DNS event 4010

All replies

• 

  

  0

  Sign in to vote

  Did you create _msdcs.domain.local (rather than msdcs.domain.local)?

  If so, how did you go about creating it - and why did you have to recreate it?

  Did you follow http://support.microsoft.com/kb/817470

  hth
  Marcin

  Thursday, December 29, 2011 8:38 PM
• 

  

  0

  Sign in to vote

  yeah, that's the article I used.

  I created _msdcs.domain.local because BPA was complaining that _msdcs.domain.local is missing, which it was.

  This is what I did, right click Forward lookup zones -> new zone. After zone was created it got automatically populated with records. When I restarted dns service, the 4010 error showed up.

  Thursday, December 29, 2011 9:45 PM
• 

  

  0

  Sign in to vote

  Post the following:

  - content of %windir%\system32\config\netlogon.dns

  - dnscmd /enumzones

  hth
  Marcin

  Thursday, December 29, 2011 11:28 PM
• 

  

  2

  Sign in to vote

  
  This event may appear if a new _msdcs.domain.com zone is manually created on the DNS server, which in turn converts the original _msdcs folder within the domain.com zone into a delegated folder.

  Refer below link to fix the same.
  
  http://eventid.net/display.asp?phase=1&eventid=4010&eventno=791&source=DNS
  
  http://technet.microsoft.com/en-us/library/dd349580(WS.10).aspx
  
  Hope this helps

  Regards,
  Sandesh Dubey.
  -------------------------------
  MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
  My Blog: http://sandeshdubey.wordpress.com
  This posting is provided AS IS with no warranties, and confers no rights.

  • Proposed as answer by AjayKumar sharma Friday, December 30, 2011 4:27 AM
  • Marked as answer by Elytis Cheng Monday, January 2, 2012 5:17 AM

  Friday, December 30, 2011 12:50 AM
• 

  

  0

  Sign in to vote

  Post the following:

  - content of %windir%\system32\config\netlogon.dns

  - dnscmd /enumzones

  hth
  Marcin

  
  C:\Windows\system32>dnscmd /enumzones
  
  Enumerated zone list:
          Zone count = 6
  
   Zone name                      Type       Storage         Properties
  
   .                              Cache      AD-Domain
   _msdcs.compuweigh.local        Primary    AD-Domain       Secure Aging
   7.168.192.in-addr.arpa         Primary    AD-Domain       Secure Rev Aging
   8.168.192.in-addr.arpa         Primary    AD-Forest       Secure Rev Aging
   compuweigh.local               Primary    AD-Forest       Secure Aging
   TrustAnchors                   Primary    AD-Forest       Aging
  
  
  Command completed successfully.

   

