Results 1 to 7 of 7

Thread: Event ID 4007 error

  1. #1
    Tony Benham Guest

    Event ID 4007 error

    I've just moved our small domain from NT to Server 2003 via an intermediate
    PC on which I installed NT Server, upgraded to PDC, then to 2003 Server,
    then to DC. I then added a new 2003 machine as DC to the domain, and then
    removed DC role for the intermediate machine, and removed the old NT machine
    and the intermediate machine from our network. I think I screwed up the DNS
    slightly.
    On start up of the new 2003 DC, I'm getting an Event ID 4007 with error
    message
    "The DNS server was unable to open zone _msdcs.somename.mydomain.com in the
    Active Directory from the application directory partition
    ForestDnsZones.somename.mydomain.com. This DNS server is configured to
    obtain and use information from the directory for this zone and is unable to
    load the zone without it. Check that the Active Directory is functioning
    properly and reload the zone. The event data is the error code."

    I ran dcdiag to try to find out more

    TEST: Delegations (Del)
    Warning: DNS server: oldname.somename.mydomain.com. IP:
    <Unavailable> Failure:Missing glue A record

    Now oldname was the intermediate machine, which is no longer there. I looked
    in the dns management tool but could not find this server
    oldname.somename.mydomain.com mentioned anywhere. How can I fix this ?
    Regards
    Tony



  2. #2
    Kevin D. Goodknecht Sr. [MVP] Guest

    Re: Event ID 4007 error

    Read inline please.

    In news:[email protected],
    Tony Benham <[email protected]> typed:
    > I've just moved our small domain from NT to Server 2003 via an
    > intermediate PC on which I installed NT Server, upgraded to PDC, then
    > to 2003 Server, then to DC. I then added a new 2003 machine as DC to
    > the domain, and then removed DC role for the intermediate machine,
    > and removed the old NT machine and the intermediate machine from our
    > network. I think I screwed up the DNS slightly.
    > On start up of the new 2003 DC, I'm getting an Event ID 4007 with
    > error message
    > "The DNS server was unable to open zone _msdcs.somename.mydomain.com
    > in the Active Directory from the application directory partition
    > ForestDnsZones.somename.mydomain.com. This DNS server is configured to
    > obtain and use information from the directory for this zone and is
    > unable to load the zone without it. Check that the Active Directory
    > is functioning properly and reload the zone. The event data is the
    > error code."



    Do you get this error only when the server starts?
    Do you have only one DC/DNS?



    > I ran dcdiag to try to find out more
    >
    > TEST: Delegations (Del)
    > Warning: DNS server: oldname.somename.mydomain.com.
    > IP: <Unavailable> Failure:Missing glue A record
    >
    > Now oldname was the intermediate machine, which is no longer there. I
    > looked in the dns management tool but could not find this server
    > oldname.somename.mydomain.com mentioned anywhere. How can I fix this ?


    Can you post an (unedited) ipconfig /all, the AD Domain name from AD Users &
    Computers, and a list of all zones in DNS? (Need all three)



    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps
    Send IM: http://www.icq.com/people/webmsg.php?to=296095728
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    http://message.wftx.us/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================



  3. #3
    Tony Benham Guest

    Re: Event ID 4007 error

    Hi Kevin,
    Replies inline below.
    > In news:[email protected],
    > Tony Benham <[email protected]> typed:
    >> I've just moved our small domain from NT to Server 2003 via an
    >> intermediate PC on which I installed NT Server, upgraded to PDC, then
    >> to 2003 Server, then to DC. I then added a new 2003 machine as DC to
    >> the domain, and then removed DC role for the intermediate machine,
    >> and removed the old NT machine and the intermediate machine from our
    >> network. I think I screwed up the DNS slightly.
    >> On start up of the new 2003 DC, I'm getting an Event ID 4007 with
    >> error message
    >> "The DNS server was unable to open zone _msdcs.somename.mydomain.com
    >> in the Active Directory from the application directory partition
    >> ForestDnsZones.somename.mydomain.com. This DNS server is configured to
    >> obtain and use information from the directory for this zone and is
    >> unable to load the zone without it. Check that the Active Directory
    >> is functioning properly and reload the zone. The event data is the
    >> error code."

    >
    >
    > Do you get this error only when the server starts?
    > Do you have only one DC/DNS?


