trouble with DNS zones

  • Thread starter Thread starter Jesse
  • Start date Start date
J

Jesse

My environment is a single domain, single forest, 160
sites, hub/spoke network topology and hub/spoke AD
topology (KCC turned off!). Single master site and 159
remote sites. In single site, two 2k3 dc's and one 2k
dc. mixed 2k and 2k3 in remote sites. on a remote dc i
get this error everytime DNS is restarted (scroll down
for more):

Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 4515
Date: 9/21/2004
Time: 11:01:34 AM
User: N/A
Computer: CDAYDC
Description:
The zone cashland.com was previously loaded from the
directory partition MicrosoftDNS but another copy of the
zone has been found in directory partition
DomainDnsZones.cashland.com. The DNS Server will ignore
this new copy of the zone. Please resolve this conflict
as soon as possible.

If an administrator has moved this zone from one
directory partition to another this may be a harmless
transient condition. In this case, no action is
necessary. The deletion of the original copy of the zone
should soon replicate to this server.

If there are two copies of this zone in two different
directory partitions but this is not a transient caused
by a zone move operation then one of these copies should
be deleted as soon as possible to resolve this conflict.

To change the replication scope of an application
directory partition containing DNS zones and for more
details on storing DNS zones in the application directory
partitions, please see Help and Support.

**

All of my DC's have DNS installed on them. The 2000 DC's
are AD integrated and so are the 2003 DC's. On the 2003
DC's it is specified to store copy of zone on all domain
controllers in the domain. domaindnszones and
forestdnszones are set up as directory partitions.

The tech that promoted the DC in question did not have
DNS installed before dcpromo. After dcpromo, installed
dns, and did not have to configure?? Please help!
 
In
Jesse said:
My environment is a single domain, single forest, 160
sites, hub/spoke network topology and hub/spoke AD
topology (KCC turned off!). Single master site and 159
remote sites. In single site, two 2k3 dc's and one 2k
dc. mixed 2k and 2k3 in remote sites. on a remote dc i
get this error everytime DNS is restarted (scroll down
for more):

Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 4515
Date: 9/21/2004
Time: 11:01:34 AM
User: N/A
Computer: CDAYDC
Description:
The zone cashland.com was previously loaded from the
directory partition MicrosoftDNS but another copy of the
zone has been found in directory partition
DomainDnsZones.cashland.com. The DNS Server will ignore
this new copy of the zone. Please resolve this conflict
as soon as possible.

If an administrator has moved this zone from one
directory partition to another this may be a harmless
transient condition. In this case, no action is
necessary. The deletion of the original copy of the zone
should soon replicate to this server.

If there are two copies of this zone in two different
directory partitions but this is not a transient caused
by a zone move operation then one of these copies should
be deleted as soon as possible to resolve this conflict.

To change the replication scope of an application
directory partition containing DNS zones and for more
details on storing DNS zones in the application directory
partitions, please see Help and Support.

**

All of my DC's have DNS installed on them. The 2000 DC's
are AD integrated and so are the 2003 DC's. On the 2003
DC's it is specified to store copy of zone on all domain
controllers in the domain. domaindnszones and
forestdnszones are set up as directory partitions.

The tech that promoted the DC in question did not have
DNS installed before dcpromo. After dcpromo, installed
dns, and did not have to configure?? Please help!
Click to expand...

Hers's more info on that:
http://www.eventid.net/display.asp?eventid=4515&eventno=3593&source=DNS&phase=1

My feeling is that there's a duplicate zone created. You can check by
putting ADUC (from a W2k3 machine) in Advanced view, Microsoft DNS folder,
and check if there's a dupe entry in there. You can also use ADSI Edit. One
way I remember another person that had this problem fixed it by deleting the
dupe zone out of the AD database with ADSI Edit, and then creating the zone
again as AD INtegrated.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services

Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
 
I checked for the duplicate zone. There is none! Are
these messages referencing the windows 2000 zone in AD vs
the Windows 2003 zone in the active directory partion
domaindnszones? Im tryin to save the $ before I call MS,
plus my many experiences with MSPSS have not been great.
I just need to get this DNS server to use the zone in the
AD partition domaindnszone, not the 2000 copy of the
zone. Also need to know how to prevent this from
happening in the future. Thanx ACE.
 
