DNS error - EVENT ID 4007

Discussion in 'DNS Server' started by James Minkler, Nov 30, 2004.

  1. Hello,

    I have currnetly integrated a new 2k3 server running ad into an existing NT4
    domain with 1 PDC (running Exchange) and 1 Member server. I have been able to
    fully integrate the new server and have 2k3 Exchange set up as well in the
    same exchange site. Have a full trust relationship in place and working as
    well I had also named the new 2k3 server the same name as the original NT4
    PDC, but I was able to uninstall AD and rename it according to a URL that I
    seemed to have missed place, but during that original naming mixup i had used
    sub.domain.local, now with installing AD over I apparently have used
    sub.domain.com (must not have been paying attention, lots of late nights)...
    Just a little background.


    My problem is this

    When rebooting the machine I always get a "service or device has failed",
    and will find an error in the DNS server event log as follows

    EVENT ID 4007

    The DNS server was unable to open zone sub.domain.local in the Active
    Directory from the application directory partition
    DomainDnsZones.sub.domain.local. This DNS server is configured to obtain and
    use information from the directory for this zone and is unable to load the
    zone without it. Check that the Active Directory is functioning properly and
    reload the zone. The event data is the error code.

    Currently how DNS is handled and will continue to be handled is by the
    customers ISP. They have zone control of domain.com, so i created
    sub.domain.com.

    Here is a quick look at how my DNS console looks to me. FYI I am basic on my
    knowledge of DNS so please be gentle if I am being a dork ! =)

    Forward Lookup Zones
    - _msdcs.sub.domain.com
    +dc
    +domains
    +gc
    +pdc
    - sub.domain.com
    + _msdcs
    + _sites
    + _tcp
    + _udp
    + DomainDnsZones
    + ForestDnsZones
    Reverse Lookup Zones
    + 0.1.10.in-addr.arpa
    + 0.in-addr.arpa
    + 127.in-addr.arpa
    + 255.in-addr.arpa

    I have searched several links and the closest one I could find to help me
    Troubleshoot this was the following
    http://support.microsoft.com/default.aspx?scid=kb;en-us;260371 , but it did
    not seem like what I wanted. If anyone could shed some light or point me in a
    direction to get some more knowledge under my belt please let me know.

    TIA
     
    James Minkler, Nov 30, 2004
    #1
    1. Advertisements

  2. In James Minkler <> commented
    Then Kevin replied below:

    Usually this error only happens at startup when you only have one DNS server
    with zones stored in Active Directory (AD).
    What happens is when the the DNS service starts it loads the zone from AD,
    but AD has not started yet so it cannot load the zone. As long as this
    error only appears at start up you can ignore it. You won't see this error
    if you have two DCs because AD is already running and DNS can load the zone.

    As for your statement about your ISP hosting DNS that is fine for the public
    zone, but the AD domain zone should be located on the local DNS server
    usually the DC and all Member clients and DCs _MUST_ use it only, do not use
    your ISP's DNS in TCP/IP properties on any member client or DC, in any
    position.

    Your domain name 'sub.domain.com' is perfectly fine, and is what I
    personally recommend. This makes it easier if you have VPN clients because
    you can delegate the name 'sub' in the public namespace to the private IP of
    the internal DNS server. See this link:
    http://www.microsoft.com/windows200...enarios/scenarios/dns_vfy_sjcspdns01_01ic.asp
    This makes DNS resolution for the VPN clients totally seamless. Had you
    used domain.local you would have to use hosts files to insure proper
    resolution.


    --
    Best regards,
    Kevin D4 Dad Goodknecht Sr. [MVP]
    Hope This Helps
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Nov 30, 2004
    #2
    1. Advertisements

  3. Kevin,

    Thank you very much. That has eases my fears of having a DNS problem and
    makes complete sense on why I am seeing those errors.

    As for the ISP hosting the domain, they only have control of domain.com and
    I am controlling sub.domain.com, which all clients and the one server are
    using the local DNS server for resolution.

    Thanks again for your reply.
     
    James Minkler, Nov 30, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.