Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

DNS Unable to add or write an update. Limited Entries Exceeded.

237 views
Skip to first unread message

Don B.

unread,
Apr 11, 2008, 4:45:01 PM4/11/08
to
Hello,

I'm attempting to convert a Primary Zone file to Active
Directory-Intergrated (KB816101). We have two hosts names that have 1005 IP
addresses assigned to it. Based on KB267855 , there use to be a limit for
Windows 2000 Server to 800 entries but the fix is to apply a service pack. I
am running Windows 2003 Server Standard with SP2 and latest patches. Is there
a fix for this version? Thank you for your help!

Referance:
http://support.microsoft.com/kb/267855
http://support.microsoft.com/kb/816101

Actual Error Message:

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4011
Date: 4/11/08
Time: 3:58:05 PM
User: N/A
Computer: CM01
Description:
The DNS server was unable to add or write an update of domain name reg01 in
zone abc.virginia.gov to the Active Directory. Check that the Active
Directory is functioning properly and add or update this domain name using
the DNS console. The extended error debug information (which may be empty) is
"00002024: SvcErr: DSID-02080490, problem 5008 (ADMIN_LIMIT_EXCEEDED), data
-1112". The event data contains the error.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 2a 23 00 00 *#..

Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4015
Date: 4/11/08
Time: 3:57:53 PM
User: N/A
Computer: CM01
Description:
The DNS server has encountered a critical error from the Active Directory.
Check that the Active Directory is functioning properly. The extended error
debug information (which may be empty) is "00002024: SvcErr: DSID-02080490,
problem 5008 (ADMIN_LIMIT_EXCEEDED), data -1112". The event data contains the
error.

For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0b 00 00 00 ....

Ace Fekay [MVP]

unread,
Apr 13, 2008, 11:12:13 AM4/13/08
to
In news:9FCB504F-4927-450C...@microsoft.com,
Don B. <Do...@discussions.microsoft.com> typed:


I have not yet heard of having an A record with that many IPs. Curious, what
is tha the LdapIpAddress you are speaking of?

EventID 4011:
http://support.microsoft.com/default.aspx?scid=kb;en-us;252695

--
Regards,
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT,
MVP Microsoft MVP - Directory Services
Microsoft Certified Trainer

For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

Infinite Diversities in Infinite Combinations


Don B.

unread,
Apr 14, 2008, 3:35:01 PM4/14/08
to
The LdapIpAddress(es) is the IP addresses of the Domain Controllers with no
host name, A records. Hope that is what you were asking for.
The zone file works great as a text file ( ie: zone.name.dns), just not
intergrated into AD.

Our primary zone file record looks like this but with 1005 total IP
addresses. I did find out from our Web team that we don't need all of the
addresses. The engineer used the entire range, if were to ever grow to that
many. But it still would be nice to know if the limit is 800 or is there a
fix to allow an increase. We are close to 800.

reg01 43200 A 10.165.2.6
43200 A 10.165.3.6
43200 A 10.165.4.6
43200 A 10.165.5.6
43200 A 10.165.6.6
43200 A 10.165.7.6
43200 A 10.165.8.6
43200 A 10.165.9.6
43200 A 10.165.10.6
43200 A 10.165.11.6 etc....


Thank you,
Don

Ace Fekay [MVP]

unread,
Apr 15, 2008, 10:49:13 PM4/15/08
to
In news:B6DF5AE0-B774-47EC...@microsoft.com,
Don B. <Do...@discussions.microsoft.com> typed:

> The LdapIpAddress(es) is the IP addresses of the Domain Controllers
> with no host name, A records. Hope that is what you were asking for.
> The zone file works great as a text file ( ie: zone.name.dns), just
> not intergrated into AD.
>
> Our primary zone file record looks like this but with 1005 total IP
> addresses. I did find out from our Web team that we don't need all of
> the addresses. The engineer used the entire range, if were to ever
> grow to that many. But it still would be nice to know if the limit is
> 800 or is there a fix to allow an increase. We are close to 800.
>
> reg01 43200 A 10.165.2.6
> 43200 A 10.165.3.6
> 43200 A 10.165.4.6
> 43200 A 10.165.5.6
> 43200 A 10.165.6.6
> 43200 A 10.165.7.6
> 43200 A 10.165.8.6
> 43200 A 10.165.9.6
> 43200 A 10.165.10.6
> 43200 A 10.165.11.6 etc....
>
>
> Thank you,
> Don

As far as I recall it's 800. At least there was that fix, but I do not know
the reliability of it.

Yes, that;s the LdapIpAddress, which is what I was referring to. Each DC
registers one. In your case, it's an A record called 'reg01'. I would
imagine if this is for web services, instead of corrupting or messing with
the zone data, which if anything happens, will cause problems with AD, I
would suggest to use some sort of web farm box, such as BigIP.

http://www.f5.com/products/big-ip/

Ace


Don B.

unread,
Apr 16, 2008, 12:01:01 PM4/16/08
to
ok, thank you for the response and link to BigIP!

Don

Ace Fekay [MVP]

unread,
Apr 16, 2008, 7:09:36 PM4/16/08
to
In news:D5DF83B2-DCFE-46DB...@microsoft.com,
Don B. <Do...@discussions.microsoft.com> typed:

> ok, thank you for the response and link to BigIP!
>
> Don

My pleasure, and I hope it helps!

Ace


0 new messages