• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 402
  • Last Modified:

Domain controller wigged out and now I get a event 4515 in DNS

I host a domain controller in VMWare ESX 3.5u2.  After deleting a VMware snapshot of my domain controller, my DC hasn't been right since.  The DC wigged out and no longer responeded to network requests.  I had to go to Virtual Center and hard reboot the DC to get the network working again.  Since then, I get a funky event in DNS:
Event Type:      Warning
Event Source:      DNS
Event Category:      None
Event ID:      4515
Date:            4/17/2009
Time:            1:34:34 PM
User:            N/A
Computer:      DC01
The zone mydomain.com was previously loaded from the directory partition MicrosoftDNS but another copy of the zone has been found in directory partition domainDnsZones.mydomain.com. The DNS Server will ignore this new copy of the zone. Please resolve this conflict as soon as possible. If an administrator has moved this zone from one directory partition to another this may be a harmless transient condition. In this case, no action is necessary. The deletion of the original copy of the zone should soon replicate to this server.
If there are two copies of this zone in two different directory partitions but this is not a transient caused by a zone move operation then one of these copies should be deleted as soon as possible to resolve this conflict.
To change the replication scope of an application directory partition containing DNS zones and for more details on storing DNS zones in the application directory partitions, please see Help and Support.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp

I did a little research and found this KB article:

The article basically shows you how to use ADSIEdit to connect to the various AD partitions.  According to the article, option 3 is only for a doman that has Windows 2000 DCs.  My domain runs all 2003 servers, but is running in 2000 native mode.  

I've used ADSIEdit to view the partitions, but I'm not 100% comfortable in removing the 'bad' zone.  My DCs are all DNS servers and the DNS zone (for my domain) is configured for AD replication "to all domain controllers in the Active Directory domain mydomain.com".  I see all my zones in DC=mydomain,DC=com,CN=System,CN=microsoftDNS (along with all the other DNS zones that are AD integrated but not related to my domain).  I do see what I believe to be the "bad" zone in DC=DomainDNSZones,DC=mydomain,DC=com,CN=MicrosoftDNS,DC=mydomain.com.  No other of the AD integrated DNS zones are in this partition.

A. How can I be sure which Zone to delete?
B. Suppose I'm wrong -  how can I get it back up quickly in the case of a catastrophe?!
C. What else am I not asking or documenting here that I should be concerned with?
D. Although sloppy, is there any harm in leaving the "bad" zone where it is?

Any help would be greatly appreciated.



A. How can I be sure that this is te
  • 2
1 Solution
1. Stop DNS Server service on all servers except one.
2. On that one, turn off AD integration for all forward or reverse zones for which EventID 4515 appears (we had several).
3. Restart the DNS Server service on the one server.
4. Check the DNS log - all occurrences of EventID 4515 should be gone. If not make sure AD Integration is off and restart the service again until it starts without any 4515 warnings.
5. Enable AD integration. Remember to set the replication scope (Win2003 and higher) and turn on secure updates.
6. If there are other zones on other DNS servers that are not replicated to the server you chose in step 1, stop the DNS Server service on the machine you've been working on, then repeat steps 1 through 5 for zones on a DNS server that hosts the remaining, conflicting zones.
5. Force AD replication to all DCs running DNS.
6. Start DNS Server service on the other DNS servers. Once the replication is complete, the 4515 warnings will be gone.
Also, you say you deleted a snapshot.  That in and of itself shouldn't have done anything.  However, if you have more than one DC, and you restored a DC from a snapshot, essentially just turned it on, that could mess up your AD significantly.

Domain Controllers should not be restored from an image.  You need to either build and promote a new DC after demoting the old one (or removing its metadata using NTDSUTIL) or restore it from a backup either as an authoritative or non-authoritative restore, depending upon whether or not you want to restore the current version of AD that's running on the DCs that are still up.
fedsigAuthor Commented:

     I'm aware that deleting a snapshot shouldn't have affected this, but I may have an issue w/either my filer or my ESX rig.  Basically I used SMVI (snap manager for Virtual Infrastructure) to do a hot backup.  It quiesced the VM image, took a snapshot, then deleted the snap (thus committing the deltas back to the original image).  I think that that may have been the problem.  After the backup, the DC got stupid and wouldn't respond to pings or anything.  After hard-booting the DC, the dialogue box that appears before you can hit ctrl-alt-del said "rebuilding active directory indeces".  I never even heard of that?!  I think something got hosed on that DC and it replicated to the other DCs.

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now