none
eventid 4010 DNS The Active Directory definition of this resource record is corrupt or contains an invalid DNS name RRS feed

  • Question

  • I have this error logging on all of our DNS servers, the record is a domain controller record. I have read suggestions to delete the record, I ahve never deleted a DC in AD so I am bit nervous to do so. Does anybody have explicit directions for correcting this?

    The DNS server was unable to create a resource record for  95d10a4b-c617-49b1-adc3-2739d2956e59._msdcs.domain.local. in zone domain.local. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:

    Thursday, October 11, 2012 5:21 AM

Answers

  • At earlier I thought that the partion might be corrupted however as this point of time I would recommend Stop the netlogon service. Go to Windows\system32\config and rename the netlogon.dns and netlogon.dnb files to netlogon.dns_old and netlogon.dnb-old . From a command prompt type "ipconfig /flushdns" then run "ipconfig /registerdns" and then start netlogon again and check the event log if the error reoccurs.

    If still the issue persist take the backup of DNS as suggested earlier,delete foward lookup zone and recreate new forward lookup zone.I think this should fix the issue.

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Saturday, October 13, 2012 8:32 AM

All replies

  • Hi,

    Did you cross check this GUID with respective DC's GUID in AD Sites and Services. If not go to Sites and Services== Expand domain name== Default-in-sites== expand DC== NTDS settings properties. If _msdcs subdomain folder is missing then also you will receive this alert. Check the following link for more info. Also this issue occurs due to DNS configuration is not correct, check the NIC properties. Also provide us ipconfig /all so that we can understand it better.

    http://support.microsoft.com/kb/817470

    Thursday, October 11, 2012 5:31 AM
  • Hi,

    Please see the old post with the same problem.

    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/9240ae89-5e19-4c8b-a4cc-a2963bd5c8dd

    Regards

    Praveen


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Thursday, October 11, 2012 6:01 AM
  • In addition first Ensure the following on DC:
    1. Each DC / DNS server points to its private IP address as primary DNS server and other remote/local DNS servers as secondary in TCP/IP properties.
    2. Each DC has just one IP address and single network adapter is enabled.
    3. Contact your ISP and get valid DNS IPs from them and add it in to the forwarders, Do not set public DNS server in TCP/IP setting of DC.
    4. Once you are done, run "ipconfig /flushdns & ipconfig /registerdns", restart DNS and NETLOGON service each DC.
    Do not put private DNS IP addresses in forwarder list.
    5.Assigning static IP address to DC if IP address is assigned by DHCP server to DC.It is strongly not recommended.

    -->>MULTIHOMING Domain controllers is not recommended, it always results in multiple problems.
    ------------------------------------
    1. Domain Controllers should not be multi-homed
    2. Being a VPN Server and even simply running RRAS makes it multi-homed.
    3. DNS even just all by itself, is better on a single homed machine.
    4. Domain Controllers with the PDC Role are automatically Domain Master Browser. Master Browsers should not be multi-homed

    272294 - Active Directory Communication Fails on Multihomed Domain Controllershttp://support.microsoft.com/default.aspx?scid=kb;en-us;272294

    If still the issue perist delete the dns quid from ADSI edit and restart the dns and netlogn service.Have a link at below link the issue was fixed by deleting the dns quid from ADSI edit.
    http://www.techtalkz.com/windows-server-2003/488363-dns-severs-giving-out-event-id-4010-a.html
    http://www.eventid.net/display.asp?eventid=4010&eventno=791&source=DNS&phase=1

    If still the issue persist take the backup of DNS and delete both the msdcs and the domain.com zone. Then recreate the zone domain.local zone,recreating the zone will fix the problem:
    http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/60fa4c9c-1772-4858-a8e1-c8cc719cfc5d/
    For DNS Backup:http://social.technet.microsoft.com/Forums/en/winserverDS/thread/6409b8d5-da43-41f6-83ba-f706a6422dcc

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Thursday, October 11, 2012 8:56 AM
  • Thanks for your input I am trying to verify what you are suggesting but can't seem to get to to it. 

