Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

DNS event ID 4515 (warning)

0 views
Skip to first unread message

Scott Lowe

unread,
May 18, 2004, 5:54:50 PM5/18/04
to
Hi, all -

We are having a problem with a recurring warning on our
new AD domain controllers. Last week, we migrated from
NT 4 to Windows 2K3 and, initially, were using Cisco's
Network Registrar for DNS/DHCP. After the weekend, we
moved to Microsoft's DNS (it became obvious that Network
Registrar was NOT the answer for AD).

We have two AD domain controllers, AD1 and AD2.
Mydomain.com is an Active Directory integrated domain on
both. It was originally a secondary on both domain
controllers until we decommissioned the Network Registrar
servers and made them AD-integrated primaries.

What I think we did wrong was make them AD-integrated on
both domain controllers at the same time. I suspect we
inadvertenly created two copies of the zone in the same
partition.

When we go to ADUC, we have the following two entries
under the System tree:
* MicrosoftDNS
* MicrosoftDNS-CNF:6a61f467-fd94-4ce3-b5d6-3a6f00998a33

I understand that we can delete the CNF one, but we need
to determine the root cause of the problem.

I've also run ADSIEdit and connected to
DC=DomainDNSZones,DC=mydomain,DC=com. We have a number
of entries under MicrosoftDNS that start
with ...InProgress.

We're stumped at this point. I don't want to go deleting
things I know nothing about.

I appreciate any help!

Scott

Ulf B. Simon-Weidner [MVP]

unread,
May 19, 2004, 1:39:30 AM5/19/04
to
Scott Lowe says...
Hello Scott,

since you made the zone AD Integrated on both sides you'll have two
different zones stored in AD (as you figured out). To be on the save
side you'll be able to set the zone on one server (preferably the first
you made AD integrated) as primary (non-ad integrated) again,
completelly delete the zone on the second server, point the DNS-Client
of the second server to the first server, then wait a bit for
replication and then reintegrate the zone on the first server into AD.
Wait for replication again, and the DNS-Server on the second server
will start to see the zone and providing the service for it as well
(note that you might need to restart the DNS-Service and/or do a
refresh on the MMC on the second server).
--
Gruesse - Sincerely,

Ulf B. Simon-Weidner

0 new messages