• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 939
  • Last Modified:

ForestDnsZones in a child domain


I'm having a problem with one of my MS DNS servers and searching so far had not produced any useful results. Also, I should mention that I'm actually a network engineer, but am stuck with this Active Directory problem so any advice might need to be dumbed down to a non MCP level

I have a forest with two child domains, so total of 3 zones.
Let's say those are:

where domain1.com is the forest zone (it was the only domain back in the day so everything grew out of that one).

I also have 4 sites:

site1 and site2 each have two domain controllers for domain1.com
site3 has two domain controllers for domain2.local
site4 has one domain controller for domain3.local

I'm doing a virtualization project in my site3, so I virtualized my pdc domain controller yesterday. Now I should mention that I have virtualized the secondary one a while ago and had no problems. I was told by our VMware consultant that virtualizing DCs is not usually a successful task and for that reason I should demote the DC before proceeding. I did that with dc2.domain2.local (which worked great) long time ago. Yesterday was the day for dc1.domain2.local which was the pdc.

I demoted it, P2V'd it and promoted it again. Since than, I get
Event Type:      Error
Event Source:      DNS
Event Category:      None
Event ID:      4007
Date:            5/21/2009
Time:            9:36:15 AM
User:            N/A
Computer:      DC1
The DNS server was unable to open zone _msdcs.domain2.local in the Active Directory from the application directory partition ForestDnsZones.domain2.local. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
0000: 0d 00 00 00               ....    

I thought there shouldn't be ForestDnsZones in domain2.local since it's a child domain to begin with. I do have ForestDnsZones in my domain1.com.

I get that message every time I restart the DNS server. I also, can't see any obvious issues resulting from that other than this message itself.

All three zones are AD stored and replicate to all DNS in the forest.
  • 5
  • 4
1 Solution
Was the first DC you virtualized set up as a global catalog server or as a DNS server when you repromoted it?
uncle_hoAuthor Commented:
yes, both DCs are global catalogs. In fact all DCs I have are global catalogs.
Did you see this thread?
Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

uncle_hoAuthor Commented:
I think you might have forgotten the link
Chris DentPowerShell DeveloperCommented:

You might try running:

dnscmd /EnumDirectoryPartitions

Just to see if it lists ForestDNSZones from the root in addition to this one.

You should also be able to see the partitions in NTDSUtil with:

domain management
connect to server <ADomainController>
select operation target
list naming contexts

Just checking to see if you were paying attention.  :)

uncle_hoAuthor Commented:
Z:\>dnscmd /EnumDirectoryPartitions
Enumerated directory partition list:

        Directory partition count = 4

 DomainDnsZones.domain2.local                 Enlisted Auto Domain
 DomainDnsZones.domain1.com                    Not-Enlisted
 DomainDnsZones.domain3.local                 Not-Enlisted
 ForestDnsZones.domain1.com                    Enlisted Auto Forest

Command completed successfully.

Found 9 Naming Context(s)
0 - CN=Configuration,DC=domain1,DC=com
1 - CN=Schema,CN=Configuration,DC=domain1,DC=com
2 - DC=domain1,DC=com
3 - DC=domain2,DC=local
4 - DC=domain3,DC=local
5 - DC=DomainDnsZones,DC=domain1,DC=com
6 - DC=DomainDnsZones,DC=domain3,DC=local
7 - DC=ForestDnsZones,DC=domain1,DC=com
8 - DC=DomainDnsZones,DC=domain2,DC=local
uncle_hoAuthor Commented:
zelron22, seems like there is no real solution in that thread or at least I can't see one. The second link, that I suspect might have helped is dead.
This link suggests that you can ignore this if it only happens on boot.  At the end, there's a description of what was done to correct it anyway.

uncle_hoAuthor Commented:
Reinstalling DNS did the job. I guess, ForestDnsZones is not needed in child domains after all.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now