Hi,

We have some event problems with our DNS service (w2003r2 and now
upgraded to w2008). At every reboot of the DNS server there is a pile
of 4010 and a couple of 4013 events.

These servers formerly had a single label (non dotted) domain name, and
I think the problem started after renaming to domain to a dotted one.

What do we do to get rid of these errors?

(This is another domain than the 'Adding 2008...' post above).

Thanks for help on this

regards

jake

From event log:

4010 The DNS server was unable to create a resource record for
477e0653-8f6b-4265-ba75-b053508230da._msdcs.mylocaldomain.lan. in zone
mylocaldomain.LAN. The Active Directory definition of this resource
record is corrupt or contains an invalid DNS name. The event data
contains the error.

4010 The DNS server was unable to create a resource record for
1ffcb6ba-c6bf-4037-95bc-2614d7ea9a61._msdcs.mylocaldomain.lan. in zone
mylocaldomain.LAN. The Active Directory definition of this resource
record is corrupt or contains an invalid DNS name. The event data
contains the error.

4010 The DNS server was unable to create a resource record for
_ldap._tcp.pdc._msdcs.mylocaldomain.lan. in zone mylocaldomain.LAN. The
Active Directory definition of this resource record is corrupt or
contains an invalid DNS name. The event data contains the error.

4010 The DNS server was unable to create a resource record for
_ldap._tcp.gc._msdcs.mylocaldomain.lan. in zone mylocaldomain.LAN. The
Active Directory definition of this resource record is corrupt or
contains an invalid DNS name. The event data contains the error.

4010 The DNS server was unable to create a resource record for
_kerberos._tcp.dc._msdcs.mylocaldomain.lan. in zone mylocaldomain.LAN.
The Active Directory definition of this resource record is corrupt or
contains an invalid DNS name. The event data contains the error.

4013 The DNS server is waiting for Active Directory Domain Services (AD
DS) to signal that the initial synchronization of the directory has been
completed. The DNS server service cannot start until the initial
synchronization is complete because critical DNS data might not yet be
replicated onto this domain controller. If events in the AD DS event log
indicate that there is a problem with DNS name resolution, consider
adding the IP address of another DNS server for this domain to the DNS
server list in the Internet Protocol properties of this computer. This
event will be logged every two minutes until AD DS has signaled that the
initial synchronization has successfully completed.

"Jake" <jake44@gmail.com> wrote in message
news:eDhq5xbRKHA.3540@TK2MSFTNGP04.phx.gbl...

Quote:

Hi, We have some event problems with our DNS service (w2003r2 and now upgraded to w2008). At every reboot of the DNS server there is a pile of 4010 and a couple of 4013 events. These servers formerly had a single label (non dotted) domain name, and I think the problem started after renaming to domain to a dotted one. What do we do to get rid of these errors? (This is another domain than the 'Adding 2008...' post above). Thanks for help on this regards jake From event log: 4010 The DNS server was unable to create a resource record for 477e0653-8f6b-4265-ba75-b053508230da._msdcs.mylocaldomain.lan. in zone mylocaldomain.LAN. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error. 4010 The DNS server was unable to create a resource record for 1ffcb6ba-c6bf-4037-95bc-2614d7ea9a61._msdcs.mylocaldomain.lan. in zone mylocaldomain.LAN. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error. 4010 The DNS server was unable to create a resource record for _ldap._tcp.pdc._msdcs.mylocaldomain.lan. in zone mylocaldomain.LAN. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error. 4010 The DNS server was unable to create a resource record for _ldap._tcp.gc._msdcs.mylocaldomain.lan. in zone mylocaldomain.LAN. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error. 4010 The DNS server was unable to create a resource record for _kerberos._tcp.dc._msdcs.mylocaldomain.lan. in zone mylocaldomain.LAN. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error. 4013 The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.

