none
DNS server event log messages can't load RRS feed

  • Question

  • I'm running a new domain controller with a DNS server on it. The event log entries for the"Microsoft-Windows-DNS-Server-Service" all fail to load. I look at the "DNS Events" item in the "Global Logs" section of the DNS server in the DNS manager tool and every entry there has the generic "cannot be found" message.

    How can I repair the event log messages for the Microsoft-Windows-DNS-Server-Service?



    Event Type:    Information
    Event Source:    Microsoft-Windows-DNS-Server-Service
    Event Category:    None
    Event ID:    4
    Date:        9/21/2014
    Time:        15:02:03
    User:        NT AUTHORITY\SYSTEM
    Computer:    server.domain.corp
    Description:
    The description for Event ID ( 4 ) in Source ( Microsoft-Windows-DNS-Server-Service ) cannot be found. Either the component that raises this event is not installed on your local computer, or the installation is corrupted. You can install or repair the component on the local computer, or contact the component manufacturer for a newer version.

    If the event was saved from another computer or forwarded from a remote computer, you might have to include display information with the events when saving them or when setting up the forwarding s .



    Saturday, September 27, 2014 5:52 PM

All replies

  • Start with dcdiag first. Share your findings here.

    Rgds

    Milos

    Sunday, September 28, 2014 7:27 PM

  • As far as I know, dcdiag lets us know if the domain controller is correctly configured. The problem I'm having is with the event viewer; it's not finding the localized resource strings for the DNS server, and therefore can't format them for display. I've provided the output from DCDIAG on my server below, but I'd appreciate it of you could help me understand what it is you think DCDIAG would detect that would reveal a problem with the installation of (or location of) the resource strings. Can you explain your reasoning?



    C:\>dcdiag

    Directory Server Diagnosis

    Performing initial setup:
       Trying to find home server...
       Home Server = burst
       * Identified AD Forest.
       Done gathering initial info.

    Doing initial required tests

       Testing server: Default-First-Site-Name\BURST
          Starting test: Connectivity
             ......................... BURST passed test Connectivity

    Doing primary tests

       Testing server: Default-First-Site-Name\BURST
          Starting test: Advertising
             ......................... BURST passed test Advertising
          Starting test: FrsEvent
             ......................... BURST passed test FrsEvent
          Starting test: DFSREvent
             ......................... BURST passed test DFSREvent
          Starting test: SysVolCheck
             ......................... BURST passed test SysVolCheck
          Starting test: KccEvent
             ......................... BURST passed test KccEvent
          Starting test: KnowsOfRoleHolders
             ......................... BURST passed test KnowsOfRoleHolders
          Starting test: MachineAccount
             ......................... BURST passed test MachineAccount
          Starting test: NCSecDesc
             ......................... BURST passed test NCSecDesc
          Starting test: NetLogons
             ......................... BURST passed test NetLogons
          Starting test: ObjectsReplicated
             ......................... BURST passed test ObjectsReplicated
          Starting test: Replications
             ......................... BURST passed test Replications
          Starting test: RidManager
             ......................... BURST passed test RidManager
          Starting test: Services
             ......................... BURST passed test Services
          Starting test: SystemLog
             A warning event occurred.  EventID: 0x80000109
                Time Generated: 09/28/2014   14:02:25
                Event String: A pointer device did not report a valid unit of angular measurement.
             A warning event occurred.  EventID: 0x80000101
                Time Generated: 09/28/2014   14:02:25
                Event String: A pointer device reported a bad angular physical range.
             A warning event occurred.  EventID: 0x80000102
                Time Generated: 09/28/2014   14:02:25
                Event String: A pointer device reported a bad angular logical range.
             A warning event occurred.  EventID: 0x80000109
                Time Generated: 09/28/2014   14:02:25
                Event String: A pointer device did not report a valid unit of angular measurement.
             A warning event occurred.  EventID: 0x80000101
                Time Generated: 09/28/2014   14:02:25
                Event String: A pointer device reported a bad angular physical range.
             A warning event occurred.  EventID: 0x80000102
                Time Generated: 09/28/2014   14:02:25
                Event String: A pointer device reported a bad angular logical range.
             ......................... BURST passed test SystemLog
          Starting test: VerifyReferences
             ......................... BURST passed test VerifyReferences


       Running partition tests on : ForestDnsZones
          Starting test: CheckSDRefDom
             ......................... ForestDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... ForestDnsZones passed test CrossRefValidation

       Running partition tests on : DomainDnsZones
          Starting test: CheckSDRefDom
             ......................... DomainDnsZones passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... DomainDnsZones passed test CrossRefValidation

