Re: Error msg. 4007

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

From: John Rosenlof (greyseal96_at_hotmail.com)
Date: 01/10/05

• Next message: docnz: "DDNS vs Static IP"
• Previous message: Herb Martin: "Re: DNS Update Failures"
• In reply to: Ace Fekay [MVP]: "Re: Error msg. 4007"
• Next in thread: Ace Fekay [MVP]: "Re: Error msg. 4007"
• Reply: Ace Fekay [MVP]: "Re: Error msg. 4007"
• Messages sorted by: [ date ] [ thread ]

---

Date: Mon, 10 Jan 2005 11:13:38 -0800

Hi,

see my responses down below...

"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:uRWHEsT9EHA.3376@TK2MSFTNGP12.phx.gbl...
> In news:enxgzvQ9EHA.2540@TK2MSFTNGP09.phx.gbl,
> John Rosenlof <greyseal96@hotmail.com> made a post then I commented below
> :: Hi, I was reading some of the questions and it appears that this may
> :: have already been answered, but mine is slightly different so I want
> :: to just be sure. I'm running Win2k3 Server, it's a tree in the
> :: forest and the only dc in the domain. I had to remove the old AD,
> :: but I made sure that I followed all of the instructions that were
> :: laid out in the KB articles that I read. To the best of my
> :: knowledge, this has all been done cleanly and when I installed all
> :: of this I didn't get any error messages. I'm getting this error
> :: message every time I either reboot or try to restart the DNS server:
> ::
> :: Event Type: Error
> :: Event Source: DNS
> :: Event Category: None
> :: Event ID: 4007
> :: Date: 1/7/2005
> :: Time: 2:13:10 PM
> :: User: N/A
> :: Computer: XXSERVER1
> :: Description:
> :: The DNS server was unable to open zone _msdcs.XXXXXXE.COM in the
> :: Active Directory from the application directory partition
> :: ForestDnsZones.XXXXXXE.COM. This DNS server is configured to obtain
> :: and use information from the directory for this zone and is unable
> :: to load the zone without it. Check that the Active Directory is
> :: functioning properly and reload the zone. The event data is the
> :: error code.
> ::
> ::
> :: I'm also getting an error:
> ::
> :: Event Type: Information
> :: Event Source: DNS
> :: Event Category: None
> :: Event ID: 113
> :: Date: 1/7/2005
> :: Time: 2:13:09 PM
> :: User: N/A
> :: Computer: XXSERVER1
> :: Description:
> :: The DNS server could not signal the service "NAT". The error was
> :: 1168. There may be interoperability problems between the DNS service
> :: and this service.
> <snip>
>
>
> Sounds like it thinks the zone is in the ForestDnsZones app partition. How
> is the zone replication scope set in the zone properties? Also, have you
> checked with ADSIEdit if there's a dupe zone in the Domain partitions?

Thanks for your help and response. The domain for which I set up this dns
server is another tree in a forest. The only other domain listed in the
domain partitions is the original tree of this forest (domain1). The zone
for this domain (domain2) is an AD integrated domain. I have a secondary
zone set up that gets its info from domain1's dns server. Have I
incorrectly configured something? I thought that I had followed the
procedures correctly but perhaps not.

> As for the 113 error, sounds like you are trying to use ICS and not NAT,
but
> DNS is installed on the machine. Is this a multihomed domain controller
and
> you are tyring to offer Inernet access thru it? That can be tricky to
setup
> correctly if it is. It's less expensive, easier to setup, and will not
> expose your DC to the Internet if you were to use a Linksys, Netgear, etc,
> router to handle NAT for the nework than using your DC. If you want to
> continue using it, disable ICS and configure NAT. Read this please...
>
>
http://www.eventid.net/display.asp?eventid=113&eventno=3869&source=DNS&phase
=1
>

As far as the NAT is concerned, the way that we have it set up is that a
firewall router is taking care of the NAT and also a VPN connection.
Everything else (the whole domain) is behind that.

Thanks,
John

---

• Next message: docnz: "DDNS vs Static IP"
• Previous message: Herb Martin: "Re: DNS Update Failures"
• In reply to: Ace Fekay [MVP]: "Re: Error msg. 4007"
• Next in thread: Ace Fekay [MVP]: "Re: Error msg. 4007"
• Reply: Ace Fekay [MVP]: "Re: Error msg. 4007"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: DNS Zone Replication Change Error ... > the replication scope to Forest since I upgraded my last DC to Win2k3 ... > zone which keep causing 4515 and 4004 warnings/errors. ... one of the Application Partitions: ... (microsoft.public.windows.server.dns) Re: HELP NEEDED !!! SRV Records keep disappearing !! ... selected for our DNS Zone. ... Thanks for the DNS insight.. ... company houses the Forest. ... There are three partitions in the AD database that exist in 2000 and 2003 ... (microsoft.public.windows.server.active_directory) Re: Correct DNS Setup for Domain ... If it is well-connected WAN you could make the forest root ... DCs of each child domain act as secondaries, receiving zone ... Any DC that has its DNS set to forward to internet DNS servers ... (microsoft.public.windows.server.dns) Re: HELP NEEDED !!! SRV Records keep disappearing !! ... There are three partitions in the AD database that exist in 2000 and 2003 ... DomainNC: ... Configuraiton Container: One per forest ... When selecting replication scopes on a 2003 DC's DNS zone properties: ... (microsoft.public.windows.server.active_directory) Re: Forward Lookup Zone missing when new tree added to forest ... The problem with the DNS Forward lookup zones not ... all DNS servers in the Active Directory forest company.biz'. ... The real concern I have is that there is no forward lookup zone for ... partitions, the DomainNC (Domain Name Context, or some call the Domain ... (microsoft.public.windows.server.dns)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.dns  > 2005-01