DNS EventID: 4010

Posted on 2010-09-09
Last Modified: 2012-06-27
The event ID states:
The DNS server cannot update resource record for x.x.x.x in zone
The active directory information of this resource record is corrupt or contains an invalid DNS name. The event data contains this error: 0000: 0000007b

So far what I have done was deleted the reverse zone, waited for replication, and recreated and even restarted the service with the zone deleted and continued to get this error. It's many many records in the zone that is doing this.

I cannot find the IP x.x.x.x that the error references or find the host records in DNS. They are not there however, the IP does ping but I cannot RDP to it.

What could cause this and how can I make the error go away. It's been like this for weeks.

Question by:snyderkv
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 2
  • 2
  • +1
LVL 13

Assisted Solution

NarendraG earned 20 total points
ID: 33634160

Expert Comment

ID: 33634282
Has anything in your environment changed recently? e.g. addition or removal of DNS servers?
Have you checked to ensure the settings on all ther servers ITO dynamic updates, zone transfers, etc, are consistent?
If you have recently removed a DNS server, have you done a metadata cleanup or used ADSI edit to remove the legacy objects?
Are your DNS servers all on the same OS, or do you have a mix of 2003 / 2008? What is your functional domain level?
Are you allowing non-secure updates from other domains?

Try doing a full DNS cache flush if you delete the invalid records.

Author Comment

ID: 33635388

I did mention that the records don't exist in DNS so I can't use that article to delete the records.

Chev, replication is fine, no metadata necessary. All reverse zones are setup the same, to replicate throughout the domain, AD Integrated and secure only update.

Since all the hosts in the event IDs don't exist in DNS but are pingable, do you think maybe these devices are trying to update their records but don't have permissions to? Not sure what to try knowing that deleting the zone doesn't fix the problem.
Secure Your WordPress Site: 5 Essential Approaches

WordPress is the web's most popular CMS, but its dominance also makes it a target for attackers. Our eBook will show you how to:

Prevent costly exploits of core and plugin vulnerabilities
Repel automated attacks
Lock down your dashboard, secure your code, and protect your users


Author Comment

ID: 33644273
I tried finding the records in Adsiedit but lmiits the amount of records you can see, so I used LDP but the host names don't show the IP (since I don't have host names) so I can't determine if they are stuck in the system or not.

Any ideas?

Expert Comment

ID: 33644306
How big is your organisation?  How many static DNS records do you have?
If this is causing major headaches, it might be worth considering deleting and re-creating the fwd lookup zone. (After taking a PIT backup of course!)

Again, the question of "what changed" is still very relevent. Did you do any patching just before this started? Do you have an OS or patch level mis-match?
You could try getting all the servers up to the latest SP / patch level.

Author Comment

ID: 33644653
1)Nothing changed that I know of
2)WSUS/SMS patches everything all the time but they don't all reboot at the same time.
3)No OS mismatch | patch level mismatch is possible but I only see this cause issues with exchange front-end back-end OWA stuff.
4) Getting every DC to the same level and rebooted would take days. How could a bad patch or mismatch cause particular records within one particular reverse zone show 4010 errors? I doubt that would be a good first place to check.

I tried checking LDP but once you dig into the DomainDNSZones, I only see host records, not IPs, so I can't track Active Directory to see if their are bad records causing the errors. Am I doing something wrong?

Any ideas?

Author Comment

ID: 33682577
Some new information I got was that these systems that the event logs mention, are VoIP phones. I see no scopes for VoIP within DHCP. Is it possible the issue could have something to do with how they are trying to register in DNS?
LVL 71

Expert Comment

by:Chris Dent
ID: 33724806

Bit late, sorry, had lots of studying to do.

> Some new information I got was that these systems that the event logs mention, are VoIP phones. I see no scopes
> for VoIP within DHCP. Is it possible the issue could have something to do with how they are trying to register in DNS?

How do those names appear in DHCP? If DHCP is pushing entries into DNS and those names contain invalid data it may get upset.

Chances are it's rejecting registration of the record.


Author Comment

ID: 33725920
Yup currently, DHCP registers those IPs and uses the VoIP host names which is the mac or registration number or something (don't know but it's automatic I think)

Anyways that how it works on a good system.

I'd like to keep this thread open until I get someone on the scopes in the remote site. Only problem is, they all quit.
LVL 71

Accepted Solution

Chris Dent earned 30 total points
ID: 33725953

I wonder if it includes invalid characters in the name or something, it would explain why DNS is (potentially) rejecting registrations for those names.

The Event Log packet probably contains the data, but that'll be a little harder to pull apart.


Author Comment

ID: 33839023
I'm going to accept answers now and update it later when I figure it out.

Author Closing Comment

ID: 33839055

Featured Post

Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
When it comes to security, there are always trade-offs between security and convenience/ease of administration. This article examines some of the main pros and cons of using key authentication vs password authentication for hosting an SFTP server.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month8 days, 11 hours left to enroll

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question