Re: stranger DNS zone creation error after Windows 2003 DC upgrade
- From: "Ace Fekay [MVP]" <PleaseSubstituteMyActualFirstName&LastNameHere@xxxxxxxxxxx>
- Date: Thu, 28 Jul 2005 11:04:45 -0400
In news:FADF19B6-42A0-4C0A-934C-22F93B118EEF@xxxxxxxxxxxxx,
Antoine Habert <AntoineHabert@xxxxxxxxxxxxxxxxxxxxxxxxx> stated, which I
then commented on below:
> Hi all,
>
> I got a strange problem on a migration test lab :
>
> We got 1 root domain and 3 child domain (native Windows 2000)
>
> DNS zone are forwarded to a Windows 2000 DNS that serves test lab and
> production as well (integrated zones, forwarder ok)
>
> We migrated one dc of each domain to Windows 2003
> (forestprep/domainprep ok, in place upgrade)
>
> here is our problem : windows 2003 DC try to create zone from 2 of
> our child domains on themselves when we reboot the servers ! no
> problem with Windows 2000 DC. the zone failed to load and of course
> mess up our dns resolution. We got a 4001 Error in event viewer that
> tell that the current DC seek for the zone on the forestdnszone of
> the root dns.
>
> Previously, Forwarder where configured to 'any server', now they point
> directly to our windows 2000 DNS, problem still here.
>
> Does anyone got an idea on why our child domain W2K3 DC try to
> replicate zone of 2 other child domain while our zone replication is
> domainwide only?
>
> I don't have any clue about this strange behavior.
>
> thank you!
Did you upgrade the forest root DCs first? IIRC, you need to upgrade the
first DC in a forest, you need to upgrade the DC that holds the Domain Name
Master role first (which is usually the first DC that was created in the
domain).
If you upgraded a child DC first, it will create the _msdcs.domain.com zone
and set the replication scope to forest wide by placing it in the
ForestDnsZones app partition. This partition can replicate to a 2000 DC
(once forest and domain prep are done), but a Win2000 DC/DNS doesn't know
what to do with it. Also, if your current AD Integrated zone went into the
DomainDnsZones app partition (another one that Win2000 DC/DNS doesn't know
what to do wtih), and the zone on your 2000 DC/DNS stil thinks it's AD
Integrated, then we have a conflict and the zone may not load.
You will need to check using ADSI Edit to find out if there is a conflict
(or duplicate zones) in AD, specifically the DomainNC and in either of the
default app partitions.
Here;s more info on the partitions:
Application directory partitions and domain controller demotion:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/1572d8a2-622c-4879-bb0b-76e26c400129.mspx
kbAlertz (867464) - Explains how to use ADSI Edit to resolve a problem where
the DNS service logs event ID 4515 in the DNS Server log.:
http://www.kbalertz.com/kb_867464.aspx
--
Regards,
Ace
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.
This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================
.
- References:
- stranger DNS zone creation error after Windows 2003 DC upgrade
- From: Antoine Habert
- stranger DNS zone creation error after Windows 2003 DC upgrade
- Prev by Date: Re: public FQDN resolves to private IP
- Next by Date: Re: Error 1005 & 1030
- Previous by thread: stranger DNS zone creation error after Windows 2003 DC upgrade
- Next by thread: Error 1005 & 1030
- Index(es):
Relevant Pages
|
