Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

DNS Server Error

Posted on 2011-04-20
12
Medium Priority
?
580 Views
Last Modified: 2012-05-11
Hello,

i am having 2 DC (one 2003 R2 and other 2008 Domain Controllers) in my network,

My both DC are working fine but wehe ever i shutdown secondry DC and reasart my primary DC i am getting eror on DNS server, that include 6702, 4015, 4004 (Source DNS).
for your reference pelase find below error
-------------------------------------------------------------------
Event ID 6702

DNS server has updated its own host (A) records.  In order to ensure that its DS-integrated peer DNS servers are able to replicate with this server, an attempt was made to update them with the new records through dynamic update.  An error was encountered during this update, the record data is the error code.
 
If this DNS server does not have any DS-integrated peers, then this error
should be ignored.
 
If this DNS server's Active Directory replication partners do not have the correct IP address(es) for this server, they will be unable to replicate with it.
 
To ensure proper replication:
1) Find this server's Active Directory replication partners that run the DNS server.
2) Open DnsManager and connect in turn to each of the replication partners.
3) On each server, check the host (A record) registration for THIS server.
4) Delete any A records that do NOT correspond to IP addresses of this server.
5) If there are no A records for this server, add at least one A record corresponding to an address on this server, that the replication partner can contact.  (In other words, if there multiple IP addresses for this DNS server, add at least one that is on the same network as the Active Directory DNS server you are updating.)
6) Note, that is not necessary to update EVERY replication partner.  It is only necessary that the records are fixed up on enough replication partners so that every server that replicates with this server will receive (through replication) the new data.
------------------------------------------------------------------------
Event ID 4015

The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.
------------------------------------------------------------------------
Event ID 4004

The DNS server was unable to complete directory service enumeration of zone ..  This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it.  Check that the Active Directory is functioning properly and repeat enumeration of the zone. The extended error debug information (which may be empty) is "". The event data contains the error.
--------------------------------------------------------------------------------------------------

for troubleshooting purpose i run Dcdiage, please find attach outputs

NOTE : DNS forwarding is not enable.
Dns-test.txt
0
Comment
Question by:itubaf
  • 3
  • 3
  • 3
  • +1
10 Comments
 
LVL 1

Expert Comment

by:villeah
ID: 35431862
If I understood right, you are shutting down another dns server and restarting another one? I think these error messages are quite normal when another dns server is not available for replication.
0
 
LVL 3

Author Comment

by:itubaf
ID: 35432074
Thank you for your reply.

1) before i was not getting this error message.
2) now if secondry dc is not abaible primary takes long time to boot.
0
 
LVL 3

Author Comment

by:itubaf
ID: 35432090
a part from above, before i was not getting any error while running Dcdiage, but now when ever i run i got this error
-----------------
Running enterprise tests on : TEST.local
      Starting test: DNS
         Test results for domain controllers:

            DC: TESTdc-01.TEST.local
            Domain: TEST.local


               TEST: Forwarders/Root hints (Forw)
                  Error: Root hints list has invalid root hint server: b.root-se
rvers.net. (128.9.0.107)
                  Error: Root hints list has invalid root hint server: l.root-se
rvers.net. (198.32.64.12)

         Summary of test results for DNS servers used by the above domain contro
llers:

            DNS server: 198.32.64.12 (l.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 198.32.64.12

            DNS server: 128.9.0.107 (b.root-servers.net.)
               1 test failure on this DNS server
               This is not a valid DNS server. PTR record query for the 1.0.0.12
7.in-addr.arpa. failed on the DNS server 128.9.0.107

         ......................... TEST.local passed test DNS
-----------------------------------------------------------
for deatil please check previously atatched file.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 1332 total points
ID: 35458760

> but now when ever i run i got this error

Upgrade DCDiag to the version from the latest service pack (it'll be in C:\Windows\ServicePackFiles, if I remember correctly, if the SP is installed). It's a bug with DCDiag rather than being representative of a problem in your environment.

Is that the only issue you have left?

Chris
0
 
LVL 3

Author Comment

by:itubaf
ID: 35458909
Dear Chris,

thank you for your post, infact i was trying to reach you, as i came to know you are one of the enst DNS expert here. thank you for your post.

my DC is booting very slow, booting time is approximatly 15-20min. at the same time in absence of secondry DC i got error mesage that domain doest not exisit, while logon to any serevr including Primary DC but if i remove my primary DC cables and start Secondry DC and connect primary dc cables back everything works fine.



 
0
 
LVL 29

Accepted Solution

by:
pwindell earned 668 total points
ID: 35459626
My both DC are working fine but wehe ever i shutdown secondry DC and reasart my primary DC

Of course it is going to say that,...
Everything you have described is exactly the way it is all supposed to behave.

1. Replication cannot happen if any DC is down,...all DCs are always supposed to be up.

2. Never shutdown all DCs at the same time

3. It is normal for one DC to refer to the other DC first in the TCP/IP Specs,...but that only works right if the other DC is already running when you start up.  So never have both DCs powered down at the same time.   If the DC refers to itself first in the TCP/IP Specs then a delay can happen on bootup because it has to wait for the DNS Services to come up first, then the AD Services after that, then the rest of the machine can boot up.
0
 
LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 1332 total points
ID: 35460234

Hmm yeah, I was a bit confused about the statement. But pwindell is right. If both DCs go down, bringing them back online can be (very) slow.

Chris
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35460723
Chris,...didn't we used to be in some of the Usenet Groups (Public News Groups) together?  I've been doing this about 11-12 years and your name seems really familiar?   Were/Are you and MVP?  Maybe we met at one of the MVP Summits?
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 35465478
Quite possibly the MS news groups, I hung around in the DNS / AD type areas there before I started getting busy :)

I did have an MVP back in 2007, but unfortunately I never made it to the summit.

Cheers,

Chris
0
 
LVL 29

Expert Comment

by:pwindell
ID: 35466833
I was in the DNS/AD groups too with another guy you might know,...Ace Fekay.  I haven't been in them since MS dropped their NNTP Servers
0

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
The article explains the process to deploy a Self-Service password reset portal I developed a few years ago. Hopefully, it will prove useful to someone.  Any comments, bug reports etc. are welcome...
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

578 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question