Ошибка 4010 dns server
Thanks. We have received your request and will respond promptly.
Come Join Us!
- Talk With Other Members
- Be Notified Of Responses
To Your Posts - Keyword Search
- One-Click Access To Your
Favorite Forums - Automated Signatures
On Your Posts - Best Of All, It's Free!
*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.
Posting Guidelines
Promoting, selling, recruiting, coursework and thesis posting is forbidden.
Event ID 4010 (Source DNS) Error
I have come accross some weird problem.
- The DNS server was unable to load a resource record (RR) from the directory at %1._msdcs.%2.%3. in zone %2.%3. Use the DNS console to recreate this RR or check that the Active Directory is functioning properly and reload the zone. The event data contains the error.
Now these "missing" resource records are there, and I can even do a NSLookup on them.
Has anybody out there seen this before, if yes, how - if - did you solve it?
~ K.I.S.S - Don't make it any more complex than it has to be ~
- stoping netlogon service
- removing netlogon.dns and netlogon.tlb
- ipconfig /flushdns and ipconfig /registerdns
- starting netlogon service
- rebooting the server
all, without success.
Have you tried running the DCDIAG tool from the command line(may have to install the support tools before this cmd is available for you to use) that should give you a little more info on the specific area of the problem.
Regards,
Lightspeed1
AKA Mike
Yes, I have run DCDIAG too.. No errors.
How many clients on your network? Feasible to blow the zone out and reset? what service is your server offering to the clients? (DNS, DHCP WINS etc etc)Do you have DNS entries for external web or mail servers? I'd say the key is to find out WHAT resource record this thing is looking for.(sorry guess that's pretty obvious!) What happens when you use NSLOOKUP?
Regards,
Lightspeed1
AKA Mike
Ionut Marin (Last update 10/29/2003):
From a newsgroup post: "If the DC and the clients are pointing only at the internal DNS server and the problem continues try this. Stop the netlogon service. Go to Winnt\system32\config and delete the netlogon.dns and netlogon.dnb files. From a command prompt type "ipconfig /flushdns" and press enter. Then run "ipconfig /registerdns" and press enter. Lastly, start netlogon again. Check to see if the 4010 error message comes back. If so, delete the DNS forward lookup zone. Create a new forward lookup zone by the same name. Ensure it is setup to allow dynamic updates. Run the two IPconfig commands from above and restart netlogon".
Regards,
Lightspeed1
AKA Mike
well, the resources records that can not be found are there, and I am able to NSLookup them. That's what drives me crazy.
Currently, I am testing a scenario in my lab; what happens when I remove the DNS-service and reinstall it.
BTW: May be this information might be usefull too: It's a dingle domain with multiple sites, where each site has a DC with GC, DNS and DHCP. The main site has two DCs, each also with GC and DNS.
Hey Knutern,
Couple of things are coming to mind, you say the main site has two DC's ech holding the GC role. Shouldn't only one of those be the GC? Could it be that the server is trying to verify a RR that lives on your other DC? Are you seeing any kind of replication errors also? Could this be a case of the DNS service kicking in before the zone loads? Could this be an issue with one of the alias?
I am grasping at straws here I know. I am going to play around in my lab a bit also and see if I can recreate the issue. By the way I have to thank you for the Friday mornig laugh I manage a few "Dingle" domains myself :)
Post back if you come up with anything and I will continue to poke around also.
Regards,
Lightspeed1
AKA Mike
hmm.. dingel domain. that was a typo. It should read single of course :$ (blushing)
well, any DC in our Domain also holds the GC role. And no, no replication errors.
My biggest concerns are, I do not know why this all of a sudden has happend, and I am not able to reproduce the behavior in my lab environment.
Red Flag Submitted
Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.
Ответы
в ntdsutil не значатся. перерыл всё в adsi нашел только в DC=DomainDnsZones,DC=domain,DC=local/MicrosoftDNS/domain.local 2 записи про несуществующие КД. удалил. количество ошибок 4010 сократилось до 5
Event ID 4010 (Source DNS) Error
Reply To This Thread
Posting in the Tek-Tips forums is a member-only feature.
Click Here to join Tek-Tips and talk with other members! Already a Member? Login
DNS-серверу не удалось создать запись ресурса для "d1a05989-2ecd-4539-bfb1-7f551d289e55._msdcs.domain.local." в зоне domain.local. Определение Active Directory для этой записи ресурса повреждено или содержит недопустимое DNS-имя. Данные о событии содержат сведения об ошибке.
2 Replies
Tim Schweitzer II
Comments:
EventID.Net
- Data: "89345471-33aa-5f82-9c54-a70ea3cd43c2._msdcs.domain.com" - From a newsgroup post: "There are a couple of possibilities to why this event may appear. First did you manually create the _MSDCS folder? This can occur if a new _msdcs.domain.com zone is manually created on the DNS server, which in turn converts the original _msdcs folder within the domain.com zone into a delegated folder. Run ADSI Edit and delete this “Domain->System->MicrosoftDNS->domain.com->._msdcs". On the other hand, you could have a bad delegation to a child domain. Temporarily remove the delegations and test this".
From a newsgroup post: "If the DC and the clients are pointing only at the internal DNS server and the problem continues try this. Stop the netlogon service. Go to Winnt\system32\config and delete the netlogon.dns and netlogon.dnb files. From a command prompt type "ipconfig /flushdns" and press enter. Then run "ipconfig /registerdns" and press enter. Lastly, start netlogon again. Check to see if the 4010 error message comes back. If so, delete the DNS forward lookup zone. Create a new forward lookup zone by the same name. Ensure it is setup to allow dynamic updates. Run the two IPconfig commands from above and restart netlogon".
