Solved

DNS EventID: 4010

Posted on 2010-09-09
15
1,635 Views
Last Modified: 2012-06-27
The event ID states:
The DNS server cannot update resource record for x.x.x.x in-adda.arpa in zone x.in-adda.arpa
The active directory information of this resource record is corrupt or contains an invalid DNS name. The event data contains this error: 0000: 0000007b

So far what I have done was deleted the reverse zone, waited for replication, and recreated and even restarted the service with the zone deleted and continued to get this error. It's many many records in the zone that is doing this.

I cannot find the IP x.x.x.x that the error references or find the host records in DNS. They are not there however, the IP does ping but I cannot RDP to it.

What could cause this and how can I make the error go away. It's been like this for weeks.

Thanks
0
Comment
Question by:snyderkv
  • 7
  • 2
  • 2
  • +1
15 Comments
 
LVL 13

Assisted Solution

by:NarendraG
NarendraG earned 20 total points
ID: 33634160
0
 
LVL 9

Expert Comment

by:Chev_PCN
ID: 33634282
Has anything in your environment changed recently? e.g. addition or removal of DNS servers?
Have you checked to ensure the settings on all ther servers ITO dynamic updates, zone transfers, etc, are consistent?
If you have recently removed a DNS server, have you done a metadata cleanup or used ADSI edit to remove the legacy objects?
Are your DNS servers all on the same OS, or do you have a mix of 2003 / 2008? What is your functional domain level?
Are you allowing non-secure updates from other domains?

Try doing a full DNS cache flush if you delete the invalid records.
0
 

Author Comment

by:snyderkv
ID: 33635388
NarendraG:

I did mention that the records don't exist in DNS so I can't use that article to delete the records.

Chev, replication is fine, no metadata necessary. All reverse zones are setup the same, to replicate throughout the domain, AD Integrated and secure only update.

Since all the hosts in the event IDs don't exist in DNS but are pingable, do you think maybe these devices are trying to update their records but don't have permissions to? Not sure what to try knowing that deleting the zone doesn't fix the problem.
0
 

Author Comment

by:snyderkv
ID: 33644273
I tried finding the records in Adsiedit but lmiits the amount of records you can see, so I used LDP but the host names don't show the IP (since I don't have host names) so I can't determine if they are stuck in the system or not.

Any ideas?
0
 
LVL 9

Expert Comment

by:Chev_PCN
ID: 33644306
How big is your organisation?  How many static DNS records do you have?
If this is causing major headaches, it might be worth considering deleting and re-creating the fwd lookup zone. (After taking a PIT backup of course!)

Again, the question of "what changed" is still very relevent. Did you do any patching just before this started? Do you have an OS or patch level mis-match?
You could try getting all the servers up to the latest SP / patch level.
0
 

Author Comment

by:snyderkv
ID: 33644653
1)Nothing changed that I know of
2)WSUS/SMS patches everything all the time but they don't all reboot at the same time.
3)No OS mismatch | patch level mismatch is possible but I only see this cause issues with exchange front-end back-end OWA stuff.
4) Getting every DC to the same level and rebooted would take days. How could a bad patch or mismatch cause particular records within one particular reverse zone show 4010 errors? I doubt that would be a good first place to check.

I tried checking LDP but once you dig into the DomainDNSZones, I only see host records, not IPs, so I can't track Active Directory to see if their are bad records causing the errors. Am I doing something wrong?

Any ideas?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:snyderkv
ID: 33682577
Some new information I got was that these systems that the event logs mention, are VoIP phones. I see no scopes for VoIP within DHCP. Is it possible the issue could have something to do with how they are trying to register in DNS?
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 33724806

Bit late, sorry, had lots of studying to do.

> Some new information I got was that these systems that the event logs mention, are VoIP phones. I see no scopes
> for VoIP within DHCP. Is it possible the issue could have something to do with how they are trying to register in DNS?

How do those names appear in DHCP? If DHCP is pushing entries into DNS and those names contain invalid data it may get upset.

Chances are it's rejecting registration of the record.

Chris
0
 

Author Comment

by:snyderkv
ID: 33725920
Yup currently, DHCP registers those IPs and uses the VoIP host names which is the mac or registration number or something (don't know but it's automatic I think)

Anyways that how it works on a good system.

I'd like to keep this thread open until I get someone on the scopes in the remote site. Only problem is, they all quit.
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 30 total points
ID: 33725953

I wonder if it includes invalid characters in the name or something, it would explain why DNS is (potentially) rejecting registrations for those names.

The Event Log packet probably contains the data, but that'll be a little harder to pull apart.

Chris
0
 

Author Comment

by:snyderkv
ID: 33839023
I'm going to accept answers now and update it later when I figure it out.
0
 

Author Closing Comment

by:snyderkv
ID: 33839055
asdf
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now