    Yes only on startup.
    Yes only one DC/DNS (same machine)

    > Can you post an (unedited) ipconfig /all, the AD Domain name from AD Users
    > &
    > Computers, and a list of all zones in DNS? (Need all three)

    C:\Documents and Settings\admin>ipconfig /all
    Windows IP Configuration
    Host Name . . . . . . . . . . . . : ORAC
    Primary Dns Suffix . . . . . . . : imageproc.imageproc.com
    Node Type . . . . . . . . . . . . : Hybrid
    IP Routing Enabled. . . . . . . . : No
    WINS Proxy Enabled. . . . . . . . : No
    DNS Suffix Search List. . . . . . : imageproc.imageproc.com
    imageproc.com
    Ethernet adapter Local Area Connection:
    Connection-specific DNS Suffix . :
    Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
    Physical Address. . . . . . . . . : 00-13-72-34-BF-A4
    DHCP Enabled. . . . . . . . . . . : No
    IP Address. . . . . . . . . . . . : 192.92.109.6
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.92.109.4
    DNS Servers . . . . . . . . . . . : 127.0.0.1

    AD Users and Computers lists imageproc.imageproc.com and Saved Queries
    and shows [ORAC.imageproc.com.imageproc.com] in the title bar for the rh
    window.
    DNSmanagment for ORAC shows 6 items
    Cached Lookups,Forward Lookup Zones, Reverse Lookup Zones,Event Viewer, Root
    Hints and
    Forwarders.
    Under forward lookup zones we have
    _msdcs.imageproc.imageproc.com
    imageproc.imageproc.com

    Regards
    Tony



  4. #4
    Kevin D. Goodknecht Sr. [MVP] Guest

    Re: Event ID 4007 error

    Read inline please.
    In news:[email protected],
    Tony Benham <[email protected]> typed:
    > "The DNS server was unable to open zone _msdcs.somename.mydomain.com
    > in the Active Directory from the application directory partition
    > ForestDnsZones.somename.mydomain.com.


    > Yes only on startup.
    > Yes only one DC/DNS (same machine)


    4007 and other 40xx events are pretty common in Single DC/DNS environments
    because DNS cannot load the zone out of Active Directory, until AD has
    started. AD cannot start until DNS has started so it puts you in catch22.
    If the events only happen on startup, you can safely ignore them. If you add
    a second DC and point each DC to the other for the Preferred DNS, you won't
    see these errors. You can also make the AD zones standard primaries, but it
    is not recommended because there is no security on Standard primary zones.
    Your ipconfig looks properly configured, although, I recommend replacing the
    127.0.0.1 Loopback address with the DC's own private IP address.

    On a side note- Your AD domain appears to a sub domain of your public domain
    name, if you don't have a local zone for imageproc.com you should remove
    that zone from your DNS suffix search list. With this name in the list your
    public domain suffix is appended to all DNS names that are not followed with
    a trailing ".". Because of this (If you use nslookup -d2 you will see this),
    www.yahoo.com (Example) gets appended with the suffixes from this list, and
    becomes www.yahoo.com.imageproc.com which is forwarded to the external DNS.
    Many public DNS providers add a Wildcard "*" record to the zones they host,
    www.yahoo.com.imageproc.com will resolve to this Wildcard record's IP.


    >> Can you post an (unedited) ipconfig /all, the AD Domain name from AD
    >> Users &
    >> Computers, and a list of all zones in DNS? (Need all three)

    > C:\Documents and Settings\admin>ipconfig /all
    > Windows IP Configuration
    > Host Name . . . . . . . . . . . . : ORAC
    > Primary Dns Suffix . . . . . . . : imageproc.imageproc.com
    > Node Type . . . . . . . . . . . . : Hybrid
    > IP Routing Enabled. . . . . . . . : No
    > WINS Proxy Enabled. . . . . . . . : No
    > DNS Suffix Search List. . . . . . : imageproc.imageproc.com
    > imageproc.com
    > Ethernet adapter Local Area Connection:
    > Connection-specific DNS Suffix . :
    > Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit
    > Ethernet Physical Address. . . . . . . . . : 00-13-72-34-BF-A4
    > DHCP Enabled. . . . . . . . . . . : No
    > IP Address. . . . . . . . . . . . : 192.92.109.6
    > Subnet Mask . . . . . . . . . . . : 255.255.255.0
    > Default Gateway . . . . . . . . . : 192.92.109.4
    > DNS Servers . . . . . . . . . . . : 127.0.0.1





    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps
    Send IM: http://www.icq.com/people/webmsg.php?to=296095728
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    http://message.wftx.us/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================



  5. #5
    Tony Benham Guest

    Re: Event ID 4007 error

    Hi Kevin,
    Question below.

    > On a side note- Your AD domain appears to a sub domain of your public
    > domain
    > name, if you don't have a local zone for imageproc.com you should remove
    > that zone from your DNS suffix search list. With this name in the list
    > your
    > public domain suffix is appended to all DNS names that are not followed
    > with
    > a trailing ".". Because of this (If you use nslookup -d2 you will see
    > this),
    > www.yahoo.com (Example) gets appended with the suffixes from this list,
    > and
    > becomes www.yahoo.com.imageproc.com which is forwarded to the external
    > DNS.
    > Many public DNS providers add a Wildcard "*" record to the zones they
    > host,
    > www.yahoo.com.imageproc.com will resolve to this Wildcard record's IP.


