003 Stnd R2, to add to the domain, then promote, then sending back the original DC to D_LL :)

I am receiving 4001, 4007 event ID's.
 Question: The moment I set foot in here, I purchased and installed Backup Exec 12.5 and have everything backed up to tape. Is there a way I can recreate the domain without loosing SIDS, if running this promotion fails??
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 71

Expert Comment

by:Chris Dent
ID: 24039702

Recreating the domain is unlikely to be necessary except where we're suffered from a really catestrophic failure.

If it's having problems promoting DCDiag, NetDiag and browsing the Event Logs are the best starting points. They will quickly highlight the most serious errors that may need to be given a little attention.

Chris
0
 
LVL 2

Author Comment

by:camoIT
ID: 24040010
Application Logs on Domain Controller
1.MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: %1

2. MS DTC could not correctly process a DC Promotion/Demotion event. MS DTC will continue to function and will use the existing security settings. Error Specifics: d:\nt\com\complus\dtc\dtc\adme\uiname.cpp:9351, Pid: 1216
No Callstack,
 CmdLine: C:\WINDOWS\system32\msdtc.exe

DNS Server
3.The DNS server was unable to complete directory service enumeration of zone conexsys.net.  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error. 4004

4.The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error. 4015

0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24040034

These are on your new DC aren't they? Anything on the current one?

Chris
0
 
LVL 2

Author Comment

by:camoIT
ID: 24040072
These events are from the current DC

On the new DC that is failing...These are the logs
The DNS server was unable to open zone domain.local in the Active Directory from the application directory partition DomainDnsZones.domain.local. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code. 4007

The DNS server was unable to open zone 100.168.192.in-addr.arpa in the Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code. 4001

The File Replication Service has enabled replication from AD to ADSERVER for c:\windows\sysvol\domain after repeated retries.

0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 24040109

Okay, so can we also see:

RepAdmin /ShowReps

And if you could run DCDiag and NetDiag the output would be helpful :)

Chris
0
 
LVL 57

Accepted Solution

by:
Mike Kline earned 500 total points
ID: 24040124
We had 4015s on some of our DCs and what we did was point the DCs to each other for primary DNS to prevent the race condition.
DC1
Points to DC2 for primary DNS and points to itself as secondary
DC2
Points to DC1 for primary DNS and points to itself as secondary
Have you tried demoting and promoting the box again?
Thanks
Mike
0
 
LVL 2

Author Closing Comment

by:camoIT
ID: 31565309
Thanks for your help in resolving this issue
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question