       Running partition tests on : Schema
          Starting test: CheckSDRefDom
             ......................... Schema passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Schema passed test CrossRefValidation

       Running partition tests on : Configuration
          Starting test: CheckSDRefDom
             ......................... Configuration passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... Configuration passed test CrossRefValidation

       Running partition tests on : prozac
          Starting test: CheckSDRefDom
             ......................... prozac passed test CheckSDRefDom
          Starting test: CrossRefValidation
             ......................... prozac passed test CrossRefValidation

       Running enterprise tests on : prozac.corp
          Starting test: LocatorCheck
             ......................... prozac.corp passed test LocatorCheck
          Starting test: Intersite
             ......................... prozac.corp passed test Intersite
    Sunday, September 28, 2014 9:12 PM
  • Hi Mike,

    Have you tried to use sfc to fix this issue?

    sfc /scannow

    Beside, Event ID 4 is a DNS Server Service Status, which means that the DNS server has finished the background loading of zones.

    For detailed information, please refer to the link below,

    http://technet.microsoft.com/en-us/library/dd349715(v=WS.10).aspx

    Best Regards



    Steven Lee

    TechNet Community Support


    Tuesday, October 7, 2014 4:03 PM
    Moderator
  • Thanks for the suggestion, Steven.  Unfortunately, sfc is no help; it says the system is clean. The output is below.  I'm convinced this is a bug in the OS -- or at least, in its setup. The two domain controllers I built last month both exhibit the problem.

    C:\Users\Administrator.DOMAIN> sfc  /verifyonly

    Beginning system scan.  This process will take some time.

    Beginning verification phase of system scan.
    Verification 100% complete.

    Windows Resource Protection did not find any integrity violations.

    Tuesday, October 7, 2014 10:09 PM
  • Hi Mike,

    What's version of the OS installed on your server? All events of DNS server have this error or just this one?

    Based on my research, when an application uses the RegisterEventSource or OpenEventLog function to get a handle to an event log, the event logging service searches for the specified event source in the registry.

    The registry for DNS is at

    1. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\DNS Server\DNS
    2. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Dnsapi
    3. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Dnscache

    In my lab server (Windows Server 2008 R2),

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\DNS Server\DNS\EventMessageFile is %SystemRoot%\System32\dns.exe

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Dnsapi\EventMessageFile is %Systemroot%\system32\netevent.dll

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Dnsapi\ParameterMessageFile is %Systemroot%\system32\kernel32.dll

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Dnscache\EventMessageFile is %Systemroot%\system32\netevent.dll

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Dnscache\ParameterMessageFile is %Systemroot%\system32\kernel32.dll

    The type of all of these registry is REG_EXPAND_SZ.

    For detailed information, please refer to the link below,

    http://msdn.microsoft.com/en-us/library/windows/desktop/aa363661(v=vs.85).aspx

    Best Regards.



    Steven Lee

    TechNet Community Support


    Wednesday, October 8, 2014 9:20 AM
    Moderator
  • I'm using Windows 2012 R2 64-bit.  Standard Edition.

    All of the messages for the DNS service have this problem. I haven't noticed problems with other services. All messages for the DNS service are not loadable.

    I built two new machines on new hardware and replaced two old Windows 2008 machines for my domain controllers. After the upgrade, I demoted and removed the old Windows 2008 machines. Both of the Windows 2012 machines where this problem exists are very new, fresh installs. 

    I'm familiar with how the APIs work. (I'm more of a developer than a sysadmin.) Registering the message DLLs can be pretty tricky, and can disrupt other message resource DLLs (if they're in common for multiple services). It seems remarkable that a clean install of Windows has a problem reading its own resource strings for event log messages; and more remarkable that both machines have the same problem.

    Saturday, October 11, 2014 2:16 AM
  • Hi Mike,

    I'm facing the same problem, I also had some dns problem with a domain attached RemoteDesktopServer, but not sure if it has anything to do with it or not, but I found out that this DNS error log event happend after installing Windows update KB2975719.
    I will try to test and see what will happend if I uninstall this update and come back to you.

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/93b685b9-2dc6-40ed-8f2f-845808943386/windows-server-2012-r2-dc-hyperv-guest-os-dns-error-event-id-4013-in-log-after-installing?forum=winserver8gen

    Kind regards,

    Steven

    Wednesday, October 15, 2014 4:52 PM
  • Thanks, Steven!  Both of the machines where I have this problem have KB2975719 installed.  That's not conclusive, but it's not exclusive, either ...
    Thursday, October 16, 2014 1:59 PM
  • The same happened to me after installing KB2975719. Can't read logs directly from the DNS console or from the windows backup console, therefore I must use the event log viewer in order to read logs from the services.
    Monday, October 20, 2014 7:27 AM
  • Mike, 

      I am seeing what I think is the same issue on two newly built 2012 R2 DC/DNS servers. 

