Re: Error 4515 on reboot of DC/DNS Svr - normal?
- From: Rachel Deitch <RachelDeitch@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 18 Aug 2006 12:44:01 -0700
Didn't mean to drop this, just got absorbed in other things - tomorrow's the
day I try to fix. Thanks for the continued feedback (and vote of
confidence!). I did re-run dcdiag and again found no errors, so I'll go with
your suggestions and will be sure to have a backup.
thanks,
Rachel
"Herb Martin" wrote:
"Rachel Deitch" <RachelDeitch@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message.
news:1816DD89-2D88-48A7-BE57-29DBB6E743D2@xxxxxxxxxxxxxxxx
I'm going to go with forest-wide - but I'll take your advice, change
temporarily to regular ad-integrated, patiently (always a problem) wait
for
replication, then change back. I did run dcdiag on all DCs, multiple
times
because I couldn't believe I wasn't getting errors - but I'll do it one
more
time and see what happens before making any other changes.
I think Jorge said the following (but I know he said something
close to it):
If changing to a "regular AD integrated with single master" doesn't
work, then try changing to Primary (non-AD) in each domain - get it
clean, remove DNS server from all other DCs (you'll need conditional
forwarding if you have to leave it this way more than a few minutes),
switch back to AD with Forest wide, and then put the DNS service
back on each DC.
Theoretically you could use ADSIEdit to remove the offending data
but that was what I did not want to recommend earlier. Having
read several of your posts you seem much more self-sufficient that
many of those who ask questions and could probably handle it.
You would definitely want to have some plan for "Authoritative
Restore" in case it goes wrong. (I.E., System State backup, freeze
changes you can control, do the dirty deed, and hope you don't
need the System State backup to be restored and made authoritative.)
Also, I have a bit of a knowledge gap on using an Authoritative Restore
for Forest-Wide stuff having never tried these and recalling that the
docs are not specific about things outside the domain. (Maybe there
are newer KB articles but I have never needed to search for them.)
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
thanks
Rachel
"Herb Martin" wrote:
"Rachel Deitch" <RachelDeitch@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E816911B-E5AE-4028-8EC2-57F19E4CF6B5@xxxxxxxxxxxxxxxx
Thanks for your comments - I think I'm getting closer here.
I do believe you are correct that the "old" zone is still there. On
each
server, I have two (forward lookup) zones - 1. _msdcs.mydomain.local
(replication is for all DNS servers in the forest) and 2.
mydomain.local
(replication for all DNS servers in the domain)
Both servers show the same two zones, same settings. What's odd,
though,
is
that I've run dcdiag (including the newer version) and I never seem to
get
any errors. I've gone through and run specific tests recommended in
various
kb articles. Never any issues.
What's a preferred setup here? Keep the zone with forest wide
replication,
Impossible to 'answer' but as long as you have no Win2000 Servers
you can use the new features of replication scope and should use them
in most cases.
As to Forest-wide DNS-DCs verses Domain-Wide-Only DNS-DCs
that is (heavily) dependent on the SIZE of the domains and your LAN/WAN
architecture.
For most small and maybe medium companies Forest-Wide is a good
guess (we're presuming it won't lead to excessive replication.)
The key is that your clients have to be able to go to ANY DNS server
(e.g., "Their DNS server") and get EVERY RESOLUTION they will
ever need.
So, this means that all DNS servers must be able to find ALL domains,
and usually the Internet too.
There are four major ways to do this when you must not set up an
internal root, i.e., because you also resolve for THE Internet:
1) Cross secondaries (only choice in Win2000) --
each DNS server holds a secondary for all other zones in the
forest/enterprise (might include non-AD zones), or at least
the
parent of each tree of zones
2) Cross STUBS zones -- exactly like cross secondaries but avoids
copy entire zones, only copying critical info like SOA, DNS
server NS records and A records so it can FIND a "real"
server
for each zone or parent of each tree of zones.
3) Conditional Forwarding -- each DNS server has an entry to
find each OTHER domain, or at least the parent of each tree
4) Forest wide AD Replication -- much better than "cross
secondaries"
but doesn't help if you have "non-AD zones" or multiple forests
involved, and it DOES copy all of the zone(s) so it might be less
efficient than #2 or #3 as the SIZE of the zones increases.
Notice that #2 and #3 are virtually indistiguishable by most admins but
if you need I can describe the technical (very minor) advantages to each.
(One might almost wonder why Microsoft added TWO NEW ways to
solve the same problem to Win2003 <grin>)
The limitations of #4 to a single Forest can be overcome by mixing in
#4 and one of the others.
Most all of the time _MSDCS makes sense to replicate Forest wide since
it is practically always small.
or keep the AD replication zone? What's the best way to go about
deleting
one without getting myself in trouble?