    My AD Sites and Services does not seem to have a default-in-sites  

    available beneath the domain name, "Sites"  see below

    Also here is the IPCONFIG /ALL

    Windows IP Configuration

     

       Host Name . . . . . . . . . . . . : aicsbs2kserver

       Primary Dns Suffix  . . . . . . . : alphainsulation.local

       Node Type . . . . . . . . . . . . : Unknown

       IP Routing Enabled. . . . . . . . : No

       WINS Proxy Enabled. . . . . . . . : Yes

       DNS Suffix Search List. . . . . . : alphainsulation.local

     

    Ethernet adapter LAN Connection:

     

       Connection-specific DNS Suffix  . :

       Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection

       Physical Address. . . . . . . . . : 00-14-22-1C-01-06

       DHCP Enabled. . . . . . . . . . . : No

       IP Address. . . . . . . . . . . . : 192.168.16.2

       Subnet Mask . . . . . . . . . . . : 255.255.255.0

       Default Gateway . . . . . . . . . : 192.168.16.1

       DNS Servers . . . . . . . . . . . : 192.168.16.2

                                           192.168.16.3

       Primary WINS Server . . . . . . . : 192.168.16.2

       NetBIOS over Tcpip. . . . . . . . : Disabled

     

    Below are the items indicated on the error

    Thursday, October 11, 2012 2:12 PM
  • on this I can not answer if this was created manually as I have inherited it, But I am not even novice at navigating ad using ADSI Edit and I am not sure how to determine which partition I am looking at when I first get in. when I try to change as suggested in the article I get an msg and nothing happens

    also I ran the commands he was interested in looking at and I dod not find anything unusaul 

    see the msg I get when following the instructions below I was trying to change context to DomainDNSZone

    It seems you have not connect to correct partition in ADSIedit.You need to check the correct zone.
    It seems that the record is in DomainDNSzone if it is not in mentioned zon check others as well.
    For DomainDNSZone refer below.
    ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type DC=DomainDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS->Domain.local
    For ForestDNSZone refer below.
    ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type DC=ForestDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS->Domain.local
    Locate <offending-guid-from-dns-event>._msdcs and delete the same.Restart thenetlogon and dns service and check.
    If the <offending-guid-from-dns-event>._msdcs is not present in above check below as well.
    ADSI Edit->Domain, DC=domain, DC=local ->System--> CN= MicrosoftDNS->Domain.local

    here is the results of the commands also

     content of %windir%\system32\config\netlogon.dns

    _ldap._tcp.alphainsulation.local. 600 IN SRV 0 100 389 aicsbs2kserver.alphainsulation.local.
    _ldap._tcp.b7981ed0-a8e3-415e-be56-4024682c5b43.domains._msdcs.alphainsulation.local. 600 IN SRV 0 100 389 aicsbs2kserver.alphainsulation.local.
    95d10a4b-c617-49b1-adc3-2739d2956e59._msdcs.alphainsulation.local. 600 IN CNAME aicsbs2kserver.alphainsulation.local.
    _kerberos._tcp.dc._msdcs.alphainsulation.local. 600 IN SRV 0 100 88 aicsbs2kserver.alphainsulation.local.
    _ldap._tcp.dc._msdcs.alphainsulation.local. 600 IN SRV 0 100 389 aicsbs2kserver.alphainsulation.local.
    _kerberos._tcp.alphainsulation.local. 600 IN SRV 0 100 88 aicsbs2kserver.alphainsulation.local.
    _kerberos._udp.alphainsulation.local. 600 IN SRV 0 100 88 aicsbs2kserver.alphainsulation.local.
    _kpasswd._tcp.alphainsulation.local. 600 IN SRV 0 100 464 aicsbs2kserver.alphainsulation.local.
    _kpasswd._udp.alphainsulation.local. 600 IN SRV 0 100 464 aicsbs2kserver.alphainsulation.local.
    _ldap._tcp.ForestDnsZones.alphainsulation.local. 600 IN SRV 0 100 389 aicsbs2kserver.alphainsulation.local.
    _ldap._tcp.DomainDnsZones.alphainsulation.local. 600 IN SRV 0 100 389 aicsbs2kserver.alphainsulation.local.
    _ldap._tcp.gc._msdcs.alphainsulation.local. 600 IN SRV 0 100 3268 aicsbs2kserver.alphainsulation.local.
    _gc._tcp.alphainsulation.local. 600 IN SRV 0 100 3268 aicsbs2kserver.alphainsulation.local.
    _ldap._tcp.pdc._msdcs.alphainsulation.local. 600 IN SRV 0 100 389 aicsbs2kserver.alphainsulation.local.
    _ldap._tcp.Atlanta._sites.alphainsulation.local. 600 IN SRV 0 100 389 aicsbs2kserver.alphainsulation.local.
    _ldap._tcp.Atlanta._sites.gc._msdcs.alphainsulation.local. 600 IN SRV 0 100 3268 aicsbs2kserver.alphainsulation.local.
    _kerberos._tcp.Atlanta._sites.dc._msdcs.alphainsulation.local. 600 IN SRV 0 100 88 aicsbs2kserver.alphainsulation.local.
    _ldap._tcp.Atlanta._sites.dc._msdcs.alphainsulation.local. 600 IN SRV 0 100 389 aicsbs2kserver.alphainsulation.local.
    _kerberos._tcp.Atlanta._sites.alphainsulation.local. 600 IN SRV 0 100 88 aicsbs2kserver.alphainsulation.local.
    _gc._tcp.Atlanta._sites.alphainsulation.local. 600 IN SRV 0 100 3268 aicsbs2kserver.alphainsulation.local.
    _ldap._tcp.Atlanta._sites.ForestDnsZones.alphainsulation.local. 600 IN SRV 0 100 389 aicsbs2kserver.alphainsulation.local.
    _ldap._tcp.Atlanta._sites.DomainDnsZones.alphainsulation.local. 600 IN SRV 0 100 389 aicsbs2kserver.alphainsulation.local.
    alphainsulation.local. 600 IN A 192.168.16.2
    gc._msdcs.alphainsulation.local. 600 IN A 192.168.16.2
    ForestDnsZones.alphainsulation.local. 600 IN A 192.168.16.2
    DomainDnsZones.alphainsulation.local. 600 IN A 192.168.16.2