      Events viewed from within the "DNS Manager" application can't be parsed and return the "The description for Event ID ..." message.  However, if I view the same events in either Eventvwr or "Server Manager", they are parsed and formatted correctly.

      This leads me to believe my systems are healthy but that "DNS Manager" has a bug.  Hopefully, someone @ MS will look into this and issue a patch/hotfix.

    Thursday, December 4, 2014 11:54 PM
  • We are experiencing this error on all 6 Domain controllers in one of our Domains that are 1) Running 2012R2 (all of them) and 2) have been updated with KB2975719 (6 of 9).  The three that do not have this update applied (albeit, it might not be this specific update causing the problem ... just following the other posts in this thread and also looking at our systems with problems) do not have this issue.

    I don't understand the interest in dcdiag when this is obviously not related to replication.  It is saying "I cannot find the descriptors for this particular event id" - which, in our case, is EVERY SINGLE EVENT that is logged, regardless of it's classification (e.g. error, warning, info, etc.)

    In fact, out of the thousands of logs on  each server, there are  less than 1% "Error" classification.  In addition, we very regularly monitor replication with both dcdiag, Microsoft Orchestrator Runbooks and the MS AD Replication Monitor tool (which is awesome!).  At any rate, we have note found solution yet and have run sfc with no error.

    Thanks a lot for any help in advance.

    Best,

    Zac


    Chief sysAdmin and Network Engineer SIETEC Technologies Inc

    Saturday, December 6, 2014 2:34 AM
  • I can confirm. And here is a little more information.

    I have recently upgraded 15 remote Server 2012 AD Controllers to Server 2012 R2.

    Upgrades were in-place

    I noticed this problem around upgrade number 10.  The log in the DNS Manager mmc was not displaying the events correctly.

    The DNS log in the Event View / Server Manager was displaying events correctly....And I might add, flooding the event log with ID 769 DNS errors.

    The problem DID NOT begin to occur until after I applied Updates using SCCM.

    On the last five upgrades, before the 2012 R2 updates were applied.  I was able to confirm that DNS Manager log was displaying events correctly.

    Let me reiterate.  My issue did not start until after I applied updates to the cleanly in-place upgraded 2012 R2 servers.

    The updates applied were those listed below.

    I have to assume that one of those is the culprit. I have not narrowed it down to which one, yet here is the list.  Maybe someone will figure it out.

    KB2975719
    KB2920189
    KB2918614
    KB2956575
    KB2998174
    KB2957189
    KB2973201
    KB2967917
    KB2979576
    KB2959626
    KB2928120
    KB2976897
    KB2993651
    KB2998527
    KB2976627
    KB2975719
    KB3000988
    KB2988948
    KB3000061
    KB2919355
    KB2939087
    KB2920189
    KB3000869
    KB2987107
    KB2973351
    KB2955164
    KB2977765
    KB2995388
    KB2938066
    KB2978668
    KB2896496
    KB2926765
    KB2962409
    KB2954879
    KB2984006
    KB2961072
    KB2964718
    KB2950153
    KB2989542
    KB2917500
    KB2977292
    KB2958262
    KB2978041
    KB2894856



    • Edited by JCimarex Saturday, December 20, 2014 6:39 PM spelling
    Saturday, December 20, 2014 6:31 PM
  • I can reproduce this problem at will.

    Server 2012r2 all updates installed as of today.

    When viewing DNS events in the Event Viewer below "DNS" in the DNS Snap In, all messages show the condition:

    • The description for Event ID ( nnnn ) in Source (Microsoft-Windows-DNS-Server-Service ) cannot be found.  Where nnnn varies by the event being reported.

    to wit:

    Event Type: Information
    Event Source: Microsoft-Windows-DNS-Server-Service
    Event Category: None
    Event ID: 769
    Date:  12/23/2014
    Time:  1:46:49 PM
    User:  NT AUTHORITY\SYSTEM
    Computer: ComputerName
    Description:
    The description for Event ID ( 769 ) in Source ( Microsoft-Windows-DNS-Server-Service ) cannot be found. Either the component that raises this event is not installed on your local computer, or the installation is corrupted. You can install or repair the component on the local computer, or contact the component manufacturer for a newer version.

