none
DNS event 4010

    Question

  • After recreating msdcs.domain.local zone on domain controllers I'm getting error 4010 in the DNS event log.

    The DNS server was unable to create a resource record for  62ebf5b9-1450-4eef-aeaf-f4eb0a16457c._msdcs.domain.local. in zone domain.local. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.

    The DNS server was unable to create a resource record for  1c9ddd24-8672-4052-a22a-22f853d81269._msdcs.domain.local. in zone domain.local. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.

    I tried locating this resource records, but no luck.

    What is the proper way to fix this error

     

    Thanks!

    Thursday, December 29, 2011 4:33 PM

Answers


  • This event may appear if a new _msdcs.domain.com zone is manually created on the DNS server, which in turn converts the original _msdcs folder within the domain.com zone into a delegated folder.

    Refer below link to fix the same.

    http://eventid.net/display.asp?phase=1&eventid=4010&eventno=791&source=DNS

    http://technet.microsoft.com/en-us/library/dd349580(WS.10).aspx

    Hope this helps

    Regards,
    Sandesh Dubey.
    -------------------------------
    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
    My Blog: http://sandeshdubey.wordpress.com
    This posting is provided AS IS with no warranties, and confers no rights.

    Friday, December 30, 2011 12:50 AM

  • This event may appear if a new _msdcs.domain.com zone is manually created on the DNS server, which in turn converts the original _msdcs folder within the domain.com zone into a delegated folder.

    Refer below link to fix the same.

    http://eventid.net/display.asp?phase=1&eventid=4010&eventno=791&source=DNS

    http://technet.microsoft.com/en-us/library/dd349580(WS.10).aspx

    Hope this helps

    Regards,
    Sandesh Dubey.
    -------------------------------
    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
    My Blog: http://sandeshdubey.wordpress.com
    This posting is provided AS IS with no warranties, and confers no rights.


    I already checked both of them, but when I open ADSI edit there is nothing like “Domain->System->MicrosoftDNS->domain.com-><offending-guid-from-dns-event>._msdcs". Unless I'm doing something wrong.


    Hi,

    Please try to perform the following steps to test:

    ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type DC=ForestDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS


    Hope this helps!

    Best Regards
    Elytis Cheng

     


    Please remember to click “Mark as Answer” on the post that

    Elytis Cheng

    TechNet Community Support

    Friday, December 30, 2011 3:24 AM
  • It seems you have not connect to correct partition in ADSIedit.You need to check the correct zone.

    It seems that the record is in DomainDNSzone if it is not in mentioned zon check others as well.

    For DomainDNSZone refer below.

    ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type DC=DomainDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS->Domain.local

    For ForestDNSZone refer below.
    ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type DC=ForestDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS->Domain.local

    Locate <offending-guid-from-dns-event>._msdcs and delete the same.Restart the netlogon and dns service and check.

    If the <offending-guid-from-dns-event>._msdcs is not present in above check below as well.
    ADSI Edit->Domain, DC=domain, DC=local ->System--> CN= MicrosoftDNS->Domain.local

    Hope this helps

    Regards,
    Sandesh Dubey.
    -------------------------------
    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
    My Blog: http://sandeshdubey.wordpress.com
    This posting is provided AS IS with no warranties, and confers no rights.


    Friday, December 30, 2011 3:54 AM

All replies

  • Did you create _msdcs.domain.local (rather than msdcs.domain.local)?

    If so, how did you go about creating it - and why did you have to recreate it?

    Did you follow http://support.microsoft.com/kb/817470

    hth
    Marcin

    Thursday, December 29, 2011 8:38 PM
  • yeah, that's the article I used.

    I created _msdcs.domain.local because BPA was complaining that _msdcs.domain.local is missing, which it was.

    This is what I did, right click Forward lookup zones -> new zone. After zone was created it got automatically populated with records. When I restarted dns service, the 4010 error showed up.

    Thursday, December 29, 2011 9:45 PM
  • Post the following:

    - content of %windir%\system32\config\netlogon.dns

    - dnscmd /enumzones

    hth
    Marcin

    Thursday, December 29, 2011 11:28 PM

  • This event may appear if a new _msdcs.domain.com zone is manually created on the DNS server, which in turn converts the original _msdcs folder within the domain.com zone into a delegated folder.

    Refer below link to fix the same.

    http://eventid.net/display.asp?phase=1&eventid=4010&eventno=791&source=DNS

    http://technet.microsoft.com/en-us/library/dd349580(WS.10).aspx

    Hope this helps

    Regards,
    Sandesh Dubey.
    -------------------------------
    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
    My Blog: http://sandeshdubey.wordpress.com
    This posting is provided AS IS with no warranties, and confers no rights.