The 4010's mean lots of DNS errors are being recorded. However the 4013 is
more serious. This could depend on the ipconfig of the server and which DNS
addresses are listed. Post an ipconfig /all of the server, and we can
evaluate the config and provide suggestions and recommendations. The
ipconfigs give us more than just DNS addresses, so if we can see that, it
will greatly help.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCTS 2008, MCTS Exchange, MCSE, MCSA 2003 & 2000, MCSA
Messaging
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

Hello Jake,

Please post the complete event viewer entries here. Also an unedited ipconfig
/all from both DCs.

Did you follow this article for domain rename especially the DNS parts in it?
http://technet.microsoft.com/en-us/library/cc738208(WS.10).aspx

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Quote:

Hi, We have some event problems with our DNS service (w2003r2 and now upgraded to w2008). At every reboot of the DNS server there is a pile of 4010 and a couple of 4013 events. These servers formerly had a single label (non dotted) domain name, and I think the problem started after renaming to domain to a dotted one. What do we do to get rid of these errors? (This is another domain than the 'Adding 2008...' post above). Thanks for help on this regards jake From event log: 4010 The DNS server was unable to create a resource record for 477e0653-8f6b-4265-ba75-b053508230da._msdcs.mylocaldomain.lan. in zone mylocaldomain.LAN. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error. 4010 The DNS server was unable to create a resource record for 1ffcb6ba-c6bf-4037-95bc-2614d7ea9a61._msdcs.mylocaldomain.lan. in zone mylocaldomain.LAN. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error. 4010 The DNS server was unable to create a resource record for _ldap._tcp.pdc._msdcs.mylocaldomain.lan. in zone mylocaldomain.LAN. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error. 4010 The DNS server was unable to create a resource record for _ldap._tcp.gc._msdcs.mylocaldomain.lan. in zone mylocaldomain.LAN. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error. 4010 The DNS server was unable to create a resource record for _kerberos._tcp.dc._msdcs.mylocaldomain.lan. in zone mylocaldomain.LAN. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error. 4013 The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.

Ace Fekay [MCT] skrev:

Quote:

The 4010's mean lots of DNS errors are being recorded. However the 4013 is more serious. This could depend on the ipconfig of the server and which DNS addresses are listed. Post an ipconfig /all of the server, and we can evaluate the config and provide suggestions and recommendations. The ipconfigs give us more than just DNS addresses, so if we can see that, it will greatly help. See post below.

Thanks

jake

Meinolf Weber [MVP-DS] skrev:

Quote:

Hello Jake, Please post the complete event viewer entries here. Also an unedited ipconfig /all from both DCs. Did you follow this article for domain rename especially the DNS parts in it? http://technet.microsoft.com/en-us/library/cc738208(WS.10).aspx

That was several years ago, and I think that article was taken into
account too. The process went without any error messages, but despite
that from than moment these error events started to appear each time the
server was rebooted.

With Moses (.13) w2003 dc there was always two 4010 events together, but
within w2008 .10 (Moses-2) there are 15 after a reboot, some of them are
copied below

Log Name: DNS Server
Source: Microsoft-Windows-DNS-Server-Service
Date: 05.10.2009 14:06:46
Event ID: 4010
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Moses-2.mylocaldomain.LAN
Description:
The DNS server was unable to create a resource record for
_kerberos._tcp.dc._msdcs.mylocaldomain.lan. in zone mylocaldomain.LAN.
The Active Directory definition of this resource record is corrupt or
contains an invalid DNS name. The event data contains the error.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Server-Service"
Guid="{71A551F5-C893-4849-886B-B5EC8502641E}" EventSourceName="DNS" />
<EventID Qualifiers="49152">4010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-10-05T12:06:46.000Z" />
<EventRecordID>5</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>DNS Server</Channel>
<Computer>Moses-2.mylocaldomain.LAN</Computer>
<Security />
</System>
<EventData Name="DNS_EVENT_DS_RECORD_LOAD_FAILED">
<Data Name="param1">_kerberos._tcp.dc._msdcs.mylocaldomain.lan.</Data>
<Data Name="param2">mylocaldomain.LAN</Data>
<Binary>7B000000</Binary>
</EventData>
</Event>