    If the event was saved from another computer or forwarded from a remote computer, you might have to include display information with the events when saving them or when setting up the forwarding s TrustAnchors, TrustAnchors.dns, ComputerName

    When viewing in the Computer Management SnapIn

    /System Tools  /Event Viewer  /Applications and Services Logs /DNS Server

    the correct description shows up.

    As follows:

    Log Name:      DNS Server
    Source:        Microsoft-Windows-DNS-Server-Service
    Date:          12/23/2014 1:46:49 PM
    Event ID:      769
    Task Category: None
    Level:         Information
    Keywords:      (16)
    User:          SYSTEM
    Computer:     ComputerName
    Description:
    The DNS server has loaded the zone TrustAnchors from file TrustAnchors.dns on server ComputerName

    Case opened at MSFT this looks to be a bug.

    WORKAROUND

    View the DNS EV Log in the Computer Mgmt Console, instead of the DNS Console.


    Tuesday, December 23, 2014 10:25 PM
  • That work-around did not work for me.

    I have the same issue no matter which viewer I choose.

    Thursday, January 8, 2015 4:38 PM
  • I have the same problem. I cannot view the events in mmc or in the DNS manager. I can, however, view them in the good ole fashion event viewer. Admin tools/event viewer/ applications and services logs/ dns server. For some reason it has no problem loading the DNS events there.
    Friday, January 9, 2015 4:47 PM
  • Seeing same thing here. Have to use Event viewer. Hopefully hotfix to fix the problem soon.
    Sunday, February 8, 2015 12:23 PM
  • Don't Install the KBs: KB2975719 and/or KB2995388

    #This kb generates the corruption of the base dns console logs
    PS C:\Users\Administrator> wmic qfe list | findstr "KB2995388"
    http://support.microsoft.com/?kbid=2995388  SN1-SNT04-DC-01  Update  KB2995388               DomainLocal\Administrator  3/5/2015

    ##########
    The description for Event ID ( 4013 ) in Source ( DNS ) cannot be found. Either the component that raises this event is not installed on your local computer, or the installation is corrupted. You can install or repair the component on the local computer, or contact the component manufacturer for a newer version.

    If the event was saved from another computer or forwarded from a remote computer, you might have to include display information with the events when saving them or when setting up the forwarding s .
    ###########
    The description for Event ID ( 2 ) in Source ( DNS ) cannot be found. Either the component that raises this event is not installed on your local computer, or the installation is corrupted. You can install or repair the component on the local computer, or contact the component manufacturer for a newer version.

    If the event was saved from another computer or forwarded from a remote computer, you might have to include display information with the events when saving them or when setting up the forwarding s .
    ###########
    The description for Event ID ( 4 ) in Source ( DNS ) cannot be found. Either the component that raises this event is not installed on your local computer, or the installation is corrupted. You can install or repair the component on the local computer, or contact the component manufacturer for a newer version.

    If the event was saved from another computer or forwarded from a remote computer, you might have to include display information with the events when saving them or when setting up the forwarding s .

    SO: Windows Server 2012 R2 Std

    Platform Virtualization:Vmware Esxi 5.5 CU2



    Thursday, March 5, 2015 6:14 PM
  • Same thing here on both a physical and a virtual Server 2012 R2, freshly set up as DC with DNS and fully patched.
    Thursday, March 12, 2015 9:36 PM
  • Running into this too on a friend's server 2012 R2...

    So, what is the fix? Will uninstalling KB2975719 and/or KB2995388 resolve the problem?

    I'm surprised this is still a problem after ... what ... 5 months now?

    Monday, March 16, 2015 12:11 PM
  • Same thing here, JCimarex.  Funny you mentioned SCCM because that didn't cross my mind until you mentioned it.  That's how, via WSUS, our updates are pushed.  The only fix (scratch that, preventive measure) is to wait until this is acknowledged by Microsoft and, until then, not to apply any updates that may cause this issue.  We have determined the most likely culprit to be KB2975719.  That was through using WSUS reporting to create reports on the updates applied to servers which were and were not experiencing the problem.  In separate, mutually trusted forests, we have another 43 DC's - all of which run the DNS Server role (obviously).  Out of those, and the 9 other ones (52 total that we have investigated), the one commonality is KB2975719.  That isn't to say that is the actual culprit, but we have declined these updates until a fix is released for this issue.

    I am going to be getting in touch with enterprise support this week regarding this and a few other issues we have seen with recent updates (including hangs at starup with "Please wait for the XXX service" - typically XXX is Desktop Service or Local Session Manager).  Again only recently updated servers have this problem (and the boot problem is not limited to domain controllers).

