Event ID : 4015
The DNS server has encountered a critical error from the Active Directory.
Check that the Active Directory is functioning properly. The extended error
debug information (which may be empty) is "". The event data contains the
error.
EVENT ID : 4004
The DNS server was unable to complete directory service enumeration of zone
.. This DNS server is configured to use information obtained from Active
Directory for this zone and is unable to load the zone without it. Check
that the Active Directory is functioning properly and repeat enumeration of
the zone. The extended error debug information (which may be empty) is "".
The event data contains the error.
4004
The DNS server was unable to complete directory service enumeration of zone
_msdcs.testing.local. This DNS server is configured to use information
obtained from Active Directory for this zone and is unable to load the zone
without it. Check that the Active Directory is functioning properly and
repeat enumeration of the zone. The extended error debug information (which
may be empty) is "". The event data contains the error.
4515
The zone testing.local was previously loaded from the directory partition
MicrosoftDNS but another copy of the zone has been found in directory
partition DomainDnsZones.testing.local. The DNS Server will ignore this new
copy of the zone. Please resolve this conflict as soon as possible.
If an administrator has moved this zone from one directory partition to
another this may be a harmless transient condition. In this case, no action
is necessary. The deletion of the original copy of the zone should soon
replicate to this server.
If there are two copies of this zone in two different directory partitions
but this is not a transient caused by a zone move operation then one of these
copies should be deleted as soon as possible to resolve this conflict.
To change the replication scope of an application directory partition
containing DNS zones and for more details on storing DNS zones in the
application directory partitions, please see Help and Support
Solution:
From the description, I understand that you receive DNS Event ID 4004, 4015, 4515 on your DC. If I have misunderstood, please let me know.
First of all, I would like to know if you have any DNS name resolution issue on your network due to the DNS errors.
Regarding DNS Event ID 4004, 4015
======================
Based on my research, if these events are logged when the server starts, this is because the DNS service starts before AD is ready and therefore it cannot load information such as AD-integrated zone from Active
Directory. These events can be safely ignored as long as DNS service runs correctly after AD starts.
To resolve the problem, I have the following suggestions:
Suggestion 1: Delay DNS service during startup
=========
We can delay DNS service during startup until Netlogon service is started. In this way, these events may not occur. To do so, please follow these steps:
1. Open Registry on the DC by using "regedit" command.
2. Browse to HK_LOCAL_MACHINE\System\CurrentControlSet\Services\DNS
3. Double click "DependOnService" and add Netlogon at the bottom. Please do not remove any values in this key.
4. If "DependOnService" does not exist, we need to create muitl-string value "DependOnService" (without the quotation marks) and add Netlogon to it.
5. Click OK and restart the DC.
Suggestion 2: Ensure that Windows Time service is Started
=========
Please go to Services console (services.msc) and ensure that Windows Time service is set as Automatic and Started. Restart the DC to take effect.
Suggestion 3: Restart DNS and Net Logon services
=========
Open a Command Prompt and run "net stop dns" & "net stop netlogon". Go to C:\Windows\system32\config\, delete netlogon.dns and netlogon.dnb. Run "net start dns" & "net start netlogon". Let's restart the DC
again to check if the issue persists.
Also, please ensure that on this DC's NIC, preferred DNS server is pointing to the DC itself. Alternate DNS server can point to another DNS in the domain or just leave it blank. Please ensure that no external DNS
server is set on any NIC.
Please take your time to try my suggestions and let me know the result.
Regarding DNS Event ID 4515
======================
This issue may occur when the DNS zone that is listed in the Event 4515 exists in more than one location in Active Directory. A DNS zone may be incorrectly created in more than one location in Active Directory in
the following scenarios:
1. The DNS zone was moved from one directory partition to another directory partition.
2. The replication scope for Windows 2000 Active Directory integrated DNS zones are transitioned to domain DNS application partitions or to forest-wide DNS application partitions that are supported by
Windows Server 2003 domain controllers.
To resolve the problem, please try the steps described in the following article:
Event ID 4515 is logged in the DNS Server log in Windows Server 2003 http://support.microsoft.com/kb/867464
If these errors are still reported on this DC, please check the following and see if there are any incorrect settings.