    I can't find out where the DNS Suffix search list is specified. Is it in the
    DNS server settings somewhere ?
    Or in the dns settings for the server network connection itself ?
    Thanks for your help
    Tony



  6. #6
    Tony Benham Guest

    Re: Event ID 4007 error

    Hi Kevin,
    See below.

    "Tony Benham" <[email protected]> wrote in message
    news:[email protected]...
    > Hi Kevin,
    > Question below.
    >
    >> On a side note- Your AD domain appears to a sub domain of your public
    >> domain
    >> name, if you don't have a local zone for imageproc.com you should remove
    >> that zone from your DNS suffix search list. With this name in the list
    >> your
    >> public domain suffix is appended to all DNS names that are not followed
    >> with
    >> a trailing ".". Because of this (If you use nslookup -d2 you will see
    >> this),
    >> www.yahoo.com (Example) gets appended with the suffixes from this list,
    >> and
    >> becomes www.yahoo.com.imageproc.com which is forwarded to the external
    >> DNS.
    >> Many public DNS providers add a Wildcard "*" record to the zones they
    >> host,
    >> www.yahoo.com.imageproc.com will resolve to this Wildcard record's IP.

    >
    > I can't find out where the DNS Suffix search list is specified. Is it in
    > the DNS server settings somewhere ?
    > Or in the dns settings for the server network connection itself ?


    I think I found this is on the append parent suffix in the dns tab of tcpip
    properties. If I untick this,
    I get www.yahoo.com.imageproc.imageproc.com , but not
    www.yahoo.com.imageproc.com Ideally I would hve thought that on the machine
    that is the domain dns server, any unresolved names such as www.yahoo.com
    should not have any suffix applied ? But the dns tab of tcpip properties
    will not allow you to untick both suffix items in the dns tab, by ticking
    append these dns suffixes ? What is the correct settings on the DC/DNS
    server for dns tcp/ip properties ?
    Thanks
    Tony



  7. #7
    Kevin D. Goodknecht Sr. [MVP] Guest

    Re: Event ID 4007 error

    Read inline please.

    In news:[email protected],
    Tony Benham <[email protected]> typed:
    > Hi Kevin,
    > See below.
    >>
    >> I can't find out where the DNS Suffix search list is specified. Is
    >> it in the DNS server settings somewhere ?
    >> Or in the dns settings for the server network connection itself ?

    >
    > I think I found this is on the append parent suffix in the dns tab of
    > tcpip properties. If I untick this,
    > I get www.yahoo.com.imageproc.imageproc.com , but not
    > www.yahoo.com.imageproc.com Ideally I would hve thought that on the
    > machine that is the domain dns server, any unresolved names such as
    > www.yahoo.com should not have any suffix applied ?


    The DNS suffix is applied to all names not ended with a trailing "."


    What is the correct settings on the DC/DNS server for dns tcp/ip properties
    ?

    The correct setting would be to have only suffixes in the list needed for
    NetBIOS type host names in the local domain, so if your local domain is
    imageproc.imageproc.com, use that name in the suffix search list.




    --
    Best regards,
    Kevin D. Goodknecht Sr. [MVP]
    Hope This Helps
    Send IM: http://www.icq.com/people/webmsg.php?to=296095728
    ===================================
    When responding to posts, please "Reply to Group"
    via your newsreader so that others may learn and
    benefit from your issue, to respond directly to
    me remove the nospam. from my email address.
    ===================================
    http://www.lonestaramerica.com/
    http://support.wftx.us/
    http://message.wftx.us/
    ===================================
    Use Outlook Express?... Get OE_Quotefix:
    It will strip signature out and more
    http://home.in.tum.de/~jain/software/oe-quotefix/
    ===================================
    Keep a back up of your OE settings and folders
    with OEBackup:
    http://www.oehelp.com/OEBackup/Default.aspx
    ===================================



Similar Threads

  1. Event ID 1108 Event Log Error
    By sam007 in forum Operating Systems
    Replies: 3
    Last Post: 22-04-2009, 09:29 AM
  2. Replies: 3
    Last Post: 25-02-2009, 03:42 PM
  3. Event ID 7026 error in event viewer
    By Carlos in forum Windows x64 Edition
    Replies: 2
    Last Post: 27-04-2007, 08:59 AM
  4. Replies: 2
    Last Post: 30-03-2007, 11:46 PM
  5. Event Log Error: Event Source:WinMgmt Event ID:10
    By BlackSunReyes in forum Small Business Server
    Replies: 2
    Last Post: 01-03-2007, 03:27 AM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,752,117,050.40228 seconds with 16 queries