Re: Error 4515 on reboot of DC/DNS Svr - normal?
- From: "Herb Martin" <news@xxxxxxxxxxxxxx>
- Date: Wed, 9 Aug 2006 15:10:11 -0500
"Rachel Deitch" <RachelDeitch@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E816911B-E5AE-4028-8EC2-57F19E4CF6B5@xxxxxxxxxxxxxxxx
Thanks for your comments - I think I'm getting closer here.
I do believe you are correct that the "old" zone is still there. On each
server, I have two (forward lookup) zones - 1. _msdcs.mydomain.local
(replication is for all DNS servers in the forest) and 2. mydomain.local
(replication for all DNS servers in the domain)
Both servers show the same two zones, same settings. What's odd, though,
is
that I've run dcdiag (including the newer version) and I never seem to get
any errors. I've gone through and run specific tests recommended in
various
kb articles. Never any issues.
What's a preferred setup here? Keep the zone with forest wide
replication,
Impossible to 'answer' but as long as you have no Win2000 Servers
you can use the new features of replication scope and should use them
in most cases.
As to Forest-wide DNS-DCs verses Domain-Wide-Only DNS-DCs
that is (heavily) dependent on the SIZE of the domains and your LAN/WAN
architecture.
For most small and maybe medium companies Forest-Wide is a good
guess (we're presuming it won't lead to excessive replication.)
The key is that your clients have to be able to go to ANY DNS server
(e.g., "Their DNS server") and get EVERY RESOLUTION they will
ever need.
So, this means that all DNS servers must be able to find ALL domains,
and usually the Internet too.
There are four major ways to do this when you must not set up an
internal root, i.e., because you also resolve for THE Internet:
1) Cross secondaries (only choice in Win2000) --
each DNS server holds a secondary for all other zones in the
forest/enterprise (might include non-AD zones), or at least the
parent of each tree of zones
2) Cross STUBS zones -- exactly like cross secondaries but avoids
copy entire zones, only copying critical info like SOA, DNS
server NS records and A records so it can FIND a "real" server
for each zone or parent of each tree of zones.
3) Conditional Forwarding -- each DNS server has an entry to
find each OTHER domain, or at least the parent of each tree
4) Forest wide AD Replication -- much better than "cross secondaries"
but doesn't help if you have "non-AD zones" or multiple forests
involved, and it DOES copy all of the zone(s) so it might be less
efficient than #2 or #3 as the SIZE of the zones increases.
Notice that #2 and #3 are virtually indistiguishable by most admins but
if you need I can describe the technical (very minor) advantages to each.
(One might almost wonder why Microsoft added TWO NEW ways to
solve the same problem to Win2003 <grin>)
The limitations of #4 to a single Forest can be overcome by mixing in
#4 and one of the others.
Most all of the time _MSDCS makes sense to replicate Forest wide since
it is practically always small.
or keep the AD replication zone? What's the best way to go about deleting
one without getting myself in trouble?
I hate telling people how to delete stuff in AD. Maybe Jorge or someone
knows a KB article.
If there are only a few DNS servers, my thought would be to (temporarily)
set
all of them to regular AD integrated (all DCs in Domain), and then change
them
back after replication. In theory this should delete those not used.
I don't undestand why it didn't do that when you altered the zone
replication
scope. My main reason for having you run DCDiag was that I expected some
sort of Replication failure on at least ONE of your DCs.
(You did run DCDiag on EVERY DC, right?)
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
thanks
Rachel
"Herb Martin" wrote:
"Rachel Deitch" <RachelDeitch@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A4C1135B-9174-42B1-9B7E-CC96BC001F25@xxxxxxxxxxxxxxxx
Thanks, I should have mentioned I've read this kb article and been
through
the testing without finding any issues. That's why I'm wondering if
it's
just a reboot thing.
If you have read the article (I haven't) that Jorge gave you,
do you understand the likely cause of the message?
I would strongly suspect that some (1?) of your DCs has
marked the zone to be replicated by means OTHER than
"all DCs in the Domain", such as All DNS DCs, or All
DNS DCs in the Forest and yet (somehow) the other
DCs still have the zone in the default place within the
regular Domain AD partition.
The former DNS in Domain matches the error message
most closely.
It's (likely) finding the zone in AD domain partition and
finding another copy in the special DomainDNSZone
partition.
Maybe this happened because you (or someone) set this
and then disabled it -- but I would have thought (or hoped)
that the extra copy would get purged.
Check you zone replication settings on each of your DC-DNS
servers for this zone.
Also, you should run DCDiag on each DC to look for this,
related, or other DC problems.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
"Jorge Silva" wrote:
Hi
check
Event ID 4515 is logged in the DNS Server log in Windows Server 2003
http://support.microsoft.com/?id=867464
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Rachel Deitch" <RachelDeitch@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:28C15AA7-D03F-4B7E-A0E0-3F540CB2764E@xxxxxxxxxxxxxxxx
I have a simple DNS setup - two DCs/DNS servers, AD integrated,
forest-wide
replication. When I reboot either one, the "preparing network
settings"
takes a long time, though eventually the server comes up. DNS event
logs
indicate error 4515 (text below). I also get error 13508 in the FRS
log,
though this is eventually resolved, and never followed by 13509.
Basically, I know my DNS architecture is working ok, with the
exception
of
these errors. One server has Server 2003 SP1, other one is due for
service
pack install this weekend. Are these normal messages?
thanks
Event 4515
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 4515
Date: 8/4/2006
Time: 4:17:56 PM
User: N/A
Computer: KRAMER
Description:
The zone cerc.local was previously loaded from the directory
partition
DomainDnsZones.cerc.local but another copy of the zone has been
found
in
directory partition ForestDnsZones.cerc.local. The DNS Server will
ignore
this new copy of the zone. Please resolve this conflict as soon as
possible.
If an administrator has moved this zone from one directory partition
to
another this may be a harmless transient condition. In this case, no
action
is necessary. The deletion of the original copy of the zone should
soon
replicate to this server.
If there are two copies of this zone in two different directory
partitions
but this is not a transient caused by a zone move operation then one
of
these
copies should be deleted as soon as possible to resolve this
conflict.
To change the replication scope of an application directory
partition
containing DNS zones and for more details on storing DNS zones in
the
application directory partitions, please see Help and Support.
.
- Follow-Ups:
- Re: Error 4515 on reboot of DC/DNS Svr - normal?
- From: Rachel Deitch
- Re: Error 4515 on reboot of DC/DNS Svr - normal?
- References:
- Re: Error 4515 on reboot of DC/DNS Svr - normal?
- From: Jorge Silva
- Re: Error 4515 on reboot of DC/DNS Svr - normal?
- From: Rachel Deitch
- Re: Error 4515 on reboot of DC/DNS Svr - normal?
- From: Herb Martin
- Re: Error 4515 on reboot of DC/DNS Svr - normal?
- From: Rachel Deitch
- Re: Error 4515 on reboot of DC/DNS Svr - normal?
- Prev by Date: Re: same internal & external domain names and exchange
- Next by Date: Re: Error 4515 on reboot of DC/DNS Svr - normal?
- Previous by thread: Re: Error 4515 on reboot of DC/DNS Svr - normal?
- Next by thread: Re: Error 4515 on reboot of DC/DNS Svr - normal?
- Index(es):
Relevant Pages
|
