Old DNS server listed in DomainDnsZones and ForestDnsZones
I recently had a windows 2003 DC/DNS server crash on me. I seized all the FSMO roles and cleaned all the metadata of the crashed server.
I am now receiving the following error on the newly promoted DC/DNS server:
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 4521
Date: 1/13/2010
Time: 10:11:40 AM
User: N/A
Computer: <ServerName>
Description:
The DNS server encountered error 9002 attempting to load zone . from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I have tried all solutions listed when googling this error and nothing has worked.
I open DNS and noticed that the only server listed in DomainDnsZones and ForestDnsZones is the old crashed DC/DNS server. I think this is directly related. My question is, what is the proper way of resolving this issue? Why aren't the other two active DNS servers listed? FYI: I have ensured all A, CNAME records for the crashed server have been removed. I have also verified that it is not listed in the Name Servers tab.
FYI, I currently have two active DCs both are running DNS.
I hope I gave enough details above, I am in desperate need of help! Thanks!
I am now receiving the following error on the newly promoted DC/DNS server:
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 4521
Date: 1/13/2010
Time: 10:11:40 AM
User: N/A
Computer: <ServerName>
Description:
The DNS server encountered error 9002 attempting to load zone . from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I have tried all solutions listed when googling this error and nothing has worked.
I open DNS and noticed that the only server listed in DomainDnsZones and ForestDnsZones is the old crashed DC/DNS server. I think this is directly related. My question is, what is the proper way of resolving this issue? Why aren't the other two active DNS servers listed? FYI: I have ensured all A, CNAME records for the crashed server have been removed. I have also verified that it is not listed in the Name Servers tab.
FYI, I currently have two active DCs both are running DNS.
I hope I gave enough details above, I am in desperate need of help! Thanks!
ASKER
The only real issue that I can tell right now is that it's flooding the DNS event log with that error. The error posted above is joined by another, but I think the error above is triggering it...
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 9999
Date: 1/13/2010
Time: 11:14:40 AM
User: N/A
Computer: <ServerName>
Description:
The DNS server has encountered numerous run-time events. To determine the initial cause of these run-time events, examine the DNS server event log entries that preceded these run-time events. The data is the number of events that have been suppressed in the last 60 minute interval.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 14 00 00 00 ....
To clarify, the DC failed. I seized the roles. Reformatted the box completely, ran a metadata cleanup, then rebuilt the box with a different host name. I made it a member but DID NOT promote it. I promoted a completely different system. I am now only receiving errors on the newly promoted DC/DNS server. The other active DC/DNS server is actually running Windows 2000 and does not have the same issue.
Thanks for the quick response!
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 9999
Date: 1/13/2010
Time: 11:14:40 AM
User: N/A
Computer: <ServerName>
Description:
The DNS server has encountered numerous run-time events. To determine the initial cause of these run-time events, examine the DNS server event log entries that preceded these run-time events. The data is the number of events that have been suppressed in the last 60 minute interval.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 14 00 00 00 ....
To clarify, the DC failed. I seized the roles. Reformatted the box completely, ran a metadata cleanup, then rebuilt the box with a different host name. I made it a member but DID NOT promote it. I promoted a completely different system. I am now only receiving errors on the newly promoted DC/DNS server. The other active DC/DNS server is actually running Windows 2000 and does not have the same issue.
Thanks for the quick response!
Well, provided you have the other DCs up and running nicely, with no problems effecting your clients, can you not just demote the newly promoted DC for now?
By the way, what OS was the old (now formatted DC) running on? And what is the newly promoted DC running on?
By the way, what OS was the old (now formatted DC) running on? And what is the newly promoted DC running on?
ASKER
I only have 2 DCs currently running.
Active DC/DNS servers are:
DC1 - Windows Server 2000
DC2 - Windows Server 2003 (newly promoted DC)
Old/Crashed DC/DNS server:
CrashedDC1 - Windows Server 2003
I am mainly concerned that neither one of these servers listed above are referenced in the DomainDnsZones and ForestDnsZones under the DNS MMC. The only server listed is the crashed DC, which no longer exists.
I'm afraid that merely demoting the "problem" DC won't resolve the DomainDnsZones and ForestDnsZones issue.
Thoughts?
Active DC/DNS servers are:
DC1 - Windows Server 2000
DC2 - Windows Server 2003 (newly promoted DC)
Old/Crashed DC/DNS server:
CrashedDC1 - Windows Server 2003
I am mainly concerned that neither one of these servers listed above are referenced in the DomainDnsZones and ForestDnsZones under the DNS MMC. The only server listed is the crashed DC, which no longer exists.
I'm afraid that merely demoting the "problem" DC won't resolve the DomainDnsZones and ForestDnsZones issue.