  _ldap._tcp.compuweigh.local. 600 IN SRV 0 100 389 CMPWADSRV1.compuweigh.local.
  _ldap._tcp.Default-First-Site-Name._sites.compuweigh.local. 600 IN SRV 0 100 389 CMPWADSRV1.compuweigh.local.
  _ldap._tcp.pdc._msdcs.compuweigh.local. 600 IN SRV 0 100 389 CMPWADSRV1.compuweigh.local.
  _ldap._tcp.gc._msdcs.compuweigh.local. 600 IN SRV 0 100 3268 CMPWADSRV1.compuweigh.local.
  _ldap._tcp.Default-First-Site-Name._sites.gc._msdcs.compuweigh.local. 600 IN SRV 0 100 3268 CMPWADSRV1.compuweigh.local.
  _ldap._tcp.fdc19219-8d38-423a-8466-e8895c2ec96c.domains._msdcs.compuweigh.local. 600 IN SRV 0 100 389 CMPWADSRV1.compuweigh.local.
  62ebf5b9-1450-4eef-aeaf-f4eb0a16457c._msdcs.compuweigh.local. 600 IN CNAME CMPWADSRV1.compuweigh.local.
  _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.compuweigh.local. 600 IN SRV 0 100 88 CMPWADSRV1.compuweigh.local.
  _ldap._tcp.dc._msdcs.compuweigh.local. 600 IN SRV 0 100 389 CMPWADSRV1.compuweigh.local.
  _ldap._tcp.Default-First-Site-Name._sites.dc._msdcs.compuweigh.local. 600 IN SRV 0 100 389 CMPWADSRV1.compuweigh.local.
  _kerberos._tcp.compuweigh.local. 600 IN SRV 0 100 88 CMPWADSRV1.compuweigh.local.
  _kerberos._tcp.Default-First-Site-Name._sites.compuweigh.local. 600 IN SRV 0 100 88 CMPWADSRV1.compuweigh.local.
  _gc._tcp.compuweigh.local. 600 IN SRV 0 100 3268 CMPWADSRV1.compuweigh.local.
  _gc._tcp.Default-First-Site-Name._sites.compuweigh.local. 600 IN SRV 0 100 3268 CMPWADSRV1.compuweigh.local.
  _kerberos._udp.compuweigh.local. 600 IN SRV 0 100 88 CMPWADSRV1.compuweigh.local.
  _kpasswd._tcp.compuweigh.local. 600 IN SRV 0 100 464 CMPWADSRV1.compuweigh.local.
  _kpasswd._udp.compuweigh.local. 600 IN SRV 0 100 464 CMPWADSRV1.compuweigh.local.
  _ldap._tcp.DomainDnsZones.compuweigh.local. 600 IN SRV 0 100 389 CMPWADSRV1.compuweigh.local.
  _ldap._tcp.Default-First-Site-Name._sites.DomainDnsZones.compuweigh.local. 600 IN SRV 0 100 389 CMPWADSRV1.compuweigh.local.
  _ldap._tcp.ForestDnsZones.compuweigh.local. 600 IN SRV 0 100 389 CMPWADSRV1.compuweigh.local.
  _ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones.compuweigh.local. 600 IN SRV 0 100 389 CMPWADSRV1.compuweigh.local.
  _kerberos._tcp.dc._msdcs.compuweigh.local. 600 IN SRV 0 100 88 CMPWADSRV1.compuweigh.local.
  compuweigh.local. 600 IN A 192.168.8.20
  gc._msdcs.compuweigh.local. 600 IN A 192.168.8.20
  DomainDnsZones.compuweigh.local. 600 IN A 192.168.8.20
  ForestDnsZones.compuweigh.local. 600 IN A 192.168.8.20

  Friday, December 30, 2011 1:10 AM
• 

  

  0

  Sign in to vote

  
  This event may appear if a new _msdcs.domain.com zone is manually created on the DNS server, which in turn converts the original _msdcs folder within the domain.com zone into a delegated folder.

  Refer below link to fix the same.
  
  http://eventid.net/display.asp?phase=1&eventid=4010&eventno=791&source=DNS
  
  http://technet.microsoft.com/en-us/library/dd349580(WS.10).aspx
  
  Hope this helps

  Regards,
  Sandesh Dubey.
  -------------------------------
  MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
  My Blog: http://sandeshdubey.wordpress.com
  This posting is provided AS IS with no warranties, and confers no rights.

  
  I already checked both of them, but when I open ADSI edit there is nothing like “Domain->System->MicrosoftDNS->domain.com-><offending-guid-from-dns-event>._msdcs". Unless I'm doing something wrong.
  

  Friday, December 30, 2011 1:12 AM
• 

  

  0

  Sign in to vote

  Apparently the zone you created resides in the domain-wide application partition. Delete it and create one with forest-wide replication scope - as per http://support.microsoft.com/kb/817470

  hth
  Marcin

  Friday, December 30, 2011 1:41 AM
• 

  

  0

  Sign in to vote

  
  This event may appear if a new _msdcs.domain.com zone is manually created on the DNS server, which in turn converts the original _msdcs folder within the domain.com zone into a delegated folder.

  Refer below link to fix the same.
  
  http://eventid.net/display.asp?phase=1&eventid=4010&eventno=791&source=DNS
  
  http://technet.microsoft.com/en-us/library/dd349580(WS.10).aspx
  
  Hope this helps

  Regards,
  Sandesh Dubey.
  -------------------------------
  MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
  My Blog: http://sandeshdubey.wordpress.com
  This posting is provided AS IS with no warranties, and confers no rights.

  
  I already checked both of them, but when I open ADSI edit there is nothing like “Domain->System->MicrosoftDNS->domain.com-><offending-guid-from-dns-event>._msdcs". Unless I'm doing something wrong.
  