Log Name: DNS Server
Source: Microsoft-Windows-DNS-Server-Service
Date: 05.10.2009 14:06:46
Event ID: 4010
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Moses-2.mylocaldomain.LAN
Description:
The DNS server was unable to create a resource record for
_kerberos._tcp.dc._msdcs.mylocaldomain.lan. in zone mylocaldomain.LAN.
The Active Directory definition of this resource record is corrupt or
contains an invalid DNS name. The event data contains the error.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Server-Service"
Guid="{71A551F5-C893-4849-886B-B5EC8502641E}" EventSourceName="DNS" />
<EventID Qualifiers="49152">4010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-10-05T12:06:46.000Z" />
<EventRecordID>6</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>DNS Server</Channel>
<Computer>Moses-2.mylocaldomain.LAN</Computer>
<Security />
</System>
<EventData Name="DNS_EVENT_DS_RECORD_LOAD_FAILED">
<Data Name="param1">_kerberos._tcp.dc._msdcs.mylocaldomain.lan.</Data>
<Data Name="param2">mylocaldomain.LAN</Data>
<Binary>7B000000</Binary>
</EventData>
</Event>

Log Name: DNS Server
Source: Microsoft-Windows-DNS-Server-Service
Date: 05.10.2009 14:06:46
Event ID: 4010
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Moses-2.mylocaldomain.LAN
Description:
The DNS server was unable to create a resource record for
_kerberos._tcp.dc._msdcs.mylocaldomain.lan. in zone mylocaldomain.LAN.
The Active Directory definition of this resource record is corrupt or
contains an invalid DNS name. The event data contains the error.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Server-Service"
Guid="{71A551F5-C893-4849-886B-B5EC8502641E}" EventSourceName="DNS" />
<EventID Qualifiers="49152">4010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-10-05T12:06:46.000Z" />
<EventRecordID>6</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>DNS Server</Channel>
<Computer>Moses-2.mylocaldomain.LAN</Computer>
<Security />
</System>
<EventData Name="DNS_EVENT_DS_RECORD_LOAD_FAILED">
<Data Name="param1">_kerberos._tcp.dc._msdcs.mylocaldomain.lan.</Data>
<Data Name="param2">mylocaldomain.LAN</Data>
<Binary>7B000000</Binary>
</EventData>
</Event>

Log Name: DNS Server
Source: Microsoft-Windows-DNS-Server-Service
Date: 05.10.2009 14:06:46
Event ID: 4010
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: Moses-2.mylocaldomain.LAN
Description:
The DNS server was unable to create a resource record for
_ldap._tcp.93a285bc-f6b1-4c4c-bf62-1b647a3ea7d2.domains._msdcs.mylocaldomain.lan.
in zone mylocaldomain.LAN. The Active Directory definition of this
resource record is corrupt or contains an invalid DNS name. The event
data contains the error.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-DNS-Server-Service"
Guid="{71A551F5-C893-4849-886B-B5EC8502641E}" EventSourceName="DNS" />
<EventID Qualifiers="49152">4010</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2009-10-05T12:06:46.000Z" />
<EventRecordID>9</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>DNS Server</Channel>
<Computer>Moses-2.mylocaldomain.LAN</Computer>
<Security />
</System>
<EventData Name="DNS_EVENT_DS_RECORD_LOAD_FAILED">
<Data
Name="param1">_ldap._tcp.93a285bc-f6b1-4c4c-bf62-1b647a3ea7d2.domains._msdcs.mylocaldomain.lan.</Data>
<Data Name="param2">mylocaldomain.LAN</Data>
<Binary>7B000000</Binary>
</EventData>
</Event>

C:\>ipconfig /all (w2003 master dc)

Windows IP Configuration

Host Name . . . . . . . . . . . . : Moses
Primary Dns Suffix . . . . . . . : mylocaldomain.LAN
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mylocaldomain.LAN

Ethernet adapter Lower OnBoard NIC:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-13-72-F9-95-AF
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 172.22.100.13
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.22.100.1
DNS Servers . . . . . . . . . . . : 172.22.100.13
172.22.100.11
Primary WINS Server . . . . . . . : 172.22.100.13

C:\>

C:\>ipconfig /all (w2008 dc)