    - dnscmd /enumzones

    Enumerated zone list:

     Zone count = 15

     Zone name                      Type       Storage         Properties

     .                              Cache      AD-Domain      
     _msdcs.alphainsulation.local   Primary    AD-Domain       Secure
     16.168.192.in-addr.arpa        Primary    AD-Legacy       Update Rev
     17.168.192.in-addr.arpa        Primary    AD-Legacy       Update Rev
     19.168.192.in-addr.arpa        Primary    AD-Legacy       Update Rev
     20.168.192.in-addr.arpa        Primary    AD-Legacy       Update Rev
     21.168.192.in-addr.arpa        Primary    AD-Legacy       Update Rev
     22.168.192.in-addr.arpa        Primary    AD-Legacy       Update Rev
     23.168.192.in-addr.arpa        Primary    AD-Legacy       Update Rev
     24.168.192.in-addr.arpa        Primary    AD-Legacy       Update Rev
     25.168.192.in-addr.arpa        Primary    AD-Domain       Secure Rev
     26.168.192.in-addr.arpa        Primary    AD-Domain       Secure Rev
     27.168.192.in-addr.arpa        Primary    AD-Domain       Secure Rev
     28.168.192.in-addr.arpa        Primary    AD-Domain       Secure Rev
     alphainsulation.local          Primary    AD-Legacy       Secure

    Command completed successfully.

    Thursday, October 11, 2012 2:38 PM
  • I am feeling like I should just delete this record, but I dont want mess things up can anybody confirm this is safe to delete?

    Below are the items indicated on the error


    Thursday, October 11, 2012 2:48 PM
  • To help understand the partitions and navigate/add the partitions in ADSI Edit, see my blog. Also, while you're at it, as the name of the blog implies, check for duplicate zones. If you see any, delete them.

    Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
    http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx

    .

    .

    And I do notice that your reverse zones are in ther Default NC:

    This was also known as the DomainNC. This implies this was all setup years ago using Windows 2000. They should have been moved to the DomainDnsZones partition (the middle button in the zone's properties, Replication Scope button). No biggy, just thought I mention it.

    .

    As for the issues, I did see ni your ipconfig /all that WINS Proxy is enabled. This tells me that at one time this machine had multiple NICs/Interfaces. WINS Proxy settings must be disabled. Here's how:

    .

    .

    Also, the disabling NetBIOS on a WINS machines is defeating the purpose of running WINS services.

    A WINS server must be able to register itself with its services, etc, and to participate in the Browse service, elections, etc. I highly recommend to enable NetBIOS on this DC/WINS server

    Primary WINS Server . . . . . . . : 192.168.16.2

    NetBIOS over Tcpip. . . . . . . . : Disabled

    LATE EDIT:

    And note that being configured as a WINS proxy can cause other issues, such as it *may* cause what you are currently seeing.