You might not have permission to access this file. See MSW2KDB for additional information on this event.
Click if the comment is good! x 29
ipconfig с больных сервантов
Добавлено:
и почему-то с рабочей станции nslookup на сервера выдаёт вот что
C:\Documents and Settings\Alexx>nslookup cd
Server: cd.knz.local
Address: 192.168.0.10
*** cd.knz.local can't find cd: Server failed
порт53 никто не должен закрывать, фаерволов внутри сети нету
это не в станции проблема, так на всех станциях
сначала на доменконтроллерах проверь:
nslookup cd
nslookup cd.knz.local
затем на станциях проверь:
nslookup cd 192.168.0.9
nslookup cd.knz.local 192.168.0.9
nslookup cd 192.168.0.10
nslookup cd.knz.local 192.168.0.10
на cd2
C:\Documents and Settings\Admin>nslookup cd
*** Can't find server name for address 192.168.0.9: Non-existent domain
Server: UnKnown
Address: 192.168.0.9
Name: cd.KNZ.local
Address: 192.168.0.10
C:\Documents and Settings\Admin>nslookup cd.knz.local
*** Can't find server name for address 192.168.0.9: Non-existent domain
Server: UnKnown
Address: 192.168.0.9
Name: cd.knz.local
Address: 192.168.0.10
на cd
C:\Documents and Settings\Admin>nslookup cd
Server: cd.knz.local
Address: 192.168.0.10
Name: cd.KNZ.local
Address: 192.168.0.10
C:\Documents and Settings\Admin>nslookup cd.knz.local
Server: cd.knz.local
Address: 192.168.0.10
Name: cd.knz.local
Address: 192.168.0.10
на станции
C:\Documents and Settings\Alexx>nslookup cd 192.168.0.9
*** Can't find server name for address 192.168.0.9: Non-existent domain
Server: UnKnown
Address: 192.168.0.9
*** UnKnown can't find cd: Server failed
C:\Documents and Settings\Alexx>nslookup cd.knz.local 192.168.0.9
*** Can't find server name for address 192.168.0.9: Non-existent domain
Server: UnKnown
Address: 192.168.0.9
Name: cd.knz.local
Address: 192.168.0.10
C:\Documents and Settings\Alexx>nslookup cd 192.168.0.10
Server: cd.knz.local
Address: 192.168.0.10
*** cd.knz.local can't find cd: Server failed
C:\Documents and Settings\Alexx>nslookup cd.knz.local 192.168.0.10
Server: cd.knz.local
Address: 192.168.0.10
I am at wits end here trying to figure out why my DC in my test environment continues to give a DNS error EventID 4010 every time the box is rebooted or the DNS Server service is restarted.
I have read over a bunch of TechNet posts and other posts on the web regarding recreating the _msdcs zone and such but I am still getting an error:
The DNS server was unable to create a resource record for GUID._msdcs.domain.local. in zone domain.local. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.
I can not figure out how to prevent this from occurring and how to resolve this. Does anyone have any ideas or some insight they can shed on this issue?
Specifically the post stated:
It seems you have not connect to correct partition in ADSIedit.You need to check the correct zone.
It seems that the record is in DomainDNSzone if it is not in mentioned zon check others as well.
For DomainDNSZone refer below.
ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type >DC=DomainDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS->Domain.local
For ForestDNSZone refer below. ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type >DC=ForestDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS->Domain.local
Locate ._msdcs and delete the same.Restart the netlogon and dns service >and check.
If the ._msdcs is not present in above check below as well. ADSI Edit->Domain, DC=domain, DC=local ->System--> CN= MicrosoftDNS->Domain.local
I found GUID entries in both forest and domain DNS zones. So I stopped the netlogon service, deleted the two GUID entries from ADSI and also deleted the %WinDir%\system32\config\netlogon.dnb and netlogon.dns.
I then ran ipconfig /flushdns and /registerdns. Then started netlogon and restarted the DNS server service. Upon restart I was no longer receiving the 4010 error.
Все ответы
Данные о событии содержат сведения об ошибке.
param1 | d1a05989-2ecd-4539-bfb1-7f551d289e55._msdcs.domain.local. |
param2 | domain.local |
7B000000 |
пересоздание зоны _msdcs плодов не принесло
В Active Directory Users and Computers "expand the System folder, click MicrosoftDNS" - пусто.
снял репликацию с зоны domain.local на все КД леса domain.local. Теперь она интегрирована в AD и реплицируется только на КД домена domain.local.
зона _msdcs.domain.local - интегрирована в AD и реплицируется на все КД леса domail.local
После этих изменений проблема остаётся только на КД домена domain.local перезапускаю службу DNS и вижу эту ошибку про оба КД.
Когда разворачиваю в оснастке DNS зону domain.local там внутри есть _msdcs - ссылка (значок как "зона" только серый); в свойствах вижу 2 закладки "серверы имен" (там все хорошо) и "безопасность" - там "запрошенная информация о безопасности не доступна или не может быть отображена".
When looking at the DNS manager and opening up the zone I see this:
I am wondering if I just need to delete the 80 item and that will resolve this event id or is it more involved?
Cyber-as-a-Service
2022-05-12 14:00:00 UTC Webinar Webinar:Knowbe4 Cyber-as-a-Service: Its Evolution &What You Can Do to Fight Back Event Details View all events
Читайте также: