Chris Millard
asked on
Unable to delete DNS Reverse Lookup Zone
I have a customer running SBS 2003, and whilst looking at somethign else, I noticed a problem with DNS.
In DNS management, I have an Active Directory-Integrated Primary reverse lookup zone called 0.168.192.in-addr.arpa
When I click on this zone name, the right hand window shows the following message:-
The DNS server encountered a problem while attempting to load the zone. The zone data may not be available in Active Directory, or the zone data is corrupt."
If I right click on the zone name and select properties, I can see that the status is Expired. I've changed the Dynamic updates to "Nonsecure and secure" (it was set to None). I cannot change the type or replication because "There was a server failure".
I enabled event logging on DNS, and now get lots of 4004, 4015 and 4521 errors in the DNS Event log.
I've opened ADSIEDIT, and drilling down through ForestDNSZones, I get to CN=MicrosoftDNS and in there, there are a couple of dnsZones which show as "InProgress":-
DC=..InProgress-4EA8311654 36DE8E-0.1 68.192.in- addr.arpa
DC=..InProgress-4EA8310254 3690DB-0.1 68.192.in- addr.arpa
There were 3 of these yesterday, which I deleted, but this morning, these 2 have appeared.
If I go into Active Directory Users and Computers, and drill down to System->MicrosoftDNS, I can see 0.168.192.in-addr.arpa with a yellow exclamation on it. If I right-click and choose to delete it, I get a warning asking me to confirm deletion. I choose Yes and get an error which says:-
The object 0.168.192.in-addr.arpa (or some of the objects it contains) cannot be deleted because: The directory service encountered an unknown failure."
I'm unsure where to go with this now...
In DNS management, I have an Active Directory-Integrated Primary reverse lookup zone called 0.168.192.in-addr.arpa
When I click on this zone name, the right hand window shows the following message:-
The DNS server encountered a problem while attempting to load the zone. The zone data may not be available in Active Directory, or the zone data is corrupt."
If I right click on the zone name and select properties, I can see that the status is Expired. I've changed the Dynamic updates to "Nonsecure and secure" (it was set to None). I cannot change the type or replication because "There was a server failure".
I enabled event logging on DNS, and now get lots of 4004, 4015 and 4521 errors in the DNS Event log.
I've opened ADSIEDIT, and drilling down through ForestDNSZones, I get to CN=MicrosoftDNS and in there, there are a couple of dnsZones which show as "InProgress":-
DC=..InProgress-4EA8311654
DC=..InProgress-4EA8310254
There were 3 of these yesterday, which I deleted, but this morning, these 2 have appeared.
If I go into Active Directory Users and Computers, and drill down to System->MicrosoftDNS, I can see 0.168.192.in-addr.arpa with a yellow exclamation on it. If I right-click and choose to delete it, I get a warning asking me to confirm deletion. I choose Yes and get an error which says:-
The object 0.168.192.in-addr.arpa (or some of the objects it contains) cannot be deleted because: The directory service encountered an unknown failure."
I'm unsure where to go with this now...
ASKER
I've downloaded and run the BPA for SBS 2003. The only critical error was that the ClientApps shared folder path has changed.
I've also got a couple of non-critical issues, but nothing that should affect DNS.
I've also got a couple of non-critical issues, but nothing that should affect DNS.
ASKER
I've also noticed another entry in ADSIEDIT this morning:-
DC=..InProgress-4EA919AF57 C36E1C-0.1 68.192.in- addr.arpa
DC=..InProgress-4EA919AF57
how many NICs in your server?
can you run IPCONFIG /all on the server and post the results?
can you run IPCONFIG /all on the server and post the results?
ASKER
I'll have to post the results on Monday now, as I'm finished for the weekend...
ASKER
OK, I've posted the ipconfig results below. There are 2 NICs installed, but there is nothing on the 15.0.0.x network at all.
Windows IP Configuration
Host Name . . . . . . . . . . . . : MYSRV
Primary Dns Suffix . . . . . . . : mydomain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.local
Ethernet adapter Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #2
Physical Address. . . . . . . . . : 00-18-8B-3B-BB-3C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 15.0.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.67
Primary WINS Server . . . . . . . : 192.168.0.67
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 00-18-8B-3B-BB-3A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.67
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.65
DNS Servers . . . . . . . . . . . : 192.168.0.67
Primary WINS Server . . . . . . . : 192.168.0.67
Windows IP Configuration
Host Name . . . . . . . . . . . . : MYSRV
Primary Dns Suffix . . . . . . . : mydomain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.local
Ethernet adapter Network Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #2
Physical Address. . . . . . . . . : 00-18-8B-3B-BB-3C
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 15.0.0.1
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . :
DNS Servers . . . . . . . . . . . : 192.168.0.67
Primary WINS Server . . . . . . . : 192.168.0.67
Ethernet adapter Server Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client)
Physical Address. . . . . . . . . : 00-18-8B-3B-BB-3A
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.67
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.65
DNS Servers . . . . . . . . . . . : 192.168.0.67
Primary WINS Server . . . . . . . : 192.168.0.67
what if anything is the Nic with the 15.x.x.x address connected to?
ASKER
Nothing at all
Then disable the NIC (right click > Disable)...and then reboot at your convenience and see what your results are then
ASKER
Actually, upon further inspection, I cannot disable this NIC, as it actually is connected to a NAS box on the same IP range. Backup Exec is backing up to this NAS box...
Why isn't your NAS box on the same IP subnet as your LAN?
ASKER
Because the amount of data being backed up to the NAS was slowing down the main network, it was put onto a separate NIC.
not sure how that address was selected as it's not a "private" IP Address but a public one on the internet.
I recognize it's behind a router so it probably not a problem
Do you have an entry in DNS for this IP?
I recognize it's behind a router so it probably not a problem
Do you have an entry in DNS for this IP?
ASKER
Yes - it's one of the server entries...
Have you tried booting to safe mode to see if it will allow you to remove the record, then just boot back up in normal mode
ASKER
It's not as simple as that - all of the work I do on this server is via an RDP session. Getting at the server is nigh on impossible
Don't suppose the server has an iDRAC card...well I'm afraid I don't have much more to offer on this case.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
No solution has been found to this problem
Run it and correct everything it finds and see where you end it after that.