none
DNS event ID 4521

    Question

  • Hello,

    The eventlogs of our DNS (DC's 2003 and 2008) servers shows the following event id 4521 quite frequently:
    The DNS server encountered error 32 attempting to load zone xx.xx.xx.in-addr.arpa from Active Directory. The DNS server will attempt to load this zone again on the next timeout cycle. This can be caused by high Active Directory load and may be a transient condition.

    I also know how the problem has started. While replicating a colleague of mine created the reversezones, because he thought it was not replicating. From that moment on we have this event. We tried removing the reverse zones from all servers but when one of all reboot the zones magically re-appear.

    Any help is more than welcome. :)

    Regards,

    Raymond

    Tuesday, March 23, 2010 1:48 PM

Answers

  • YES IT IS FIXED.

    With the information in the link http://networkadminkb.com/kb/Knowledge%20Base/DNS/How%20to%20correct%20DNS%20Event%20ID%204521.aspx I started looking around with the ADSI editor.

    I went to the following Connection Point: DC=DomainDnsZones,DC=<DOMAIN>,DC=<DOMAIN EXT> and there I saw a CN=MicrosoftDNS and a CN=MicrosoftDNS<SOME LONG ID>. In the last one I saw various DNS-zones amongst those where the zones that apeared corrupt/missing and where the source of all the evenlog messages. I looked there for one that was corrupted and with little records in it and decided to delete it. I restarted the DNS server and that zone did not appear anymore in the DNS server and also did not cause any eventlog messages. In the end I deleted the whole CN=MicrosoftDNS<SOME LONG ID> restarted the DNS-server. All corrupt DNS zones where gone and my eventlog now looks just fine.

    The CN=MicrosoftDNS<SOME LONG ID> was aparently created because the DNS data was not yet synchronised, more info I managed to find after I fixed the problem at: http://support.microsoft.com/kb/836534. I did not apply the hotfix from the article though. It seems when (re)starting a DNS-server the information in that container is used as configuration and the life data was appended to it.

     

    Cheers

    • Marked as answer by Raymond_nl Tuesday, March 30, 2010 2:36 PM
    Tuesday, March 30, 2010 2:36 PM

All replies

  • Hello,

    please see the following:

    http://technet.microsoft.com/en-us/library/cc735851(WS.10).aspx

    If this isn't the case please post an unedited ipconfig /all, and the also the DNS domain name, then name shown in AD UC and the NetBios name.

    Also give some information which kind of DNS zones you are using and how they are replciated, forest/domain or only DC wide.


    Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.
    Tuesday, March 23, 2010 1:54 PM
  • Hello,

    I have been looking at the link you have sent me. I saw in there that events from 4000 to 4019 should be logged but they do. When startting the DNS server event 4001:
    The DNS server was unable to open zone xx.xx.xx.in-addr.arpa in the Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.

    And while running event 4005:
    The DNS server received indication that zone xx.xx.xx.in-addr.arpa was deleted from the Active Directory. Since this zone was an Active Directory integrated zone, it has been deleted from the DNS server.

    The zones that we try to remove are "broken" in some way. We can't use them when we delete them they reappear after DNS service restart. We are now migrating to windows 2008, which tries to delete the zones by itself but the events keep apearing. Our reverse lookup functionality is nog working properly because not all zones are there.

    All DNS zones are AD integrated and the problem only exists with the reverse zones. We use (now) mainly windows 2008 DNS/DC servers, only one 2003 left. We have 1 tree and 1 domain with standard replication in one site. All DC's have themselves and each other as their DNS-servers.

    We are wondering if it is possible to remove these zones from the AD database so they won't reappear. We also tried putting the zones in a file on disk and loading domain info from file..

    With kind regards,

     

    Raymond

     

    Tuesday, March 23, 2010 3:47 PM
  •  Raymond,

    This is a pain of an error (i had to fix it myself once...hated it), you can read this article for how to fix.  Since one of your zones is affected (in-addr.arpa) you will need to work through the solution, and not do the workaround.

    How to correct DNS Event ID 4521
    http://networkadminkb.com/kb/Knowledge%20Base/DNS/How%20to%20correct%20DNS%20Event%20ID%204521.aspx

    • Marked as answer by Mervyn ZhangModerator Monday, March 29, 2010 6:52 AM
    • Unmarked as answer by Raymond_nl Tuesday, March 30, 2010 2:36 PM
    • Marked as answer by Raymond_nl Tuesday, March 30, 2010 2:37 PM
    • Unmarked as answer by Raymond_nl Tuesday, March 30, 2010 2:47 PM
    Tuesday, March 23, 2010 3:56 PM
  • Hi Raymond,

    Have you tried the above suggestion? Any update is welcomed.

    Thanks.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    Friday, March 26, 2010 9:55 AM
    Moderator
  • Hello,

    I did look into it buit I was not brave enough yet to actually delete and recreate stuf. I was also looking at the ntdsutil but the command domain management does not seem to be pressent. I need to study the article a bit better.
    I guess that I need to do the search for each reverse zone which i the problem?

     

    Thank.

    Monday, March 29, 2010 8:19 AM
  • YES IT IS FIXED.

    With the information in the link http://networkadminkb.com/kb/Knowledge%20Base/DNS/How%20to%20correct%20DNS%20Event%20ID%204521.aspx I started looking around with the ADSI editor.

    I went to the following Connection Point: DC=DomainDnsZones,DC=<DOMAIN>,DC=<DOMAIN EXT> and there I saw a CN=MicrosoftDNS and a CN=MicrosoftDNS<SOME LONG ID>. In the last one I saw various DNS-zones amongst those where the zones that apeared corrupt/missing and where the source of all the evenlog messages. I looked there for one that was corrupted and with little records in it and decided to delete it. I restarted the DNS server and that zone did not appear anymore in the DNS server and also did not cause any eventlog messages. In the end I deleted the whole CN=MicrosoftDNS<SOME LONG ID> restarted the DNS-server. All corrupt DNS zones where gone and my eventlog now looks just fine.

    The CN=MicrosoftDNS<SOME LONG ID> was aparently created because the DNS data was not yet synchronised, more info I managed to find after I fixed the problem at: http://support.microsoft.com/kb/836534. I did not apply the hotfix from the article though. It seems when (re)starting a DNS-server the information in that container is used as configuration and the life data was appended to it.

     

    Cheers

    • Marked as answer by Raymond_nl Tuesday, March 30, 2010 2:36 PM
    Tuesday, March 30, 2010 2:36 PM
  • Not Fixed!!!!

    All Links are down. Sorry, no Answer is reliable.

    best regards

    Tuesday, November 24, 2015 2:47 PM