    .

    .

    As for the DC GUID:

    That GUID MUST BE REGISTERED under the _msdcs.alphainsulation.local zone, Venkat mentioned to look at the PROPERTIES of the server's NTDS settings to locate the actual GUID, as shown below. And it must match the GUID CNAME under the _msdcs.alphainsulation.local zone:

     


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBookTwitterLinkedIn



    • Edited by Ace Fekay [MCT] Thursday, October 11, 2012 7:24 PM see LATE EDIT
    Thursday, October 11, 2012 7:21 PM
  • OK I am learning alot about this setup, Thank You again for the great help!!

    I went ahead and enabled NetBios over TCP and disabled NetBT Proxy  as suggested

    and I believe I have verified the DC GUID (see below)

    the forward lookup zone _msdcs.alphainsulation.local is set to replicate to all dns servers in the AD domain

    the forward lookup zone alphainsulation.local is set to replicate to all domain Controllers in the AD domain

    the Reverse Lookup zones are all set to replicate to all domain Controllers in the AD domain

    Should they all be set the same?

    I am still having problems with the partition duplication possibilty because of my limited experience with AD dbase. So here is what I can show you that I have seen and but I I am not certain if I have duplication or not and if I do which one should I delete.

    It would seem to me that the DNS records are in all three partitions Am I right? see below

    The information that is in the DomainNC is also in the DomainDNSZone and the ForestDNSZone

    Friday, October 12, 2012 3:07 AM
  • OK I am learning alot about this setup, Thank You again for the great help!!

    I went ahead and enabled NetBios over TCP and disabled NetBT Proxy  as suggested

    and I believe I have verified the DC GUID (see below)

    Looks good so far!

    .

    the forward lookup zone _msdcs.alphainsulation.local is set to replicate to all dns servers in the AD domain

    the forward lookup zone alphainsulation.local is set to replicate to all domain Controllers in the AD domain

    the Reverse Lookup zones are all set to replicate to all domain Controllers in the AD domain

    Should they all be set the same?

    Yes,

    Assuming you only have one domain, let's change:

    • _msdcs.alphainsulation.local to "Replicate to all DNS servers in the Forest," which puts it in the ForestDnsZones partition.
    • alphainsulation.local  to "Replicate to all DNS servers in the AD Domain," which puts it in the DomainDnsZones partition.
    • All Reverse Lookup Zones to "Replicate to all DNS servers in the AD domain," which puts them in the DomainDnsZones partition.

    .

    Once you do that, you can view the change immediately using ADSI Edit.

    FYI, the option "Replicate to all DNS servers in the AD Domain," was from the Windows 2000 days, because Windows 2000 did not have the application partitions feature (DomainDnsZones & ForestDnsZons), so that was the only option. That came out in Windows 2003. However, if you upgraded the domain to all 2003 DC, they won't change automatically - the change must be done manually. And further, if you still have any 2000 DCs running DNS in a mixed environment, you can't choose either of the application partition, because 2000 DC/DNS servers can't participate and the zone won't be available.

    Along with the 2003 changes, included making the _msdcs.domain.tld zone a separate namespace with a delegation under the domain.tld zone. This would be created automatically if you installed a fresh domain/forest with 2003 or newer. This too, must be changed manually after a 2000 upgrade to 2003 once the 2000 DCs have all been removed.

    .

    I am still having problems with the partition duplication possibilty because of my limited experience with AD dbase. So here is what I can show you that I have seen and but I I am not certain if I have duplication or not and if I do which one should I delete.

    It would seem to me that the DNS records are in all three partitions Am I right? see below

    The information that is in the DomainNC is also in the DomainDNSZone and the ForestDNSZone.

    If that's true, then you will have duplicate zones, which is a very undesirable condition. From your screenshot, I can't see what's in the ForestDnsZones or DomainDnsZones partitions. I assume there are no duplicates, hopefully. They show up with a prefix of either "CNF..." or "InProgress..."

    .


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Friday, October 12, 2012 3:52 AM
  • Should they all be set the same?

    Yes,

    You said yes they should all be the same but your recomendation below is different for 1 of the 3 zones?  We do only have 1 domain

    Assuming you only have one domain, let's change:
    • _msdcs.alphainsulation.local to "Replicate to all DNS servers in the Forest," which puts it in the ForestDnsZones partition.
    • alphainsulation.local  to "Replicate to all DNS servers in the AD Domain," which puts it in the DomainDnsZones partition.
    • All Reverse Lookup Zones to "Replicate to all DNS servers in the AD domain," which puts them in the DomainDnsZones partition.