    Friday, December 30, 2011 12:50 AM
  • Post the following:

    - content of %windir%\system32\config\netlogon.dns

    - dnscmd /enumzones

    hth
    Marcin


    C:\Windows\system32>dnscmd /enumzones

    Enumerated zone list:
            Zone count = 6

     Zone name                      Type       Storage         Properties

     .                              Cache      AD-Domain
     _msdcs.compuweigh.local        Primary    AD-Domain       Secure Aging
     7.168.192.in-addr.arpa         Primary    AD-Domain       Secure Rev Aging
     8.168.192.in-addr.arpa         Primary    AD-Forest       Secure Rev Aging
     compuweigh.local               Primary    AD-Forest       Secure Aging
     TrustAnchors                   Primary    AD-Forest       Aging


    Command completed successfully.

     

    _ldap._tcp.compuweigh.local. 600 IN SRV 0 100 389 CMPWADSRV1.compuweigh.local.
    _ldap._tcp.Default-First-Site-Name._sites.compuweigh.local. 600 IN SRV 0 100 389 CMPWADSRV1.compuweigh.local.
    _ldap._tcp.pdc._msdcs.compuweigh.local. 600 IN SRV 0 100 389 CMPWADSRV1.compuweigh.local.
    _ldap._tcp.gc._msdcs.compuweigh.local. 600 IN SRV 0 100 3268 CMPWADSRV1.compuweigh.local.
    _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.compuweigh.local. 600 IN SRV 0 100 3268 CMPWADSRV1.compuweigh.local.
    _ldap._tcp.fdc19219-8d38-423a-8466-e8895c2ec96c.domains._msdcs.compuweigh.local. 600 IN SRV 0 100 389 CMPWADSRV1.compuweigh.local.
    62ebf5b9-1450-4eef-aeaf-f4eb0a16457c._msdcs.compuweigh.local. 600 IN CNAME CMPWADSRV1.compuweigh.local.
    _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.compuweigh.local. 600 IN SRV 0 100 88 CMPWADSRV1.compuweigh.local.
    _ldap._tcp.dc._msdcs.compuweigh.local. 600 IN SRV 0 100 389 CMPWADSRV1.compuweigh.local.
    _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.compuweigh.local. 600 IN SRV 0 100 389 CMPWADSRV1.compuweigh.local.
    _kerberos._tcp.compuweigh.local. 600 IN SRV 0 100 88 CMPWADSRV1.compuweigh.local.
    _kerberos._tcp.Default-First-Site-Name._sites.compuweigh.local. 600 IN SRV 0 100 88 CMPWADSRV1.compuweigh.local.
    _gc._tcp.compuweigh.local. 600 IN SRV 0 100 3268 CMPWADSRV1.compuweigh.local.
    _gc._tcp.Default-First-Site-Name._sites.compuweigh.local. 600 IN SRV 0 100 3268 CMPWADSRV1.compuweigh.local.
    _kerberos._udp.compuweigh.local. 600 IN SRV 0 100 88 CMPWADSRV1.compuweigh.local.
    _kpasswd._tcp.compuweigh.local. 600 IN SRV 0 100 464 CMPWADSRV1.compuweigh.local.
    _kpasswd._udp.compuweigh.local. 600 IN SRV 0 100 464 CMPWADSRV1.compuweigh.local.
    _ldap._tcp.DomainDnsZones.compuweigh.local. 600 IN SRV 0 100 389 CMPWADSRV1.compuweigh.local.
    _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.compuweigh.local. 600 IN SRV 0 100 389 CMPWADSRV1.compuweigh.local.
    _ldap._tcp.ForestDnsZones.compuweigh.local. 600 IN SRV 0 100 389 CMPWADSRV1.compuweigh.local.
    _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.compuweigh.local. 600 IN SRV 0 100 389 CMPWADSRV1.compuweigh.local.
    _kerberos._tcp.dc._msdcs.compuweigh.local. 600 IN SRV 0 100 88 CMPWADSRV1.compuweigh.local.
    compuweigh.local. 600 IN A 192.168.8.20
    gc._msdcs.compuweigh.local. 600 IN A 192.168.8.20
    DomainDnsZones.compuweigh.local. 600 IN A 192.168.8.20
    ForestDnsZones.compuweigh.local. 600 IN A 192.168.8.20

    Friday, December 30, 2011 1:10 AM

  • This event may appear if a new _msdcs.domain.com zone is manually created on the DNS server, which in turn converts the original _msdcs folder within the domain.com zone into a delegated folder.