  
  Hi,

  Please try to perform the following steps to test:

  ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type DC=ForestDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS

  
  Hope this helps!

  Best Regards
  Elytis Cheng

   

  ---

  Please remember to click “Mark as Answer” on the post that

  Elytis Cheng

  TechNet Community Support

  

  • Marked as answer by Elytis Cheng Monday, January 2, 2012 5:18 AM

  Friday, December 30, 2011 3:24 AM
• 

  

  2

  Sign in to vote

  It seems you have not connect to correct partition in ADSIedit.You need to check the correct zone.
  
  It seems that the record is in DomainDNSzone if it is not in mentioned zon check others as well.
  
  For DomainDNSZone refer below.
  
  ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type DC=DomainDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS->Domain.local
  
  For ForestDNSZone refer below.
  ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type DC=ForestDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS->Domain.local
  
  Locate <offending-guid-from-dns-event>._msdcs and delete the same.Restart the netlogon and dns service and check.
  
  If the <offending-guid-from-dns-event>._msdcs is not present in above check below as well.
  ADSI Edit->Domain, DC=domain, DC=local ->System--> CN= MicrosoftDNS->Domain.local
  
  Hope this helps

  Regards,
  Sandesh Dubey.
  -------------------------------
  MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
  My Blog: http://sandeshdubey.wordpress.com
  This posting is provided AS IS with no warranties, and confers no rights.
  
  

  
  

  • Edited by Sandesh Dubey Friday, December 30, 2011 3:55 AM
  • Marked as answer by Elytis Cheng Monday, January 2, 2012 5:18 AM

  Friday, December 30, 2011 3:54 AM
• 

  

  0

  Sign in to vote

  As I've run into a nearly identical situation as the OP and Sandesh's suggestions seem appropriate, I need further clarification before I proceed to delete the offending guid(s).

  This is my 4010 error:

  The DNS server was unable to create a resource record for  053bce83-5465-44b5-9b48-aa67c479b4f8._msdcs.mydomain.local. in zone mydmain.local. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.

  From ADSI, the GUID is listed both under

       DomainDNSZone as DC=053bce83-5465-44b5-9b48-aa67c479b4f8._msdcs.

       ForestDNSZone as DC=053bce83-5465-44b5-9b48-aa67c479b4f8

  Based on the previous post, I should delete the offending GUID located only under DomainDNSZone or both?

  Additional notes:

  - the server was migrated from SBS2003 to SBS2003R2 and then to SBS2011. This DNS error first appeared after the first migration after recreating the missing _msdcs record.

  - on the SBS2011 (Windows Server 2008R2 SP1) under ForestDNSZone, there is a 2nd msdcs GUID in the same format as the offending GUID. It looks like this: DC=273d3f3a-4be5-4654-b616-1a8f3278f33d. My hunch is there should be only one such GUID, not two.

  Clarification before I proceed to delete the offending GUID(s) would be helpful.

  Cheers

  Saturday, March 16, 2013 2:09 AM
• 

  

  0

  Sign in to vote

  I am also facing same issue

  I can see the Event id 4010 on windows server 2008 R2
  The DNS server was unable to create a resource record for 615c....._msdsc.mydomain.com

  First i need to check the current GUID in active directory sites and services. then
  

  I will login using mmc DC=ForestDNSzones, DC=Domain, DC=Local
  CN=MicrosoftDNS---DC=-msdcs.mydomain.local
  Here i will delete any id pointing to DC=615c.........,DC=mydomain,DC=local
  
  after deleting i need to restart netlogon and dns service. thats it or anything else
  

  (Should i also delete %WinDir%\system32\config\netlogon.dnb and netlogon.dns.)

  
  

  Wednesday, February 12, 2014 5:41 PM
• 

  

  0

  Sign in to vote

  This did not work for me.  The records kept getting re-created.  The following answer worked for me.

  https://social.technet.microsoft.com/Forums/Lync/en-US/55c7a4cd-2932-4b0e-bfd2-b043490df000/eventid-4010-dns-the-active-directory-definition-of-this-resource-record-is-corrupt-or-contains-an?forum=winserverDS&prof=required

   

  Monday, March 25, 2019 9:12 PM