none
DNS Event 4010 RRS feed

  • Question

  • I have the following events every few days in my DNS Event Logs:

    Event Type:    Error
    Event Source:    DNS
    Event Category:    None
    Event ID:    4010
    Date:        4/11/2012
    Time:        10:40:32 PM
    User:        N/A
    Computer:    SERVER01.xxxxxxx.local
    Description:
    The DNS server was unable to create a resource record for  c83d444c-0001-40b7-99c2-d9aa2cd1bfc9._msdcs.xxxxxxx.local. in zone xxxxxxx.local. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 7b 00 00 00               {...    

    Event Type:    Error
    Event Source:    DNS
    Event Category:    None
    Event ID:    4010
    Date:        4/11/2012
    Time:        10:40:32 PM
    User:        N/A
    Computer:    SERVER01.xxxxxxx.local
    Description:
    The DNS server was unable to create a resource record for  72b5984e-9b7b-469b-8b77-b9b4238a2a40._msdcs.xxxxxxx.local. in zone xxxxxxx.local. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 7b 00 00 00               {...    

    The attached file shows the Currnt DNS config.  SERVER01 and SERVER02 are my two DC's, both running AD-Integrated DNS.

    How should I go about getting this straightened out?  I have also been having some FRS issues that may or may not be related.

    Thanks in advance,

    -Scott


    Scott M. Phoenix, AZ

    Tuesday, April 24, 2012 9:50 PM

Answers

All replies

  • Hello,

    please see http://technet.microsoft.com/en-us/library/cc735667(v=ws.10).aspx

    Was there are restore from the DC/DNS servers from not supported backup type, image/clone/snapshot/VM file copy?


    Best regards

    Meinolf Weber
    MVP, MCP, MCTS
    Microsoft MVP - Directory Services
    My Blog: http://msmvps.com/blogs/mweber/

    Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.

    Tuesday, April 24, 2012 10:05 PM
  • It is possible that there was a restore done in the past, before I was managing the system, but I have no records to indicate that was done.

    Some more background:

    SERVER01 is SBS2008 fully patched

    SERVER02 is Server 2008 Standard fully patched

    I'll take a look at the link.

    Thanks!


    Scott M. Phoenix, AZ

    Tuesday, April 24, 2012 11:00 PM
  • I've actually already read this page.  I was concerned with making sure the exact record is recreated.  Would I delete the DNAME objects and then recreate them?  Is there risk of breaking Active directory while doing this?  Do I need to do this on both servers or just server one?

    Thanks,-Scott


    Scott M. Phoenix, AZ

    Tuesday, April 24, 2012 11:28 PM
  • Hi,

    This event may appear if a new _msdcs.domain.com zone is manually created on the DNS server, which in turn converts the original _msdcs folder within the domain.com zone into a delegated folder.

    Check this similar thread for resolution:
    DNS event 4010
    http://social.technet.microsoft.com/Forums/da/winserverDS/thread/9240ae89-5e19-4c8b-a4cc-a2963bd5c8dd


    Best Regards,

    Abhijit Waikar.
    MCSA 2003 | MCSA:Messaging | MCTS | MCITP:Server Administrator | Microsoft Community Contributor | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Wednesday, April 25, 2012 2:38 AM
  • In addition, here's a link explaining the 4010 event:
    http://eventid.net/display-eventid-4010-source-DNS-eventno-791-phase-1.htm

    So based on what everyone's asking, it would be helpful if you can remember the history of what may occured regarding a backup, restore, etc.

    .

    Are the DCs virtualized?

    .

    Any of your DCs multihomed? That means multiple unteamed NICs, multiple IPs, RRAS on a DC, or an iSCSI interface on the DC. If any DCs are, it WILL cause problems with AD and your DCs.

    .

    Also, you may want to check to make sure you also don't have duplicate zones in the AD database. Please follow the procedure in the following link. Check all three partitions: DomainNC, DomainDnsZones, and ForestDnsZones.

    Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
    http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx

    .

    While you're at it, check the _msdcs zone properties, replication scope, and make sure it's set to All DNS servers in the Forest. THen while in ADSI Edit, make sure that when you check the ForestDnsZones partition, that you see the _msdcs zone in it.

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Wednesday, April 25, 2012 4:00 AM
  • Since, the server involved is Small business server(SBS), you can refer previous discussion on this and if it doesn't reslove consider posting it into the dedicated SBS forum.

    http://social.technet.microsoft.com/Forums/en-US/smallbusinessserver/thread/f0ae5c29-6e51-4b20-bc8e-82d098318a3f/

    Small Business Server  http://social.technet.microsoft.com/Forums/en-US/smallbusinessserver/threads



    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Wednesday, April 25, 2012 1:03 PM
    Moderator
  • Yes!  You jogged my memory and I did recreate the _msdcs.domain.com zone as per a BPA recommendation. 

    Under CN=DomainDNSZones, CN=MicrosoftDNS, DC=domain.local, I have "DC=72b5984e-9b7b-469b-8b77-b9b4238a2a40"

    I do not have one for "c83d444c-0001-40b7-99c2-d9aa2cd1bfc9" in that location

    Under CN=ForestDNSZones, CN=MicrosoftDNS, DC=domain.local, I have "DC=72b5984e-9b7b-469b-8b77-b9b4238a2a40" and "DC="c83d444c-0001-40b7-99c2-d9aa2cd1bfc9"

    Should I delete all of these records and then restart netlogon and dns services?

    Do I also need to delete the records from the DNS Management Console and if so, before or after I restart the services?

    Thanks again!

    -Scott


    Scott M. Phoenix, AZ

    Wednesday, April 25, 2012 3:43 PM
  • The approach, i can think of You can delete domain.com zone complete and create it again and it will create _msdcs folder inside it. You need to restart DNS as well as Netlogon service to re-register the records. For clients, they need to be rebooted or netlogon on their workstation needs to be restarted before it re-register their records in the DNS server.

    How to backup AD-Integrated DNS zones.  http://www.activedir.org/Articles/tabid/54/articleType/ArticleView/articleId/5/How-to-export-ADintegrated-zones-to-file.aspx

    Again, i would consider posting this thread in the dedicated SBS forum to get an advice from the SBS experts.

    PS: If there is any static records in the domain.com zone, it will be wiped, so make a list of the static records(or take backup of the zone before removing it) before deleting the zone because you will have to create it again.


    Awinish Vishwakarma - MVP - Directory Services

    My Blog: awinish.wordpress.com

    Disclaimer This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Wednesday, April 25, 2012 3:59 PM
    Moderator
  • First Ensure the following on DC:
    1. Each DC / DNS server points to its private IP address as primary DNS server and other remote/local DNS servers as secondary in TCP/IP properties.
    2. Each DC has just one IP address and single network adapter is enabled.
    3. Contact your ISP and get valid DNS IPs from them and add it in to the forwarders, Do not set public DNS server in TCP/IP setting of DC.
    4. Once you are done, run "ipconfig /flushdns & ipconfig /registerdns", restart DNS and NETLOGON service each DC.
    Do not put private DNS IP addresses in forwarder list.
    5.Assigning static IP address to DC if IP address is assigned by DHCP server to DC.It is strongly not recommended.

    -->>MULTIHOMING Domain controllers is not recommended, it always results in multiple problems.
    ------------------------------------
    1. Domain Controllers should not be multi-homed
    2. Being a VPN Server and even simply running RRAS makes it multi-homed.
    3. DNS even just all by itself, is better on a single homed machine.
    4. Domain Controllers with the PDC Role are automatically Domain Master Browser. Master Browsers should not be multi-homed

    272294 - Active Directory Communication Fails on Multihomed Domain Controllers http://support.microsoft.com/default.aspx?scid=kb;en-us;272294

    If still the issue perist delete the dns quid from ADSI edit and restart the dns and netlogn service.Have a link at below link the issue was fixed by deleting the dns quid from ADSI edit.
    http://www.techtalkz.com/windows-server-2003/488363-dns-severs-giving-out-event-id-4010-a.html
    http://www.eventid.net/display.asp?eventid=4010&eventno=791&source=DNS&phase=1

    If still the issue perist I would also recommend to post the query in SBS forum.The SBS forum you'll find here http://social.technet.microsoft.com/Forums/en-US/smallbusinessserver/threads

    Hope this helps


    Best Regards,

    Sandesh Dubey.

    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator | My Blog

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

    Wednesday, April 25, 2012 4:26 PM
  • Hi,

    Thanks for posting in Microsoft TechNet forums.

    As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to  reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

    BTW,  we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.

    Best Regards

    Elytis Cheng


    Elytis Cheng

    TechNet Community Support

    Saturday, April 28, 2012 7:45 AM
    Moderator
  • Hi,

    Your first point regarding the DNS server list on the NIC of a DC is contrary to what the MS ADRAP analysts said yesterday is the preferred practice for DCs.  They should all point to the same 2 DNS servers so that there are fewer issues with the multi-valued DNS records that get updated by the DCs.

    - Laurence

    Friday, May 25, 2012 7:14 PM
  • What about the error in the event data?  Does 7b 00 00 00 tell us anything useful about the situation?
    Friday, May 25, 2012 7:18 PM