Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Event ID 4010 (Source DNS) Error

Status
Not open for further replies.

Knutern

Technical User
Mar 5, 2002
285
NO
I have come accross some weird problem.

All our DCs (with DNS Server installed, AD integrated) report the following error upon boot:
[ul][li][tt]The DNS server was unable to load a resource record (RR) from the directory at %1._msdcs.%2.%3. in zone %2.%3. Use the DNS console to recreate this RR or check that the Active Directory is functioning properly and reload the zone. The event data contains the error.[/li][/ul][/tt]

Now these "missing" resource records are there, and I can even do a NSLookup on them.

Has anybody out there seen this before, if yes, how - if - did you solve it?

Cheers
Knutern
 
have you tried a reload? right click on your servername in DNS and click reload?

~ K.I.S.S - Don't make it any more complex than it has to be ~
 
Oh yes, I have tried that as well as the following:
[ul][li]stoping netlogon service[/li]
[li]removing netlogon.dns and netlogon.tlb[/li]
[li]ipconfig /flushdns and ipconfig /registerdns[/li]
[li]starting netlogon service[/li]
[li]rebooting the server[li][/ul]
all, without success.

Cheers
 
Have you tried running the DCDIAG tool from the command line(may have to install the support tools before this cmd is available for you to use) that should give you a little more info on the specific area of the problem.

Regards,
Lightspeed1
AKA Mike
 
Yes, I have run DCDIAG too.. No errors...

Cheers
Knutern
 
How many clients on your network? Feasible to blow the zone out and reset? what service is your server offering to the clients? (DNS, DHCP WINS etc etc)Do you have DNS entries for external web or mail servers? I'd say the key is to find out WHAT resource record this thing is looking for.(sorry guess that's pretty obvious!) What happens when you use NSLOOKUP?

Regards,
Lightspeed1
AKA Mike
 
Hey Knut,
found this on EventID.net. I know you have tried some of this already but looks like there are a couple of repetitious steps that may be needed. Hope this helps.

Ionut Marin (Last update 10/29/2003):
From a newsgroup post: "If the DC and the clients are pointing only at the internal DNS server and the problem continues try this. Stop the netlogon service. Go to Winnt\system32\config and delete the netlogon.dns and netlogon.dnb files. From a command prompt type "ipconfig /flushdns" and press enter. Then run "ipconfig /registerdns" and press enter. Lastly, start netlogon again. Check to see if the 4010 error message comes back. If so, delete the DNS forward lookup zone. Create a new forward lookup zone by the same name. Ensure it is setup to allow dynamic updates. Run the two IPconfig commands from above and restart netlogon".

Regards,
Lightspeed1
AKA Mike
 
Hi Lightspeed1,

well, the resources records that can not be found are there, and I am able to NSLookup them. That's what drives me crazy.

I know of the information on eventit.net. I have been through those steps too.

Currently, I am testing a scenario in my lab; what happens when I remove the DNS-service and reinstall it.

BTW: May be this information might be usefull too: It's a dingle domain with multiple sites, where each site has a DC with GC, DNS and DHCP. The main site has two DCs, each also with GC and DNS.

My DNS-Tree looks - just a part of it of course - like this:[tt]
+ Forward Lookup Zones
| + _msdcs.my.lan
| (same as parent folder) SOA [xx], primaryserver.my.lan., admin.my.lan.
| (same as parent folder) Name Server primaryserver.my.lan.
| (same as parent folder) Name Server someotherserver.my.lan.
| 12345678-1234-1234-1234-123456789ABC ALIAS primaryserver.my.lan.
| 12345679-1234-1234-1234-123456789ABC ALIAS someotherserver.my.lan.
| + my.lan
+ Reverse Lookup Zones
[/tt]
All the information the DNS-Servers are looking up, are within the _msdcs.my.lan path.


Cheers
Knutern
 
Hey Knutern,
Couple of things are coming to mind, you say the main site has two DC's ech holding the GC role. Shouldn't only one of those be the GC? Could it be that the server is trying to verify a RR that lives on your other DC? Are you seeing any kind of replication errors also? Could this be a case of the DNS service kicking in before the zone loads? Could this be an issue with one of the alias?
I am grasping at straws here I know. I am going to play around in my lab a bit also and see if I can recreate the issue. By the way I have to thank you for the Friday mornig laugh I manage a few "Dingle" domains myself :)
Post back if you come up with anything and I will continue to poke around also.



Regards,
Lightspeed1
AKA Mike
 
Hi Lightspeed1,

hmm.. dingel domain... that was a typo... It should read single of course :$ (blushing)

well, any DC in our Domain also holds the GC role. And no, no replication errors.

My biggest concerns are, I do not know why this all of a sudden has happend, and I am not able to reproduce the behavior in my lab environment.

Cheers
Knutern
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top