| Author |
Message |
John Rosenlof
Guest
|
 Posted:
Sat Jan 08, 2005 4:55 am Post subject:
Error msg. 4007 |
|
|
Hi, I was reading some of the questions and it appears that this may have
already been answered, but mine is slightly different so I want to just be
sure. I'm running Win2k3 Server, it's a tree in the forest and the only dc
in the domain. I had to remove the old AD, but I made sure that I followed
all of the instructions that were laid out in the KB articles that I read.
To the best of my knowledge, this has all been done cleanly and when I
installed all of this I didn't get any error messages. I'm getting this
error message every time I either reboot or try to restart the DNS server:
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4007
Date: 1/7/2005
Time: 2:13:10 PM
User: N/A
Computer: XXSERVER1
Description:
The DNS server was unable to open zone _msdcs.XXXXXXE.COM in the Active
Directory from the application directory partition
ForestDnsZones.XXXXXXE.COM. This DNS server is configured to obtain and use
information from the directory for this zone and is unable to load the zone
without it. Check that the Active Directory is functioning properly and
reload the zone. The event data is the error code.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 0d 00 00 00 ....
I'm also getting an error:
Event Type: Information
Event Source: DNS
Event Category: None
Event ID: 113
Date: 1/7/2005
Time: 2:13:09 PM
User: N/A
Computer: XXSERVER1
Description:
The DNS server could not signal the service "NAT". The error was 1168. There
may be interoperability problems between the DNS service and this service.
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
whenever I restart the DNS service. It appears right before it shuts down
and then shows up right before it starts up again. I read the response that
said that the first error was because the DNS server started up before AD
did, but should that happen even when I restart the service? And any ideas
what the NAT problem might be? I'd appreciate any help or ideas that could
be offered. Thanks!
--John |
|
| Back to top |
|
 |
Ace Fekay [MVP]
Guest
|
| Posted:
Sat Jan 08, 2005 10:32 am Post subject:
Re: Error msg. 4007 |
|
|
In news:enxgzvQ9EHA.2540@TK2MSFTNGP09.phx.gbl,
John Rosenlof <greyseal96@hotmail.com> made a post then I commented below
:: Hi, I was reading some of the questions and it appears that this may
:: have already been answered, but mine is slightly different so I want
:: to just be sure. I'm running Win2k3 Server, it's a tree in the
:: forest and the only dc in the domain. I had to remove the old AD,
:: but I made sure that I followed all of the instructions that were
:: laid out in the KB articles that I read. To the best of my
:: knowledge, this has all been done cleanly and when I installed all
:: of this I didn't get any error messages. I'm getting this error
:: message every time I either reboot or try to restart the DNS server:
::
:: Event Type: Error
:: Event Source: DNS
:: Event Category: None
:: Event ID: 4007
:: Date: 1/7/2005
:: Time: 2:13:10 PM
:: User: N/A
:: Computer: XXSERVER1
:: Description:
:: The DNS server was unable to open zone _msdcs.XXXXXXE.COM in the
:: Active Directory from the application directory partition
:: ForestDnsZones.XXXXXXE.COM. This DNS server is configured to obtain
:: and use information from the directory for this zone and is unable
:: to load the zone without it. Check that the Active Directory is
:: functioning properly and reload the zone. The event data is the
:: error code.
::
::
:: I'm also getting an error:
::
:: Event Type: Information
:: Event Source: DNS
:: Event Category: None
:: Event ID: 113
:: Date: 1/7/2005
:: Time: 2:13:09 PM
:: User: N/A
:: Computer: XXSERVER1
:: Description:
:: The DNS server could not signal the service "NAT". The error was
:: 1168. There may be interoperability problems between the DNS service
:: and this service.
<snip>
Sounds like it thinks the zone is in the ForestDnsZones app partition. How
is the zone replication scope set in the zone properties? Also, have you
checked with ADSIEdit if there's a dupe zone in the Domain partitions?
As for the 113 error, sounds like you are trying to use ICS and not NAT, but
DNS is installed on the machine. Is this a multihomed domain controller and
you are tyring to offer Inernet access thru it? That can be tricky to setup
correctly if it is. It's less expensive, easier to setup, and will not
expose your DC to the Internet if you were to use a Linksys, Netgear, etc,
router to handle NAT for the nework than using your DC. If you want to
continue using it, disable ICS and configure NAT. Read this please...
http://www.eventid.net/display.asp?eventid=113&eventno=3869&source=DNS&phase=1
--
Regards,
Ace
G O E A G L E S !!!
Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.
This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.
Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Security Is Like An Onion, It Has Layers
HAM AND EGGS: A day's work for a chicken;
A lifetime commitment for a pig.
--
================================= |
|
| Back to top |
|
|
John Rosenlof
Guest
|
| Posted:
Tue Jan 11, 2005 1:13 am Post subject:
Re: Error msg. 4007 |
|
|
Hi,
see my responses down below...
