none
multiple _msdcs zones RRS feed

  • Question

  • Hi all, hopefully it's an easy explanation.

    The environment is a single forest / single domain.

    All DC's are DNS servers, and all are either 2008R2 or 2008.

    Both domain/forest functional levels are Windows Server 2003.

    Whenever one of the DCs is rebooted, we see Event 4515 logged in the DNS logs

    The zone _msdcs.domain.com was previously loaded from the directory partition DomainDnsZones.domain.com but another copy of the zone has been found in directory partition ForestDnsZones.domain.com. The DNS Server will ignore this new copy of the zone. Please resolve this conflict as soon as possible.

    When I run ADSI Edit, I can see this in both ForestDnsZones.domain.com AND DomainDnsZones.domain.com

    Is this normal? If not, is this a problem?

    When I check that zone in DNS Manager, it is AD Integrated, and replicated to all DNS servers in this domain

     

     

     

    Monday, April 22, 2013 11:50 PM

Answers

  • Thanks Awinish.

    It seems that all current DNS zones are Domain replicated, but I can see all of them also in ForestDNSzones as well as DomainDNSzones

    There aren't any CNF or In Progress though, they are proper duplicates according to Ace's blog.

    He states that Option 2 MUST be followed in this case, but does not state why. What happens if I just delete the zone from ForestDNSzones without unchecking the option box to store in AD? Will it break things?


    Yes, it will delete your DNS zones. By creating application (ForestDNSzones & DomainDNSzones)directory partition, you are stroing your zone information there & you can use the option to replicate domain or forest wide. Hence, deleting the zones w/o removing store this info to AD, will delete the zones. Also, be cautious, take the backup & if you are not sure, try it in the lab.

    Awinish Vishwakarma - MVP

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Tuesday, April 23, 2013 2:56 AM
    Moderator
  • Hi,


    I think you can try the steps in Ace’s blog with no problem.


    Also, you can refer to:


    Replication Problem ._msdcs

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/c2b97a80-292a-4eba-afab-1f6821070e97/


    Hope this helps.


    Jeremy Wu
    TechNet Community Support

    Thursday, April 25, 2013 8:01 AM
    Moderator

All replies

  • Hi all, hopefully it's an easy explanation.

    The environment is a single forest / single domain.

    All DC's are DNS servers, and all are either 2008R2 or 2008.

    Both domain/forest functional levels are Windows Server 2003.

    Whenever one of the DCs is rebooted, we see Event 4515 logged in the DNS logs

    The zone _msdcs.domain.com was previously loaded from the directory partition DomainDnsZones.domain.com but another copy of the zone has been found in directory partition ForestDnsZones.domain.com. The DNS Server will ignore this new copy of the zone. Please resolve this conflict as soon as possible.

    When I run ADSI Edit, I can see this in both ForestDnsZones.domain.com AND DomainDnsZones.domain.com

    Is this normal? If not, is this a problem?

    When I check that zone in DNS Manager, it is AD Integrated, and replicated to all DNS servers in this domain

    Check for the duplicate zones in the DNS referring http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx

    If, above is not the case, you can try recreating the application partition. MVP Jorge has listed steps.

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/afb2c23b-5c2c-4ce1-9e94-07fa929dddcb


    Awinish Vishwakarma - MVP

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Tuesday, April 23, 2013 1:57 AM
    Moderator
  • Thanks Awinish.

    It seems that all current DNS zones are Domain replicated, but I can see all of them also in ForestDNSzones as well as DomainDNSzones

    There aren't any CNF or In Progress though, they are proper duplicates according to Ace's blog.

    He states that Option 2 MUST be followed in this case, but does not state why. What happens if I just delete the zone from ForestDNSzones without unchecking the option box to store in AD? Will it break things?

    Tuesday, April 23, 2013 2:53 AM
  • Thanks Awinish.

    It seems that all current DNS zones are Domain replicated, but I can see all of them also in ForestDNSzones as well as DomainDNSzones

    There aren't any CNF or In Progress though, they are proper duplicates according to Ace's blog.

    He states that Option 2 MUST be followed in this case, but does not state why. What happens if I just delete the zone from ForestDNSzones without unchecking the option box to store in AD? Will it break things?


    Yes, it will delete your DNS zones. By creating application (ForestDNSzones & DomainDNSzones)directory partition, you are stroing your zone information there & you can use the option to replicate domain or forest wide. Hence, deleting the zones w/o removing store this info to AD, will delete the zones. Also, be cautious, take the backup & if you are not sure, try it in the lab.

    Awinish Vishwakarma - MVP

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Tuesday, April 23, 2013 2:56 AM
    Moderator
  • Sorry, I just want to confirm.

    Even though both ForestDNSzones & DomainDNSzones partitions contain _msdcs.domain.com & domain.com zones, and the records contained in each duplicated zone is different between the two partitions, it's not safe to delete one?

    ie:

    ForestDNSzones - _msdcs.domain.com

    DomainDNSzones - _msdcs.domain.com

    Although both of these are named the same, they do contain different records. If I delete one, it will delete the other automatically?

    If I rename it, I assume that is the same? The first comment on Ace's blog by Mike says it's ok to rename. So I just want to confirm.

    Tuesday, April 23, 2013 3:52 AM
  • Hi,


    I think you can try the steps in Ace’s blog with no problem.


    Also, you can refer to:


    Replication Problem ._msdcs

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/c2b97a80-292a-4eba-afab-1f6821070e97/


    Hope this helps.


    Jeremy Wu
    TechNet Community Support

    Thursday, April 25, 2013 8:01 AM
    Moderator