Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

DNS EventID: 4010

Posted on 2010-09-09
15
Medium Priority
?
1,651 Views
Last Modified: 2012-06-27
The event ID states:
The DNS server cannot update resource record for x.x.x.x in-adda.arpa in zone x.in-adda.arpa
The active directory information of this resource record is corrupt or contains an invalid DNS name. The event data contains this error: 0000: 0000007b

So far what I have done was deleted the reverse zone, waited for replication, and recreated and even restarted the service with the zone deleted and continued to get this error. It's many many records in the zone that is doing this.

I cannot find the IP x.x.x.x that the error references or find the host records in DNS. They are not there however, the IP does ping but I cannot RDP to it.

What could cause this and how can I make the error go away. It's been like this for weeks.

Thanks
0
Comment
Question by:snyderkv
  • 7
  • 2
  • 2
  • +1
15 Comments
 
LVL 13

Assisted Solution

by:NarendraG
NarendraG earned 80 total points
ID: 33634160
0
 
LVL 9

Expert Comment

by:Chev_PCN
ID: 33634282
Has anything in your environment changed recently? e.g. addition or removal of DNS servers?
Have you checked to ensure the settings on all ther servers ITO dynamic updates, zone transfers, etc, are consistent?
If you have recently removed a DNS server, have you done a metadata cleanup or used ADSI edit to remove the legacy objects?
Are your DNS servers all on the same OS, or do you have a mix of 2003 / 2008? What is your functional domain level?
Are you allowing non-secure updates from other domains?

Try doing a full DNS cache flush if you delete the invalid records.
0
 

Author Comment

by:snyderkv
ID: 33635388
NarendraG:

I did mention that the records don't exist in DNS so I can't use that article to delete the records.

Chev, replication is fine, no metadata necessary. All reverse zones are setup the same, to replicate throughout the domain, AD Integrated and secure only update.

Since all the hosts in the event IDs don't exist in DNS but are pingable, do you think maybe these devices are trying to update their records but don't have permissions to? Not sure what to try knowing that deleting the zone doesn't fix the problem.
0
WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

 

Author Comment

by:snyderkv
ID: 33644273
I tried finding the records in Adsiedit but lmiits the amount of records you can see, so I used LDP but the host names don't show the IP (since I don't have host names) so I can't determine if they are stuck in the system or not.

Any ideas?
0
 
LVL 9

Expert Comment

by:Chev_PCN
ID: 33644306
How big is your organisation?  How many static DNS records do you have?
If this is causing major headaches, it might be worth considering deleting and re-creating the fwd lookup zone. (After taking a PIT backup of course!)

Again, the question of "what changed" is still very relevent. Did you do any patching just before this started? Do you have an OS or patch level mis-match?
You could try getting all the servers up to the latest SP / patch level.
0
 

Author Comment

by:snyderkv
ID: 33644653
1)Nothing changed that I know of
2)WSUS/SMS patches everything all the time but they don't all reboot at the same time.
3)No OS mismatch | patch level mismatch is possible but I only see this cause issues with exchange front-end back-end OWA stuff.
4) Getting every DC to the same level and rebooted would take days. How could a bad patch or mismatch cause particular records within one particular reverse zone show 4010 errors? I doubt that would be a good first place to check.

I tried checking LDP but once you dig into the DomainDNSZones, I only see host records, not IPs, so I can't track Active Directory to see if their are bad records causing the errors. Am I doing something wrong?

Any ideas?
0
 

Author Comment

by:snyderkv
ID: 33682577
Some new information I got was that these systems that the event logs mention, are VoIP phones. I see no scopes for VoIP within DHCP. Is it possible the issue could have something to do with how they are trying to register in DNS?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 33724806

Bit late, sorry, had lots of studying to do.

> Some new information I got was that these systems that the event logs mention, are VoIP phones. I see no scopes
> for VoIP within DHCP. Is it possible the issue could have something to do with how they are trying to register in DNS?

How do those names appear in DHCP? If DHCP is pushing entries into DNS and those names contain invalid data it may get upset.

Chances are it's rejecting registration of the record.

Chris
0
 

Author Comment

by:snyderkv
ID: 33725920
Yup currently, DHCP registers those IPs and uses the VoIP host names which is the mac or registration number or something (don't know but it's automatic I think)

Anyways that how it works on a good system.

I'd like to keep this thread open until I get someone on the scopes in the remote site. Only problem is, they all quit.
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 120 total points
ID: 33725953

I wonder if it includes invalid characters in the name or something, it would explain why DNS is (potentially) rejecting registrations for those names.

The Event Log packet probably contains the data, but that'll be a little harder to pull apart.

Chris
0
 

Author Comment

by:snyderkv
ID: 33839023
I'm going to accept answers now and update it later when I figure it out.
0
 

Author Closing Comment

by:snyderkv
ID: 33839055
asdf
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This program is used to assist in finding and resolving common problems with wireless connections.
Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question