Windows IP Configuration

Host Name . . . . . . . . . . . . : Moses-2
Primary Dns Suffix . . . . . . . : mylocaldomain.LAN
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mylocaldomain.LAN

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network
Connection
Physical Address. . . . . . . . . : 00-0C-29-6C-4E-3F
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.22.100.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.22.100.1
DNS Servers . . . . . . . . . . . : 172.22.100.13
172.22.100.11
Primary WINS Server . . . . . . . : 172.22.100.13
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . :
isatap.{53E1D6EF-858C-4F37-A103-B28155E8B
DE3}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

C:\>

Jake,

Jake schrieb:

Quote:

Ethernet adapter Lower OnBoard NIC: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-13-72-F9-95-AF DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 172.22.100.13 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 172.22.100.1 DNS Servers . . . . . . . . . . . : 172.22.100.13 172.22.100.11 Primary WINS Server . . . . . . . : 172.22.100.13

Is .11 another DC? What is .11?

I've seen this behavior in a merger where a different record was broken.
Deleting the record with dnscmd and re-creating it (stop&&start
netlogon) fixed it, as far as I recall.

Have you checked http://support.microsoft.com/Default.aspx?kbid=316685?

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
Maillist (german): http://frickelsoft.net/cms/index.php?page=mailingliste

"Jake" <jake44@gmail.com> wrote in message
news:Oypb3AeRKHA.4324@TK2MSFTNGP05.phx.gbl...

Quote:

Meinolf Weber [MVP-DS] skrev: Hello Jake, Please post the complete event viewer entries here. Also an unedited ipconfig /all from both DCs. Did you follow this article for domain rename especially the DNS parts in it? http://technet.microsoft.com/en-us/library/cc738208(WS.10).aspx That was several years ago, and I think that article was taken into account too. The process went without any error messages, but despite that from than moment these error events started to appear each time the server was rebooted. With Moses (.13) w2003 dc there was always two 4010 events together, but within w2008 .10 (Moses-2) there are 15 after a reboot, some of them are copied below Log Name: DNS Server Source: Microsoft-Windows-DNS-Server-Service Date: 05.10.2009 14:06:46 Event ID: 4010 Task Category: None Level: Error Keywords: Classic User: N/A Computer: Moses-2.mylocaldomain.LAN Description: The DNS server was unable to create a resource record for _kerberos._tcp.dc._msdcs.mylocaldomain.lan. in zone mylocaldomain.LAN. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error. Event Xml: Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event" System Provider Name="Microsoft-Windows-DNS-Server-Service" Guid="{71A551F5-C893-4849-886B-B5EC8502641E}" EventSourceName="DNS" / EventID Qualifiers="49152">4010</EventID Version>0</Version Level>2</Level Task>0</Task Opcode>0</Opcode Keywords>0x80000000000000</Keywords TimeCreated SystemTime="2009-10-05T12:06:46.000Z" / EventRecordID>5</EventRecordID Correlation / Execution ProcessID="0" ThreadID="0" / Channel>DNS Server</Channel Computer>Moses-2.mylocaldomain.LAN</Computer Security / /System EventData Name="DNS_EVENT_DS_RECORD_LOAD_FAILED" Data Name="param1">_kerberos._tcp.dc._msdcs.mylocaldomain.lan.</Data Data Name="param2">mylocaldomain.LAN</Data Binary>7B000000</Binary /EventData /Event Log Name: DNS Server Source: Microsoft-Windows-DNS-Server-Service Date: 05.10.2009 14:06:46 Event ID: 4010 Task Category: None Level: Error Keywords: Classic User: N/A Computer: Moses-2.mylocaldomain.LAN Description: The DNS server was unable to create a resource record for _kerberos._tcp.dc._msdcs.mylocaldomain.lan. in zone mylocaldomain.LAN. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error. Event Xml: Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event" System Provider Name="Microsoft-Windows-DNS-Server-Service" Guid="{71A551F5-C893-4849-886B-B5EC8502641E}" EventSourceName="DNS" / EventID Qualifiers="49152">4010</EventID Version>0</Version Level>2</Level Task>0</Task Opcode>0</Opcode Keywords>0x80000000000000</Keywords TimeCreated SystemTime="2009-10-05T12:06:46.000Z" / EventRecordID>6</EventRecordID Correlation / Execution ProcessID="0" ThreadID="0" / Channel>DNS Server</Channel Computer>Moses-2.mylocaldomain.LAN</Computer Security / /System EventData Name="DNS_EVENT_DS_RECORD_LOAD_FAILED" Data Name="param1">_kerberos._tcp.dc._msdcs.mylocaldomain.lan.</Data Data Name="param2">mylocaldomain.LAN</Data Binary>7B000000</Binary /EventData /Event Log Name: DNS Server Source: Microsoft-Windows-DNS-Server-Service Date: 05.10.2009 14:06:46 Event ID: 4010 Task Category: None Level: Error Keywords: Classic User: N/A Computer: Moses-2.mylocaldomain.LAN Description: The DNS server was unable to create a resource record for _kerberos._tcp.dc._msdcs.mylocaldomain.lan. in zone mylocaldomain.LAN. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error. Event Xml: Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event" System Provider Name="Microsoft-Windows-DNS-Server-Service" Guid="{71A551F5-C893-4849-886B-B5EC8502641E}" EventSourceName="DNS" / EventID Qualifiers="49152">4010</EventID Version>0</Version Level>2</Level Task>0</Task Opcode>0</Opcode Keywords>0x80000000000000</Keywords TimeCreated SystemTime="2009-10-05T12:06:46.000Z" / EventRecordID>6</EventRecordID Correlation / Execution ProcessID="0" ThreadID="0" / Channel>DNS Server</Channel Computer>Moses-2.mylocaldomain.LAN</Computer Security / /System EventData Name="DNS_EVENT_DS_RECORD_LOAD_FAILED" Data Name="param1">_kerberos._tcp.dc._msdcs.mylocaldomain.lan.</Data Data Name="param2">mylocaldomain.LAN</Data Binary>7B000000</Binary /EventData /Event Log Name: DNS Server Source: Microsoft-Windows-DNS-Server-Service Date: 05.10.2009 14:06:46 Event ID: 4010 Task Category: None Level: Error Keywords: Classic User: N/A Computer: Moses-2.mylocaldomain.LAN Description: The DNS server was unable to create a resource record for _ldap._tcp.93a285bc-f6b1-4c4c-bf62-1b647a3ea7d2.domains._msdcs.mylocaldomain.lan. in zone mylocaldomain.LAN. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error. Event Xml: Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event" System Provider Name="Microsoft-Windows-DNS-Server-Service" Guid="{71A551F5-C893-4849-886B-B5EC8502641E}" EventSourceName="DNS" / EventID Qualifiers="49152">4010</EventID Version>0</Version Level>2</Level Task>0</Task Opcode>0</Opcode Keywords>0x80000000000000</Keywords TimeCreated SystemTime="2009-10-05T12:06:46.000Z" / EventRecordID>9</EventRecordID Correlation / Execution ProcessID="0" ThreadID="0" / Channel>DNS Server</Channel Computer>Moses-2.mylocaldomain.LAN</Computer Security / /System EventData Name="DNS_EVENT_DS_RECORD_LOAD_FAILED" Data Name="param1">_ldap._tcp.93a285bc-f6b1-4c4c-bf62-1b647a3ea7d2.domains._msdcs.mylocaldomain.lan.</Data Data Name="param2">mylocaldomain.LAN</Data Binary>7B000000</Binary /EventData /Event C:\>ipconfig /all (w2003 master dc) Windows IP Configuration Host Name . . . . . . . . . . . . : Moses Primary Dns Suffix . . . . . . . : mylocaldomain.LAN Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : mylocaldomain.LAN Ethernet adapter Lower OnBoard NIC: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-13-72-F9-95-AF DHCP Enabled. . . . . . . . . . . : No IP Address. . . . . . . . . . . . : 172.22.100.13 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 172.22.100.1 DNS Servers . . . . . . . . . . . : 172.22.100.13 172.22.100.11 Primary WINS Server . . . . . . . : 172.22.100.13 C:\ C:\>ipconfig /all (w2008 dc) Windows IP Configuration Host Name . . . . . . . . . . . . : Moses-2 Primary Dns Suffix . . . . . . . : mylocaldomain.LAN Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : mylocaldomain.LAN Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-0C-29-6C-4E-3F DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 172.22.100.10(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 172.22.100.1 DNS Servers . . . . . . . . . . . : 172.22.100.13 172.22.100.11 Primary WINS Server . . . . . . . : 172.22.100.13 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 8: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : isatap.{53E1D6EF-858C-4F37-A103-B28155E8B DE3} Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 9: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 02-00-54-55-4E-01 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes C:\