    Once you do that, you can view the change immediately using ADSI Edit.

    After setting this as recomended, in ADSI Edit I only see DC=RootDNSServers in all 3 contexts this has me very worried!! Is this expected?

    Not sure how to do what your discussing below here, I have stopped at the above step anyways because of worries.

    Along with the 2003 changes, included making the _msdcs.domain.tld zone a separate namespace with a delegation under the domain.tld zone. This would be created automatically if you installed a fresh domain/forest with 2003 or newer. This too, must be changed manually after a 2000 upgrade to 2003 once the 2000 DCs have all been removed.

    Thanks again for all your help I am in a holding state waiting to hear back about the results of the changes I made so far.
    Saturday, October 13, 2012 4:11 AM
  • update in the event veiwer I got these while making thoses changes

    ========================

    The DNS server received indication that zone alphainsulation.local was deleted from the Active Directory. Since this zone was an Active Directory integrated zone, it has been deleted from the DNS server.

    ========================

    The DNS server received indication that zone _msdcs.alphainsulation.local was deleted from the Active Directory. Since this zone was an Active Directory integrated zone, it has been deleted from the DNS server.

    ========================

    also recieved this error for all of the Reverse lookup zones

    ========================

    have recieved a bunch of these, slightly different

    The DNS server has encountered numerous run-time events. To determine the initial cause of these run-time events, examine the DNS server event log entries that precede this event. To prevent the DNS server from filling the event log too quickly, subsequent events with Event IDs higher than 3000 will be suppressed until events are no longer being generated at a high rate.

    The DNS server encountered a packet addressed to itself on IP address 192.168.16.2. The packet is for the DNS name "_ldap._tcp.b7981ed0-a8e3-415e-be56-4024682c5b43.domains._msdcs.alphainsulation.local.". The packet will be discarded. This condition usually indicates a configuration error.

    The DNS server encountered a packet addressed to itself on IP address 192.168.16.2. The packet is for the DNS name "_ldap._tcp.dc._msdcs.alphainsulation.local.". The packet will be discarded. This condition usually indicates a configuration error.

    The DNS server encountered a packet addressed to itself on IP address 192.168.16.2. The packet is for the DNS name "_ldap._tcp.Austin._sites.dc._msdcs.alphainsulation.local.". The packet will be discarded. This condition usually indicates a configuration error.

    Check the following areas for possible self-send configuration errors:

    1) Forwarders list. (DNS servers should not forward to themselves).

    2) Master lists of secondary zones.

    3) Notify lists of primary zones.

    4) Delegations of subzones. Must not contain NS record for this DNS server unless subzone is also on this server.

    5) Root hints.

    Example of self-delegation:

    -> This DNS server dns1.example.microsoft.com is the primary for the zone example.microsoft.com.

    -> The example.microsoft.com zone contains a delegation of bar.example.microsoft.com to dns1.example.microsoft.com,

    (bar.example.microsoft.com NS dns1.example.microsoft.com)

    -> BUT the bar.example.microsoft.com zone is NOT on this server.

    Note, you should make this delegation check (with nslookup or DNS manager) both on this DNS server and on the server(s) you delegated the subzone to. It is possible that the delegation was done correctly, but that the primary DNS for the subzone, has any incorrect NS record pointing back at this server. If this incorrect NS record is cached at this server, then the self-send could result. If found, the subzone DNS server admin should remove the offending NS record.

    You can use the DNS server debug logging facility to track down the cause of this problem.

    For more information, see Help and Support Center at

    Saturday, October 13, 2012 4:32 AM
  • Did you deleted the _msdcs.alpha insulation.local zone? Recreate it right click, new zone, type in the zone name, choose to store in AD, allow insecure updates, for now, ans finish through the wizard. 

    Then run ipconfig /registerdns, the restart the net logon service. 


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Saturday, October 13, 2012 4:45 AM
  • Not deleted from DNS just changed replication setting

    Saturday, October 13, 2012 5:30 AM
  • this is where the change took place from what I can see there is just rootDNSservers there now

    Saturday, October 13, 2012 5:35 AM
  • While Waiting I ran dcdiag /test:DNS /v /e it does not seem to complain about anything other then alot of the forwarders not valid, also I restarted DNS and still get error as before

    The DNS server was unable to create a resource record for 95d10a4b-c617-49b1-adc3-2739d2956e59._msdcs.alphainsulation.local. in zone alphainsulation.local. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.