I hate telling people how to delete stuff in AD. Maybe Jorge or someone
knows a KB article.
If there are only a few DNS servers, my thought would be to (temporarily)
set
all of them to regular AD integrated (all DCs in Domain), and then change
them
back after replication. In theory this should delete those not used.
I don't undestand why it didn't do that when you altered the zone
replication
scope. My main reason for having you run DCDiag was that I expected
some
sort of Replication failure on at least ONE of your DCs.
(You did run DCDiag on EVERY DC, right?)
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
thanks
Rachel
"Herb Martin" wrote:
"Rachel Deitch" <RachelDeitch@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:A4C1135B-9174-42B1-9B7E-CC96BC001F25@xxxxxxxxxxxxxxxx
Thanks, I should have mentioned I've read this kb article and been
through
the testing without finding any issues. That's why I'm wondering if
it's
just a reboot thing.
If you have read the article (I haven't) that Jorge gave you,
do you understand the likely cause of the message?
I would strongly suspect that some (1?) of your DCs has
marked the zone to be replicated by means OTHER than
"all DCs in the Domain", such as All DNS DCs, or All
DNS DCs in the Forest and yet (somehow) the other
DCs still have the zone in the default place within the
regular Domain AD partition.
The former DNS in Domain matches the error message
most closely.
It's (likely) finding the zone in AD domain partition and
finding another copy in the special DomainDNSZone
partition.
Maybe this happened because you (or someone) set this
and then disabled it -- but I would have thought (or hoped)
that the extra copy would get purged.
Check you zone replication settings on each of your DC-DNS
servers for this zone.
Also, you should run DCDiag on each DC to look for this,
related, or other DC problems.
--
Herb Martin, MCSE, MVP
Accelerated MCSE
http://www.LearnQuick.Com
[phone number on web site]
"Jorge Silva" wrote:
Hi
check
Event ID 4515 is logged in the DNS Server log in Windows Server
2003
http://support.microsoft.com/?id=867464
--
I hope that the information above helps you
Good Luck
Jorge Silva
MCSA
Systems Administrator
"Rachel Deitch" <RachelDeitch@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:28C15AA7-D03F-4B7E-A0E0-3F540CB2764E@xxxxxxxxxxxxxxxx
I have a simple DNS setup - two DCs/DNS servers, AD integrated,
forest-wide
replication. When I reboot either one, the "preparing network
settings"
takes a long time, though eventually the server comes up. DNS
event
logs
indicate error 4515 (text below). I also get error 13508 in the
FRS
log,
though this is eventually resolved, and never followed by 13509.
Basically, I know my DNS architecture is working ok, with the
exception
of
these errors. One server has Server 2003 SP1, other one is due
for
service
pack install this weekend. Are these normal messages?
thanks
Event 4515
Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 4515
Date: 8/4/2006
Time: 4:17:56 PM
User: N/A
Computer: KRAMER
Description:
The zone cerc.local was previously loaded from the directory
partition
DomainDnsZones.cerc.local but another copy of the zone has been
found
in
directory partition ForestDnsZones.cerc.local. The DNS Server
will
ignore
this new copy of the zone. Please resolve this conflict as soon
as
possible.
If an administrator has moved this zone from one directory
partition
to
another this may be a harmless transient condition. In this case,
no
action
is necessary. The deletion of the original copy of the zone
should
soon
replicate to this server.
If there are two copies of this zone in two different directory
partitions
but this is not a transient caused by a zone move operation then
one
of
these
copies should be deleted as soon as possible to resolve this
conflict.
To change the replication scope of an application directory
partition
containing DNS zones and for more details on storing DNS zones in
the
application directory partitions, please see Help and Support.
- References:
- Re: Error 4515 on reboot of DC/DNS Svr - normal?
- From: Jorge Silva
- Re: Error 4515 on reboot of DC/DNS Svr - normal?
- From: Rachel Deitch
- Re: Error 4515 on reboot of DC/DNS Svr - normal?
- From: Herb Martin
- Re: Error 4515 on reboot of DC/DNS Svr - normal?
- From: Rachel Deitch
- Re: Error 4515 on reboot of DC/DNS Svr - normal?
- From: Herb Martin
- Re: Error 4515 on reboot of DC/DNS Svr - normal?
- From: Rachel Deitch
- Re: Error 4515 on reboot of DC/DNS Svr - normal?
- From: Herb Martin
- Re: Error 4515 on reboot of DC/DNS Svr - normal?
- Prev by Date: Re: How to identify a A-record in DNS created by DHCP
- Next by Date: Re: DNS / Net Logon Service Problems When Replacing a Server
- Previous by thread: Re: Error 4515 on reboot of DC/DNS Svr - normal?
- Next by thread: Re: DNS Domain pointing or forwarding
- Index(es):
Relevant Pages
|