    Refer below link to fix the same.

    http://eventid.net/display.asp?phase=1&eventid=4010&eventno=791&source=DNS

    http://technet.microsoft.com/en-us/library/dd349580(WS.10).aspx

    Hope this helps

    Regards,
    Sandesh Dubey.
    -------------------------------
    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
    My Blog: http://sandeshdubey.wordpress.com
    This posting is provided AS IS with no warranties, and confers no rights.


    I already checked both of them, but when I open ADSI edit there is nothing like “Domain->System->MicrosoftDNS->domain.com-><offending-guid-from-dns-event>._msdcs". Unless I'm doing something wrong.
    Friday, December 30, 2011 1:12 AM
  • Apparently the zone you created resides in the domain-wide application partition. Delete it and create one with forest-wide replication scope - as per http://support.microsoft.com/kb/817470

    hth
    Marcin

    Friday, December 30, 2011 1:41 AM

  • This event may appear if a new _msdcs.domain.com zone is manually created on the DNS server, which in turn converts the original _msdcs folder within the domain.com zone into a delegated folder.

    Refer below link to fix the same.

    http://eventid.net/display.asp?phase=1&eventid=4010&eventno=791&source=DNS

    http://technet.microsoft.com/en-us/library/dd349580(WS.10).aspx

    Hope this helps

    Regards,
    Sandesh Dubey.
    -------------------------------
    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
    My Blog: http://sandeshdubey.wordpress.com
    This posting is provided AS IS with no warranties, and confers no rights.


    I already checked both of them, but when I open ADSI edit there is nothing like “Domain->System->MicrosoftDNS->domain.com-><offending-guid-from-dns-event>._msdcs". Unless I'm doing something wrong.


    Hi,

    Please try to perform the following steps to test:

    ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type DC=ForestDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS


    Hope this helps!

    Best Regards
    Elytis Cheng

     


    Please remember to click “Mark as Answer” on the post that

    Elytis Cheng

    TechNet Community Support

    Friday, December 30, 2011 3:24 AM
  • It seems you have not connect to correct partition in ADSIedit.You need to check the correct zone.

    It seems that the record is in DomainDNSzone if it is not in mentioned zon check others as well.

    For DomainDNSZone refer below.

    ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type DC=DomainDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS->Domain.local

    For ForestDNSZone refer below.
    ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type DC=ForestDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS->Domain.local

    Locate <offending-guid-from-dns-event>._msdcs and delete the same.Restart the netlogon and dns service and check.

    If the <offending-guid-from-dns-event>._msdcs is not present in above check below as well.
    ADSI Edit->Domain, DC=domain, DC=local ->System--> CN= MicrosoftDNS->Domain.local

    Hope this helps

    Regards,
    Sandesh Dubey.
    -------------------------------
    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
    My Blog: http://sandeshdubey.wordpress.com
    This posting is provided AS IS with no warranties, and confers no rights.


    Friday, December 30, 2011 3:54 AM
  • As I've run into a nearly identical situation as the OP and Sandesh's suggestions seem appropriate, I need further clarification before I proceed to delete the offending guid(s).

    This is my 4010 error:

    The DNS server was unable to create a resource record for  053bce83-5465-44b5-9b48-aa67c479b4f8._msdcs.mydomain.local. in zone mydmain.local. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.

    From ADSI, the GUID is listed both under

         DomainDNSZone as DC=053bce83-5465-44b5-9b48-aa67c479b4f8._msdcs.

         ForestDNSZone as DC=053bce83-5465-44b5-9b48-aa67c479b4f8

    Based on the previous post, I should delete the offending GUID located only under DomainDNSZone or both?

    Additional notes:

    - the server was migrated from SBS2003 to SBS2003R2 and then to SBS2011. This DNS error first appeared after the first migration after recreating the missing _msdcs record.

    - on the SBS2011 (Windows Server 2008R2 SP1) under ForestDNSZone, there is a 2nd msdcs GUID in the same format as the offending GUID. It looks like this: DC=273d3f3a-4be5-4654-b616-1a8f3278f33d. My hunch is there should be only one such GUID, not two.

    Clarification before I proceed to delete the offending GUID(s) would be helpful.

    Cheers

    Saturday, March 16, 2013 2:09 AM
  • I am also facing same issue

    I can see the Event id 4010 on windows server 2008 R2
    The DNS server was unable to create a resource record for 615c....._msdsc.mydomain.com

    First i need to check the current GUID in active directory sites and services. then

    I will login using mmc DC=ForestDNSzones, DC=Domain, DC=Local
    CN=MicrosoftDNS---DC=-msdcs.mydomain.local
    Here i will delete any id pointing to DC=615c.........,DC=mydomain,DC=local

    after deleting i need to restart netlogon and dns service. thats it or anything else

    (Should i also delete %WinDir%\system32\config\netlogon.dnb and netlogon.dns.)


    Wednesday, February 12, 2014 5:41 PM