    Saturday, October 13, 2012 5:45 AM
  • At earlier I thought that the partion might be corrupted however as this point of time I would recommend Stop the netlogon service. Go to Windows\system32\config and rename the netlogon.dns and netlogon.dnb files to netlogon.dns_old and netlogon.dnb-old . From a command prompt type "ipconfig /flushdns" then run "ipconfig /registerdns" and then start netlogon again and check the event log if the error reoccurs.

    If still the issue persist take the backup of DNS as suggested earlier,delete foward lookup zone and recreate new forward lookup zone.I think this should fix the issue.

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Saturday, October 13, 2012 8:32 AM
  • Sorry for the long delay I had to shelf this for a while and work on some other things that were pressing.

    I have done most of your recommendation

     I Stopped the netlogon service. Renamed the netlogon.dns and netlogon.dnb files to netlogon.dns_old and netlogon.dnb-old , ran "ipconfig /flushdns" then ran "ipconfig /registerdns" and then restarted netlogon.

    Problem still persists

    but have questions before I go on to the next steps.

    If still the issue persist take the backup of DNS as suggested earlier,delete foward lookup zone and recreate new forward lookup zone.I think this should fix the issue.

    Do I delete the  

    _msdcs.alpha insulation.local zone

    or the

      alpha insulation.local zone?

    Then when recreating, do I have to recreated every entry?

    Some more questions for my understanding:

    Since the error Reads :The Active Directory definition of this resource record is corrupt or contains an invalid DNS name.

    Should I not be deleting just one item from AD and not the whole DNS zone(s), seems like the problem would still be there after deleting and recreating DNS records. Is it not seeing a record in AD and expecting to find a match for it in a DNS zone and not finding it and not able to create it in the zone?

    Sorry if the questions seem ignorant.

    Your help has been much appreciated

    Friday, October 26, 2012 6:25 AM
  • You could change the _msdcs.alphainsulation.local zone to a Primary zone which changes it to a text file that's stored in system32\dns folder, then delete it from the DNS console.

    Then:

    • rename the netlogon.dns and netlogon.dnb files,
    • flush the local cache (ipconfig /flushdns)
    • flush the DNS server cache (right click DNS server name, clear cache)
    • then re-create a fresh, new _msdcs.alphainsulation.local zone
    • make it AD integrated with forest wide replication
    • ipconfig /registerdns
    • restart netlogon

    That will create a fresh zone with none of the old stuff in it.

    If that doesn't work, then there's something we're not seeing here, and it may be better to contact Microsoft support for futher assistance so they can remote in and resolve it:
    http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS 

    .


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Friday, October 26, 2012 4:39 PM
  • I thought I'd chime in and say that these steps also helped correct an Error 4010 I ran into after (finally) creating a forest-wide _msdcs zone for my own domain. Sandesh, here's a Thanks and a +1.

    This domain used to exist on a Windows 2000 domain controller and I moved it to a pair of 2003 domain controllers. In preparation for migrating to Server 2012 R2 I finally fixed this zone so it was not in the same zone as the rest of the domain, but then I saw the 4010 errors in the DNS event log. It was trying to write records in the (now nonexistent) _msdcs portion of my domain.

    --

    Saturday, March 21, 2015 5:43 PM
  • I know this is a very old thread but since this thread hits up high in google when searching for Event ID 4010 on Reverse Lookup Zones. So just as a reference for other people:

    When you see this EventID 4010

    The DNS server was unable to create a resource record for  .....0.in-addr.arpa. in zone .....in-addr.arpa. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.

    And in DNS this zone has delegated subfolders (you can check this by making a backup, (Export-DnsServerZone -name "...in-addr.arpa" -FileName "....in-addr.arpa" default written into Windows\System32\DNS. Open the file and yuo'll see "Delegated sub-zone:  ...in-addr.arpa.").

    Just delete the delegated subfolders in DNS (E.g. 0, 10, 20, etc.. this is just an octec subfolder which was default in W2003 but changed in 2008 to default no subfolders or octets), wait for replication and restart the DNS Server and Netlogon services on the DC/DNS server. The EventID for the zone will not appear anymore.

    Monday, July 22, 2019 11:29 AM