Thoughts?
Sorry for my absence, can you "netdiag /fix" on the newly promoted DC?
Oh and you might want to try simply - Delete and recreate the zone for Domain.com - Then try running "ipconfig /flushdns", followed by "ipconfig /registerdns", followed by "dcdiag /fix"...
Hopefully that will reregister everything... Post back any further results?
Pete
Hopefully that will reregister everything... Post back any further results?
Pete
ASKER
I will try both of the above tonight after peak hours. I will report back with results. Thanks so much!
Hi,
Can you tell me what is the replication scope of the zone? It can be found by going to the properties of the the zone.
e.g : To all DCs in the domain OR to all DNS servers in the domain???
Also, check if the Zone transfers are turned on for the zone. "zone transfer' is a separate tab in the properties window.
First, we have to check if the zone is published correctly in AD or not. If not, may be its because of replication scope issues. If it is, then we have to look on some other facts.
Please check this location: CN=MicrosoftDNS,CN=System,
Regards,
Arun.
Can you tell me what is the replication scope of the zone? It can be found by going to the properties of the the zone.
e.g : To all DCs in the domain OR to all DNS servers in the domain???
Also, check if the Zone transfers are turned on for the zone. "zone transfer' is a separate tab in the properties window.
First, we have to check if the zone is published correctly in AD or not. If not, may be its because of replication scope issues. If it is, then we have to look on some other facts.
Please check this location: CN=MicrosoftDNS,CN=System,
Regards,
Arun.
Sorry, the location should be CN=MicrosoftDNS,DC= ForestDNSZones,DC= Domain ,DC= Domain_Extension and CN=MicrosoftDNS,DC= DomainDNSZones,DC= Domain ,DC= Domain_Extension
ASKER
Replication is set to: "All domain controllers in the Active Directory domain"
Zone transfers are disabled.
I open ADSI Edit and browse to the following:
Domain >
DC=<domainname>, DC=com >
CN=System >
CN=MicrosoftDNS >
DC=<domainname.com>
Now, what am I looking for exactly? Under CN=MicrosoftDNS I see:
DC=0.168.192.in-addr.arpa
DC=RootDNSServers
DC=<domainname.com>
Zone transfers are disabled.
I open ADSI Edit and browse to the following:
Domain >
DC=<domainname>, DC=com >
CN=System >
CN=MicrosoftDNS >
DC=<domainname.com>
Now, what am I looking for exactly? Under CN=MicrosoftDNS I see:
DC=0.168.192.in-addr.arpa
DC=RootDNSServers
DC=<domainname.com>
ASKER
Oh sorry ARK-DS, we must've been replying at the same time. I didn't see your most recent post.
I see the items you are talking about. They are entered as:
Name:
DC=DomainDnsZones
Distinguised Name:
DC=DomainDnsZones, DC=<domainname.com>, CN=MicrosoftDNS, CN=System, DC=<domainname>, DC=com
Name:
DC=ForestDnsZones
Distinguished Name:
DC=ForestDnsZones, DC=<domainname.com>, CN=MicrosoftDNS, CN=System, DC=<domainname>, DC=com
I think they look okay?
I see the items you are talking about. They are entered as:
Name:
DC=DomainDnsZones
Distinguised Name:
DC=DomainDnsZones, DC=<domainname.com>, CN=MicrosoftDNS, CN=System, DC=<domainname>, DC=com
Name:
DC=ForestDnsZones
Distinguished Name:
DC=ForestDnsZones, DC=<domainname.com>, CN=MicrosoftDNS, CN=System, DC=<domainname>, DC=com
I think they look okay?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks again ARK-DS.
The zone appears to be loaded properly.
I did clean all the DNS records with the exception of DomainDnsZones and ForestDnsZones. The only thing that exists in those two locations is the "old crashed DC/DNS server IP" which no longer exists.
I want to know if it is safe to delete the records out of those areas? I am wondering why in the world the other DCs are not listed under DomainDnsZones and ForestDnsZones?
Did that make any sense?
The zone appears to be loaded properly.
I did clean all the DNS records with the exception of DomainDnsZones and ForestDnsZones. The only thing that exists in those two locations is the "old crashed DC/DNS server IP" which no longer exists.
I want to know if it is safe to delete the records out of those areas? I am wondering why in the world the other DCs are not listed under DomainDnsZones and ForestDnsZones?
Did that make any sense?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Just FYI. I am going to try this tonight/tomorrow. I will report back with results.
Did you try that?
So to clarify, the DC failed, you seized the roles, reformatted the box completely, ran a metadata cleanup, then rebuilt the box, made it a member and then promoted it, and now you're getting these errors on the newly promoted DC only?
Does that sound right?