"Ace Fekay [MVP]"
<PleaseSubstituteMyActualFirstName&LastNameHere@hotmail.com> wrote in
message news:uRWHEsT9EHA.3376@TK2MSFTNGP12.phx.gbl...
| Quote: | In news:enxgzvQ9EHA.2540@TK2MSFTNGP09.phx.gbl,
John Rosenlof <greyseal96@hotmail.com> made a post then I commented below
:: Hi, I was reading some of the questions and it appears that this may
:: have already been answered, but mine is slightly different so I want
:: to just be sure. I'm running Win2k3 Server, it's a tree in the
:: forest and the only dc in the domain. I had to remove the old AD,
:: but I made sure that I followed all of the instructions that were
:: laid out in the KB articles that I read. To the best of my
:: knowledge, this has all been done cleanly and when I installed all
:: of this I didn't get any error messages. I'm getting this error
:: message every time I either reboot or try to restart the DNS server:
::
:: Event Type: Error
:: Event Source: DNS
:: Event Category: None
:: Event ID: 4007
:: Date: 1/7/2005
:: Time: 2:13:10 PM
:: User: N/A
:: Computer: XXSERVER1
:: Description:
:: The DNS server was unable to open zone _msdcs.XXXXXXE.COM in the
:: Active Directory from the application directory partition
:: ForestDnsZones.XXXXXXE.COM. This DNS server is configured to obtain
:: and use information from the directory for this zone and is unable
:: to load the zone without it. Check that the Active Directory is
:: functioning properly and reload the zone. The event data is the
:: error code.
::
::
:: I'm also getting an error:
::
:: Event Type: Information
:: Event Source: DNS
:: Event Category: None
:: Event ID: 113
:: Date: 1/7/2005
:: Time: 2:13:09 PM
:: User: N/A
:: Computer: XXSERVER1
:: Description:
:: The DNS server could not signal the service "NAT". The error was
:: 1168. There may be interoperability problems between the DNS service
:: and this service.
snip
Sounds like it thinks the zone is in the ForestDnsZones app partition. How
is the zone replication scope set in the zone properties? Also, have you
checked with ADSIEdit if there's a dupe zone in the Domain partitions?
|
Thanks for your help and response. The domain for which I set up this dns
server is another tree in a forest. The only other domain listed in the
domain partitions is the original tree of this forest (domain1). The zone
for this domain (domain2) is an AD integrated domain. I have a secondary
zone set up that gets its info from domain1's dns server. Have I
incorrectly configured something? I thought that I had followed the
procedures correctly but perhaps not.
| Quote: | As for the 113 error, sounds like you are trying to use ICS and not NAT,
but
DNS is installed on the machine. Is this a multihomed domain controller
and
you are tyring to offer Inernet access thru it? That can be tricky to
setup
correctly if it is. It's less expensive, easier to setup, and will not
expose your DC to the Internet if you were to use a Linksys, Netgear, etc,
router to handle NAT for the nework than using your DC. If you want to
continue using it, disable ICS and configure NAT. Read this please...
http://www.eventid.net/display.asp?eventid=113&eventno=3869&source=DNS&phase |
=1
As far as the NAT is concerned, the way that we have it set up is that a
firewall router is taking care of the NAT and also a VPN connection.
Everything else (the whole domain) is behind that.
Thanks,
John |
|
| Back to top |
|
|
Ace Fekay [MVP]
Guest
|
| Posted:
Tue Jan 11, 2005 5:02 am Post subject:
Re: Error msg. 4007 |
|
|
In news:%23DhG$h09EHA.2196@TK2MSFTNGP14.phx.gbl,
John Rosenlof <greyseal96@hotmail.com> made a post then I commented below
Inline below...
| Quote: | snip
Sounds like it thinks the zone is in the ForestDnsZones app
partition. How is the zone replication scope set in the zone
properties? Also, have you checked with ADSIEdit if there's a dupe
zone in the Domain partitions?
Thanks for your help and response. The domain for which I set up
this dns server is another tree in a forest. The only other domain
listed in the domain partitions is the original tree of this forest
(domain1). The zone for this domain (domain2) is an AD integrated
domain. I have a secondary zone set up that gets its info from
domain1's dns server. Have I incorrectly configured something? I
thought that I had followed the procedures correctly but perhaps not.
|
Well, I don't see much of a prob with the setup, unless I'm missing
something. If the secondary zone is on a DC, that can cause a problem. Also,
if the DomainDnsZone don't exist for Domain2 (in the other tree), you may
not be looking at that domain in ADSI Edit.
The way I have setup a different tree in the same forest before, is I would
set the DNS address to the forest root DNS, and create the zone and
replicate it to the ForestDnsZones (because it's in a different tree). Then
once the machine and domain is promoted, I would install DNS on that DC. I
then create the zone and make set it to ForestDnsZones and it should popup.
I would also create the _msdcs.forestdomain.com zone and set replication to
ForestDnsZone as well. Then I woulkd point to itself and all is good.
The one thing I'm not sur eof you said Domain2 is AD Integrated. Do you mean
legacy AD Integrated or is it in the DomainDnsZone partition?
| Quote: |
As for the 113 error, sounds like you are trying to use ICS and not
NAT, but DNS is installed on the machine. Is this a multihomed
domain controller and you are tyring to offer Inernet access thru
it? That can be tricky to setup correctly if it is. It's less
expensive, easier to setup, and will not expose your DC to the
Internet if you were to use a Linksys, Netgear, etc, router to
handle NAT for the nework than using your DC. If you want to
continue using it, disable ICS and configure NAT. Read this
please...
http://www.eventid.net/display.asp?eventid=113&eventno=3869&source=DNS&phase
=1
As far as the NAT is concerned, the way that we have it set up is
that a firewall router is taking care of the NAT and also a VPN
connection. Everything else (the whole domain) is behind that.
|
That error indicates ICS is intalled on the same machine that has DNS
installed. That's why I mentioned. it. Is this a dual homed machine? If it
is, did anyone check off "share this connection'?
No prob...
Ace |
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in