Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
Home
Discussion GroupsWindows Server 2003Windows 2000Windows NTSmall Business ServerVirtual ServerExchange ServerIISHost Integration ServerISA ServerSMSWSUSMOMWindows Media ServerSecurityCertification
Related Topics
SQL ServerMS WindowsMS OfficePC HardwareMore Topics ...
Windows Server Forum / Windows Server 2003 / DNS / July 2005

Tip: Looking for answers? Try searching our database.

stranger DNS zone creation error after Windows 2003 DC upgrade

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
Antoine Habert - 28 Jul 2005 11:28 GMT
Hi all,

I got a strange problem on a migration test lab :

We got 1 root domain and 3 child domain (native Windows 2000)

DNS zone are forwarded to a Windows 2000 DNS that serves test lab and
production as well (integrated zones, forwarder ok)

We migrated one dc of each domain to Windows 2003 (forestprep/domainprep ok,
in place upgrade)

here is our problem : windows 2003 DC try to create zone from 2 of our child
domains on themselves when we reboot the servers ! no problem with Windows
2000 DC. the zone failed to load and of course mess up our dns resolution. We
got a 4001 Error in event viewer that tell that the current DC seek for the
zone on the forestdnszone of the root dns.

Previously, Forwarder where configured to 'any server', now they point
directly to our windows 2000 DNS, problem still here.

Does anyone got an idea on why our child domain W2K3 DC try to replicate
zone of 2 other child domain while our zone replication is domainwide only?

I don't have any clue about this strange behavior.

thank you!
Reply to this Message
Ace Fekay [MVP] - 28 Jul 2005 16:04 GMT
> Hi all,
>
[quoted text clipped - 25 lines]
>
> thank you!

Did you upgrade the forest root DCs first? IIRC, you need to upgrade the
first DC in a forest, you need to upgrade the DC that holds the Domain Name
Master role first (which is usually the first DC that was created in the
domain).

If you upgraded a child DC first, it will create the _msdcs.domain.com zone
and set the replication scope to forest wide by placing it in the
ForestDnsZones app partition. This partition can replicate to a 2000 DC
(once forest and domain prep are done), but a Win2000 DC/DNS doesn't know
what to do with it.  Also, if your current AD Integrated zone went into the
DomainDnsZones app partition (another one that Win2000 DC/DNS doesn't know
what to do wtih), and the zone on your 2000 DC/DNS stil thinks it's AD
Integrated, then we have a conflict and the zone may not load.

You will need to check using ADSI Edit to find out if there is a conflict
(or duplicate zones) in AD, specifically the DomainNC and in either of the
default app partitions.

Here;s more info on the partitions:
Application directory partitions and domain controller demotion:
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHel
p/1572d8a2-622c-4879-bb0b-76e26c400129.mspx

kbAlertz (867464) - Explains how to use ADSI Edit to resolve a problem where
the DNS service logs event ID 4515 in the DNS Server log.:
http://www.kbalertz.com/kb_867464.aspx

Signature

Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================

Reply to this Message
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2010 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.