In
Jesse said:
I checked for the duplicate zone. There is none! Are
these messages referencing the windows 2000 zone in AD vs
the Windows 2003 zone in the active directory partion
domaindnszones? Im tryin to save the $ before I call MS,
plus my many experiences with MSPSS have not been great.
I just need to get this DNS server to use the zone in the
AD partition domaindnszone, not the 2000 copy of the
zone. Also need to know how to prevent this from
happening in the future. Thanx ACE.
Click to expand...

On that remote DC, are there any AD related replication errors?

The one person I was helping with this discovered there was a dupe. But in
your case, that doesn't seem to be the issue. Since you have a mixed 2k/2k3
environment, you need to insure that the DC that holds the Domain Name
Master role is on the new machine. Otherwise, it will cause issues with
these zones. See if this helps (watch the URL wrap on this long URL):

DNS zone replication in Active Directory - mixed W2k and W2k3 environment:
http://www.microsoft.com/resources/...docs/en-us/sag_DNS_und_Active_Dir_Storage.asp

Youre original post stated this error:
"The zone cashland.com was previously loaded from the
directory partition MicrosoftDNS but another copy of the
zone has been found in directory partition
DomainDnsZones.cashland.com. "

THat's telling me there's a dupe in the MicrosoftDNS partition of the
cashland.com zone. You would rather use the one in the DomainDNSPartition.
This should show up using a Windows 2000 ADUC in ADvanced view on a WIndows
2000 machine. Can you check this from a W2k machine, specifically the one
showing up with the error?

Ace
 
I checked in ADUC and ADSIedit, and no duplicate zone.
Lets take a step back though. Before windows 2003 was
introduced to the domain the DNS zone cashland.com was
held in the microsoftdns partition. When 2003 came
along, it is now storing a copy in domaindnszones
partition. Isnt this two copy's of the cashland.com
zone??? maybe dns on the 2k3 dc is confused as to which
partition to look for the zone in?
 
In
I checked in ADUC and ADSIedit, and no duplicate zone.
Lets take a step back though. Before windows 2003 was
introduced to the domain the DNS zone cashland.com was
held in the microsoftdns partition. When 2003 came
along, it is now storing a copy in domaindnszones
partition. Isnt this two copy's of the cashland.com
zone??? maybe dns on the 2k3 dc is confused as to which
partition to look for the zone in?
Click to expand...


Possibly.

Tell you what, make the zone AD Integrated on both the W2k and W2k3
machines. You'll find that once you do one, it will remove it out of AD. It
will give you a popup warning you of this. Ensure by checking ADSI Edit and
W2k ADUC that its gone. Once you've done that, recreate it on the W2k
machine (the legacy machine). Then go to the W2k3 machine and create it
there and make it AD integrated. I don't have a machine in front of me, but
you'll want to choose the AD Integrated choice that doesn't say
DomainDnsZones.

Also:
Is the Domain Name Master on a W2k3 machine?
Did you run adprep in the domain?

Ace
 
Both zones are AD integrated. On the w2k3 servers, the
option "store copy of zone on all domain controllers in
domain" is selected. This is the domaindnszones
partition. I am only getting these errors on 2k3
servers. All DNS server in the domain are DC's. I think
that the 2k3 dns servers first loaded the zone from the
(w2k)domaindns zone and then got replicated the
domaindnzzones (w2k3)partition. The 2k servers and the
2k3 servers all have the same serial number. I guess I
can just delete the domaindns (w2k) zone after all DNS
servers and DC's are Windows Server 2003???
 
In
Jesse said:
Both zones are AD integrated. On the w2k3 servers, the
option "store copy of zone on all domain controllers in
domain" is selected. This is the domaindnszones
partition. I am only getting these errors on 2k3
servers. All DNS server in the domain are DC's. I think
that the 2k3 dns servers first loaded the zone from the
(w2k)domaindns zone and then got replicated the
domaindnzzones (w2k3)partition. The 2k servers and the
2k3 servers all have the same serial number. I guess I
can just delete the domaindns (w2k) zone after all DNS
servers and DC's are Windows Server 2003???
Click to expand...

Yes, I would do that. That is where the issue is occuring. Its a dupe as far
as the system is concerned, since its seeing a copy in the DomainDNSZones
app partition and a copy in the Domain NC partition. Delete the Domain copy.


Ace
 
Back
Top