    So, the main advice I can give to hopefully help someone out is to fully vet the KB articles on all updates that you approve for installation on several factors. 

    1) Is it critical for security and does it even apply to our environment? If so, we typically approve it (again, critical meaning truly critical - not a "this might happen in rare circumstances" type of thing). 

    2) Is it isn't critical, does it fix some other issue we are having?  If so then we look at possible side-effects of the update and, if ( benefit > risk ) install the update. 

    3)  If it is a generic "This update fixes issues with Windows" type of thing, barring no additional information available, we decline it until further notice.

    4) All other, low importance updates are declined.

    Again, this is just our current work around, and I'm only referring to installing updates on servers that are critical in our environment. The biggest saving grace for us is, on virtual machines, to take a full (e.g. including RAM) snapshot while it is running IMMEDIATELY prior to installing the updates.  Then, thoroughly check it out after the updates have completed.  If there is a major problem, try to identify the problem quickly (we just export all the logs to a network share for offline viewing) and revert as soon as possible to the running state snapshot.  Then, unselect the updates which may have caused the problems and take another snapshot and repeat.  Don't get into an infinite-loop, though! :)

    I mention doing the process quickly particularly for Domain Controllers.  While new versions of Server 2012 and R2 handle snapshot pretty well, there still exists potential for causing replication failures when reverting a domain controller from a snapshot (because the KCC doesn't know what to do with the old data that is trying to be replicated).  That is also why it's important to take the snapshot in a running state and to include a quiesced filesystem and the contents of the RAM.

    I hope this helps someone and I certainly hope MS comes out with a fix for this soon.

    Zac


    Chief sysAdmin and Network Engineer SIETEC Technologies Inc

    Tuesday, March 17, 2015 4:56 PM
  • I opened a case with Microsoft support and they said that the August 2014 update caused this issue.  The tech stated that it should be fixed in the new release of Windows server.  He also said that Microsoft would not fix the issue since there was a work around by viewing the DNS events in the server's event viewer. 

    If I wanted to pursue the issue, I would have to fill out a form and justify why I needed this by saying how many users were affected and if the company would lose money.  I will not be filling it out since it doesn't impact the customer base.  The tech found this information during ad-hoc conversations and there was no KB article that he could reference.  I just wanted to let everyone know what I discovered.

    Thanks

    • Proposed as answer by aledeniz Monday, October 8, 2018 10:46 AM
    Friday, March 20, 2015 4:43 PM
  • There are 2 variants of this DNS event text problem

    Symptom

    Resolution

    Text for DNS events is not rendered in the Windows Server 2012 R2 DNS Manager after installing August 2014 or later monthly updates

    No resolution currently exits.
    Workaround: View DNS events in the Event Viewer and Computer   Management snap-ins.

    Text for DNS events is not rendered in the Windows Server 2012 R2 Computer Management and Event Viewer snap-ins if the December 2014 monthly   update is installed but the October 2014 monthly update is not installed.

    Install October 2014 Rollup KB 3995388.   Installing October Update KB 3995388 before   installing December 2014 rollup KB 3013769 prevents   DNS event text from being renders in the Computer Management (COMPMGMT.MSC) and Event Viewer (eventvwr.msc) snap-ins.

    • Proposed as answer by aledeniz Monday, October 8, 2018 10:46 AM
    Friday, July 10, 2015 8:06 PM
  • This can occur when applying Windows Update Rollups to 2012 servers:

    "Known issue 3
    Text for DNS events is not rendered in DNS Manager mmc snap-in after you install August 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 (2975719) or a later version of monthly updates on Windows Server 2012 R2-based DNS servers. 

    Mitigations
    View DNS events by using the Event Viewer and Computer Management snap-ins."

    I cannot paste the link (as new account) but the KB article is KB 2984006


    • Edited by The Dobster Monday, August 10, 2015 9:16 AM
    • Proposed as answer by aledeniz Monday, October 8, 2018 10:46 AM
    Monday, August 10, 2015 9:16 AM
  • Hi have same issues, events are ok when viewed from events but not when viewed from dns console.

    Do you have any update from MS on this?

    Thanks a lot

    P

    Monday, September 28, 2015 12:56 AM
  • Here we are a few years later, and it seems like this is still a known issue with no resolution...

    Any one by chance get a fix for this?

    Tuesday, November 26, 2019 4:38 PM
  • almost 2020 and still no fix for this. :/
    Tuesday, November 26, 2019 4:43 PM