Event 4007 - unable to open zone psstemp.deleteme

Discussion in 'DNS Server' started by Bob, Apr 28, 2007.

  1. Bob

    Bob Guest

    I followed the subprocedure "If the domain controller cannot start in normal
    mode" found at: http://support.microsoft.com/kb/332199/

    Step 7b had me "Install Active Directory to make the computer a domain
    controller for a new, temporary domain, such as "psstemp.deleteme."

    I continued on with these steps and others and got to the point where I have
    a functioning DC again.

    However, I now have the following DNS error at DC startup on the DC I
    reinstalled the temporary "psstemp.deleteme" AD on. My other two DC's don't
    have this error.

    I looked through the dnsmgmt.msc, but I can't find any mention of this old
    temporary domain.

    How do I stop DNS server from trying to open a non-existent zone in AD?

    Thanks.
    -----------------------------------------------------------------------------------------------
    Event Type: Error
    Event Source: DNS
    Event Category: None
    Event ID: 4007
    Date: 4/28/2007
    Time: 5:31:57 AM
    User: N/A
    Computer: RC-SERVER-4
    Description:
    The DNS server was unable to open zone psstemp.deleteme in the Active
    Directory from the application directory partition
    DomainDnsZones.psstemp.deleteme. This DNS server is configured to obtain and
    use information from the directory for this zone and is unable to load the
    zone without it. Check that the Active Directory is functioning properly and
    reload the zone. The event data is the error code.

    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 0d 00 00 00 ....

    DC=DomainDNSZones,DC=psstemp,DC=deleteme
     
    Bob, Apr 28, 2007
    #1
    1. Advertisements

  2. Bob

    Myweb Guest

    Hello Bob,

    I assume you wanted to remove an old DC from the domain which does not work
    with dcpromo?
    If you follow the steps in that article do not connect it back to the running
    domain. Because you are deleting all old domain information you will get
    the error about the new domain you created in the registry setting in the
    running DNS from the old one. The step you did are only to remove AD from
    the broken server itself.


    Best regards

    Myweb
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
     
    Myweb, Apr 28, 2007
    #2
    1. Advertisements

  3. Bob

    Bob Guest

    Hi Myweb,

    Dcpromo requires a normal boot. Because I could not boot normally, I had to
    follow the sub-procedure "If the domain controller cannot start in normal
    mode" (in KB332199).

    I was directed to KB332199 by first following KB258062, "Directory Services
    cannot start error message when you start your Windows-based or SBS-based
    domain controller".

    So, the full picture is:

    1) KB258062 step 13 reads:
    -----------------------------------------------------------------------------------------------
    13. If the problem still exists after the offline defragmentation, and there
    are other functional domain controllers in the same domain, remove Active
    Directory from the server, and then reinstall Active Directory. To do this,
    follow the steps in the "Workaround" section in the following Microsoft
    Knowledge Base article:
    332199 (http://support.microsoft.com/kb/332199/) Domain controllers do not
    demote gracefully when you use the Active Directory Installation Wizard to
    force demotion in Windows Server 2003 and in Windows 2000 Server
    -----------------------------------------------------------------------------------------------
    2) KB332199 has me ...
    a) remove the failed DC via registry changes
    b) install AD to a temporary domain called "psstemp.deleteme"
    c) demote the DC in a normal way
    d) and it then stops there. So I return back to calling step #13 in KB258062

    3) KB258062 step 13 states "remove Active Directory from the server, and
    then reinstall Active Directory".

    So it seems to me I followed a supported procedure to force a DC demotion
    for the purpose of eventually promoting that same server back into the
    functional domain.

    So I don't understand why DNS Server is looking for zone "psstemp.deleteme"
    in AD when DNS Server was present and accounted for when I demoted the DC as
    the last DC in the forest thus essentially abolishing "psstemp.deleteme".

    But why this happened is water under the bridge, the question is: can it be
    fixed now?
    Thanks!
     
    Bob, Apr 28, 2007
    #3
  4. Bob

    Myweb Guest

    Hello Bob,

    Please post the full story from your DC problem, that we can understand what
    happens before.

    Best regards

    Myweb
    Disclaimer: This posting is provided "AS IS" with no warranties, and confers
    no rights.
     
    Myweb, Apr 28, 2007
    #4
  5. Read inline please.

    In
    I've seen this several times on Win2k3, seems like a bug to me, when you
    remove AD (and the DNS data in it), it leaves the registry keys behind.
    Since AD no longer exists on the server, it cannot load the zones.
    Go here and delete the keys for the zones noted in the Event.
    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones


    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps
    Send IM: http://www.icq.com/people/webmsg.php?to=296095728
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    http://message.wftx.us/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================
     
    Kevin D. Goodknecht Sr. [MVP], Apr 29, 2007
    #5
  6. Thanks MVPs!

    Mike Luo

    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security

    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Mike Luo [MSFT], Apr 30, 2007
    #6
  7. Bob

    Bob Guest

    Ok Kevin,
    It's been a couple of days now and a few reboots too. Your registery hack
    did the trick. THANKS!

    p.s. I put a feedback in on Article ID : 332199 mentioning the need to
    manually delete the key.
     
    Bob, May 1, 2007
    #7
  8. Bob

    Dev Spec Guest

    Awesome!
    Don't know why i didn't think of it before stumbling across this.... I too had demoted a no longer used DC and then later created a new dc in an current AD Forest and continued to get errors about the old DNS Zones; even after going through DCpromo and deleting left over DNS entried manually. THANKS!!!!
    CLEARING THE SUBKEYS IN HKLM did it.
     
    Dev Spec, Jan 5, 2012
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.