Step 1: Verify if the DNS server is only listening on the internal interface.
=========
If the DNS server is multi-homed or acts as a RRAS server, please ensure that the DNS server should be set to listen on "only the following IP addresses" using the IP address in the range of your internal network
to service DNS requests. This can help prevent the additional interfaces from registering in DNS which can cause conflicts when the default option to listen on "All IP addresses" is chosen. To check this, please
follow these steps:
1. Click Start->Run, type dnsmgmt.msc and click OK to open the DNS MMC.
2. Right-click the DNS server and select Properties.
3. In Interfaces tab, please check if the DNS server only listens on internal interface in Listen on list.
Step 2: Verify if the Root Hints tab has the FQDN and IP address of all root servers listed.
=========
1. Click Start->Run, type dnsmgmt.msc and click OK to open the DNS MMC.
2. Right-click the DNS server and select Properties.
3. Click the Root Hints tab, check if the FQDN and IP address of all root servers are listed.
4. If not, we can open root hints from another DNS server which contains the information.
5. To copy root hints from a DNS server, we can:
a) In Root Hints tab, click the Copy from Server button.
b) Type the IP address of the DNS server from which you want to copy a list of root servers to use in resolving queries.
c) Click OK and wait until it finishes.
Step 3: Verify if the DNS setting is correct on client computer.
=========
1. Click Start, point to Control Panel, point to Network Connections.
2. Right-click the Local Area Connection and select Properties.
3. In General tab, double click Internet Protocol (TCP/IP).
4. Click Advanced.
5. Click the DNS tab, verify that the "Append primary and connection specific DNS suffixes" and "Append parent suffixes of the primary DNS suffix" options are chosen.
6. Verify that the host is configured to "Register this connection's addresses in DNS", but not configure to "Use this connection's DNS suffix in DNS registration"
If all of the above are correct, please collect Directory Service MPS report on this problematic DC and send to me for further research.
a. Please download the Microsoft Product Support Reporting tool from the link below:
http://download.microsoft.com/download/b/b/1/bb139fcb-4aac-4fe5-a579-30b0bd915706/MPSRPT_Dirsvc.EXE
b. Run the tool on the DC.
c. The program creates: C:\WINDOWS\MPSReports\<
d: Once the folder opens up in Windows Explorer, please send me the CAB file of the server that includes your computer's name.
e. If there is no CAB file created, please zip all the files in C:\WINDOWS\MPSReports\<
For we can safe ignore event ID 4004 and 4015, let focus on event ID 4515.
Normally, event ID 4515 is caused by replication error or duplicated zone
in Active Directory. After checking the events log of File Replication
Service and Directory Service, I cannot find any error or warning related
to replication. So we should check if we have duplication zones (which
cause confliction) in Active Directory.
The problem probably occurred while both 2000 and 2003 DCs were co-existing
and at least one of the 2000 DCs was still running the DNS service. When
switching over to 2003, or even 2003 to 2008, you have to keep the two
different replication scopes to be backward compatible until you uninstall
DNS (not delete the zone from 2000). Once you've uninstalled DNS from ALL
2000 DCs, and then is it safe to change the replication scope.
We can try the following steps to check and delete duplicated DNS zone:
1. Click Start, click Run, type adsiedit.msc, and then click OK.
2. In the console tree, right-click ADSI Edit, and then click Connect to.
3. Click Select or type a Distinguished Name or Naming Context, type the
following text in the list, and then click OK: DC=DomainDNSZones, DC=
testing, DC=com.
4. In the console tree, double-click DC=DomainDNSZones, DC= testing,
DC=com
5. Double-click CN=MicrosoftDNS, and click the zone (testing.local). You
should now be able to view the DNS records which exist in this DNS
partition. If you desire to remove this partition, right-click on
contoso.com and then click Delete.
Note Deleting a zone is a destructive operation. Please confirm that a
duplicate zone exists before you perform a deletion.
If you have deleted a zone, restart the DNS service. To do this, follow
these steps:
1. Click Start, point to All Programs, point to Administrative Tools, and
then click DNS.
2. In the console tree, right-click testing.local, point to All Tasks, and
then click Restart.
No comments:
Post a Comment