Curious, in addition to Florian's post, which I would recommend looking
into, and the .11 (thought you changed that based on your other thread?),
does "mylocaldomain.LAN" actual name have an underscore in it?

Ace

Ace Fekay [MCT] skrev:

Quote:

Curious, in addition to Florian's post, which I would recommend looking into, and the .11 (thought you changed that based on your other thread?), does "mylocaldomain.LAN" actual name have an underscore in it? Ace

172.22.100.11 is a third 2003 domain controller which is on its way out
after we have two new virtual w2008 dcs up and running.... I will alter
its IP til .14 though. The two 2008 will have .10 and .11 respectively.

No, my 'real' domain name does not have any special characters in it,
only a-z letters.

jake

"Jake" <jake44@gmail.com> wrote in message
news:e1uWbteRKHA.5108@TK2MSFTNGP02.phx.gbl...

Quote:

Ace Fekay [MCT] skrev: Curious, in addition to Florian's post, which I would recommend looking into, and the .11 (thought you changed that based on your other thread?), does "mylocaldomain.LAN" actual name have an underscore in it? Ace 172.22.100.11 is a third 2003 domain controller which is on its way out after we have two new virtual w2008 dcs up and running.... I will alter its IP til .14 though. The two 2008 will have .10 and .11 respectively. No, my 'real' domain name does not have any special characters in it, only a-z letters. jake

Jake,

Take a look at the links below. It may be an issue with the _msdcs zone, but
then again, maybe not, depending on what you have.

http://eventid.net/display.asp?eventid=4010&eventno=791&source=DNS&phase=1
http://eventid.net/display.asp?eventid=4013&eventno=2189&source=DNS&phase=1

Ace

Ace Fekay [MCT] skrev:

Quote:

Take a look at the links below. It may be an issue with the _msdcs zone, but then again, maybe not, depending on what you have. http://eventid.net/display.asp?eventid=4010&eventno=791&source=DNS&phase=1 http://eventid.net/display.asp?eventid=4013&eventno=2189&source=DNS&phase=1

Thanks a lot. Will look into this and report back later today.

jake

Jake skrev:

Quote:

http://eventid.net/display.asp?eventid=4010&eventno=791&source=DNS&phase=1

This looked very promising. My predesessor mentioned something about
having manually redone some dns folders.

I started ADSI edit but its 'Domain' node had just one empty container
called DC=mylocaldomain.LAN DC=LAN

The other root node 'Configuration' had several multilevel subcontainers
and the last root node Schema had many entries.

But since 'Domain' was empty I cannot search up the offending GUID and
delete it.

My other domain's domain controller had a populated 'Domain' container,
but its Domain / System / MicrosoftDNS node contained only
RootDNSServers and its list. From your eventid.net link it should also
have had a mylocaldomain container with several guid containers.

Now, how do I populate my ADSI 'Domain' root container with data again?

regards jake

Meinolf Weber [MVP-DS] skrev:

Quote:

Hello Jake, According to the root "dc=mylocaldomain.lan, dc=lan" it seems that during domain rename something is done wrong, because all your output states "mylocaldomain.lan" and not "mylocaldomain.lan.lan" Are you able to connect to "dc=mylocaldomain,dc=lan" in ADSIedit.msc? You can fill it this way in the list to connect to, rightclick ADSIEDit and choose connect, name it also domain and choose "connection point", Select or TYPE a Distinguished Name or Naming context and fill in "dc=mylocaldomain,dc=lan". Best regards Meinolf Weber

