locked
DNS 4015 error site link bridge RRS feed

  • Question

  • Hello everybody!

    I'd like to ask you to help me to solve one issue related to replication and site link bridge.

    Here is a topology on a picture below.

    I have three sites in one domain in classical HUB-and-SOKE topology. Network is full-meshed. BASL is disabled (for testing) and site link bridge between COL and DET sites was created manually. TCP/IP settings for each DC are located on the picture. DNS servers hold one forward zone - lab.local (name servers for this zone are: col-dc01.lab.local, det-dc01.lab.local and den-dc01.lab.local) and three reverse zones (for each network subnet: 1.10.10.in-addr.arpa, 2.10.10.in-addr.arpa, 3.10.10.in-addr.arpa)

    Domain controller den-dc01.lab.local has two inbound connections: one from col-dc01.lab.local and second from det-dc01.lab.local

    Domain controller in COL site has inbound coonection from den-dc01.lab.local and domain controller in DET site has inbound connection from den-dc01.lab.local too.

    So everything looks just fine until you doesn't disable all network connections (not AD connections) to site DEN. After that I can observe error 4015 in DNS event log on both DCs in COL and DET site.

    The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "". The event data contains the error.

    This message continues to appear (every five minutes) until network connection to DEN site is restored. After that temporary connections are deleted and topology continues to work as expected.

    AD connections between bridgeheads servers in site link bridge (I mean det-dc01.lab.local and col.lab.local) are created only in two hours after network connections to DEN site were completely destroyed. From my point of view the connections must be created after three unsuccessful attempts to replicate, i.e. 45 minutes in my case, according to replication schedule. 

    So could you kindly help me to understand if this behavior is normal or not? And in case if it is not normal to explain me where I made mistake during configuration.

    Thanks a lot in advance and best regards.

    Tuesday, April 12, 2016 1:12 PM

Answers

  • Hi,

    Regarding DNS error 4015 check the DC's DNS settings,if the DC in COL and DET are pointing to DEN than it is expected as these DC will try to fetch DNS data.

    Suggested DNS Configuration and for this kind of scenario.

    https://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

    If you have fully meshed network I would not disable Bridge all Sitelinks.

    With regards to the time it takes to build the link I would leave the task to KCC and ISTG to generate the links if you have setup and configured Sites and Subnets correctly it will do its job.

    Most of the time manual creations and changes are cause of delays and issues we see in AD.

    Some info on this as Mr Acefay as created brilliant article on this.

    http://blogs.msmvps.com/acefekay/2013/02/24/ad-site-design-and-auto-site-link-bridging-or-bridge-all-site-links-basl/


    Regards, Jim MSCS - MCP Disclaimer: This posting is provided AS IS with no warranties or guarantees , and confers no rights. When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer


    • Edited by Jimmy Salian Tuesday, April 12, 2016 2:29 PM Update
    • Proposed as answer by Jay Gu Tuesday, April 19, 2016 9:14 AM
    • Marked as answer by Amy Wang_ Thursday, April 21, 2016 12:58 AM
    Tuesday, April 12, 2016 2:09 PM

All replies

  • Hi,

    Regarding DNS error 4015 check the DC's DNS settings,if the DC in COL and DET are pointing to DEN than it is expected as these DC will try to fetch DNS data.

    Suggested DNS Configuration and for this kind of scenario.

    https://abhijitw.wordpress.com/2012/03/03/best-practices-for-dns-client-settings-on-domain-controller/

    If you have fully meshed network I would not disable Bridge all Sitelinks.

    With regards to the time it takes to build the link I would leave the task to KCC and ISTG to generate the links if you have setup and configured Sites and Subnets correctly it will do its job.

    Most of the time manual creations and changes are cause of delays and issues we see in AD.

    Some info on this as Mr Acefay as created brilliant article on this.

    http://blogs.msmvps.com/acefekay/2013/02/24/ad-site-design-and-auto-site-link-bridging-or-bridge-all-site-links-basl/


    Regards, Jim MSCS - MCP Disclaimer: This posting is provided AS IS with no warranties or guarantees , and confers no rights. When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer


    • Edited by Jimmy Salian Tuesday, April 12, 2016 2:29 PM Update
    • Proposed as answer by Jay Gu Tuesday, April 19, 2016 9:14 AM
    • Marked as answer by Amy Wang_ Thursday, April 21, 2016 12:58 AM
    Tuesday, April 12, 2016 2:09 PM
  • Hi,

    Domain controller den-dc01.lab.local has two inbound connections: one from col-dc01.lab.local and second from det-dc01.lab.local

    Domain controller in COL site has inbound coonection from den-dc01.lab.local and domain controller in DET site has inbound connection from den-dc01.lab.local too.

    >>>Do you are running DNS on a RODC in both site COL and DET?

    If yes, here is an article below may be helpful to you.

    RODC logs DNS event 4015 every 3 minutes with error code 00002095

    https://support.microsoft.com/en-us/kb/969488

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, April 13, 2016 7:20 AM