I'm sorry that was a typo. The correct information is:

<ADSI Editor root>
Domain [DC1.mylocaldomain.lan]
Only and empty container: DC=mylocaldomain,DC=LAN
Configuration ...
Schema ...
</ADSI Editor root>

Now how do I repopulate the ADSI Domain container (since it is empty
now)? I hope I don't need to reinstall windows from scratch...

rgds jake

Hello Jake,

According to the root "dc=mylocaldomain.lan, dc=lan" it seems that during
domain rename something is done wrong, because all your output states "mylocaldomain.lan"
and not "mylocaldomain.lan.lan"

Are you able to connect to "dc=mylocaldomain,dc=lan" in ADSIedit.msc? You
can fill it this way in the list to connect to, rightclick ADSIEDit and choose
connect, name it also domain and choose "connection point", Select or TYPE
a Distinguished Name or Naming context and fill in "dc=mylocaldomain,dc=lan".

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Quote:

Jake skrev: http://eventid.net/display.asp?eventid=4010&eventno=791&source=DNS&p hase=1 This looked very promising. My predesessor mentioned something about having manually redone some dns folders. I started ADSI edit but its 'Domain' node had just one empty container called DC=mylocaldomain.LAN DC=LAN The other root node 'Configuration' had several multilevel subcontainers and the last root node Schema had many entries. But since 'Domain' was empty I cannot search up the offending GUID and delete it. My other domain's domain controller had a populated 'Domain' container, but its Domain / System / MicrosoftDNS node contained only RootDNSServers and its list. From your eventid.net link it should also have had a mylocaldomain container with several guid containers. Now, how do I populate my ADSI 'Domain' root container with data again? regards jake

Hello Jake,

Please post an unedited dcdiag /v from all DCs here. Additional post the
NetBios name and the name shown in AD UC.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Quote:

Meinolf Weber [MVP-DS] skrev: Hello Jake, According to the root "dc=mylocaldomain.lan, dc=lan" it seems that during domain rename something is done wrong, because all your output states "mylocaldomain.lan" and not "mylocaldomain.lan.lan" Are you able to connect to "dc=mylocaldomain,dc=lan" in ADSIedit.msc? You can fill it this way in the list to connect to, rightclick ADSIEDit and choose connect, name it also domain and choose "connection point", Select or TYPE a Distinguished Name or Naming context and fill in "dc=mylocaldomain,dc=lan". Best regards Meinolf Weber I'm sorry that was a typo. The correct information is: ADSI Editor root Domain [DC1.mylocaldomain.lan] Only and empty container: DC=mylocaldomain,DC=LAN Configuration ... Schema ... /ADSI Editor root Now how do I repopulate the ADSI Domain container (since it is empty now)? I hope I don't need to reinstall windows from scratch... rgds jake

"Jake" <jake44@gmail.com> wrote in message
news:u0QMgUmRKHA.4476@TK2MSFTNGP02.phx.gbl...

Quote:

Meinolf Weber [MVP-DS] skrev: Hello Jake, According to the root "dc=mylocaldomain.lan, dc=lan" it seems that during domain rename something is done wrong, because all your output states "mylocaldomain.lan" and not "mylocaldomain.lan.lan" Are you able to connect to "dc=mylocaldomain,dc=lan" in ADSIedit.msc? You can fill it this way in the list to connect to, rightclick ADSIEDit and choose connect, name it also domain and choose "connection point", Select or TYPE a Distinguished Name or Naming context and fill in "dc=mylocaldomain,dc=lan". Best regards Meinolf Weber I'm sorry that was a typo. The correct information is: ADSI Editor root Domain [DC1.mylocaldomain.lan] Only and empty container: DC=mylocaldomain,DC=LAN Configuration ... Schema ... /ADSI Editor root Now how do I repopulate the ADSI Domain container (since it is empty now)? I hope I don't need to reinstall windows from scratch... rgds jake

Jake,

Sounds like you may possibly have a dupe zone. Read the following to find
out or at least eliminate this possibility.

Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx

Ace