Page 2 of 2 FirstFirst 12
Results 16 to 22 of 22

Thread: EventID 4521 warning after SP2 upgrade

  1. #16
    rpremuz@yahoo.com Guest

    Re: EventID 4521 warning after SP2 upgrade

    ken wrote:
    > The error wasn't shown after i run the command
    >
    > But when i reboot the server, the error still appear again
    >
    > Does anyone meet it like me ??


    The same is with me :-(

    -- rpr. /Robert Premuz/


  2. #17
    Kevin Guest

    Re: EventID 4521 warning after SP2 upgrade

    Hi
    After reboot and I have warning again.

    > ken wrote:
    >> The error wasn't shown after i run the command
    >>
    >> But when i reboot the server, the error still appear again
    >>
    >> Does anyone meet it like me ??

    >
    > The same is with me :-(
    >
    > -- rpr. /Robert Premuz/
    >




  3. #18
    cburgess002@gmail.com Guest

    Re: EventID 4521 warning after SP2 upgrade

    For me the dnscmd /config . /bootmethod makes the problem go away. If
    I restart DNS, still no problem, but if I restart the server the
    problem happens again. This only happens on domain controllers for my
    domain at the top of my forest. All of my domain controllers in its
    subdomains work fine. The other strange thing with the domain
    controllers at the top of the forest is that I can't set any zone
    replication to "All DNS servers" in the domain, however I can set the
    replication to "All DNS servers" in the forest, or "All domain
    controllers" in the domain. However with my subdomains setting to "All
    DNS servers" in the domain works just fine. I don't know very much
    about DNS on Win 2K3, could I have an issue with DomainDnsZones? My
    ForestDnsZones has info for all my domain controllers, but my
    DomainDnsZones only has info for one domain controller (there are four
    domain controllers in its domain). Is this normal? My forest and all
    domains are at 2003 functional level, and domain controllers are a mix
    of 2003 and 2003 R2.

    The switch from 2000 functional level to 2003 functional level was
    fairly recent, and I had the 9002 error on one of my servers quite a
    while before this. All the other servers worked fine until recently.

    Does any of this sound familiar to anybody? Any insights would be
    greatly apreciated.

    Thanks,
    Chris


  4. #19
    cburgess002@gmail.com Guest

    Re: EventID 4521 warning after SP2 upgrade

    I think my 4521/9002 error for the "," zone may be caused by my
    DomainDnsZones partition being messed up. Since the only zone that
    should currently be stored in it is for the root hints ".", I decided
    to try to delete it with:

    dnscmd server /deletedirectorypartition DomainDnsZones.domain.com

    This failed from and to all servers :(

    The error I received was:

    Delete directory partition failed: DomainDnsZones.domain.com
    status = 9005 (0x0000232d)

    Command failed: RCODE_REFUSED 9005 (0000232d)

    So I tried to recreate it without deleteing it:

    dnscmd <server> /createbuiltindirectorypartitions /domain

    This also failed:

    Create built-in directory partitions failed
    status = 9902 (0x000026ae)

    Command failed: DNS_ERROR_DP_ALREADY_EXISTS 9902 (000026ae)

    As expected the partition shows up in the partition list:

    dnscmd /enumdirectorypartitions

    Enumerated directory partition list:

    Directory partition count = 5

    DomainDnsZones.domain.com Enlisted Auto Domain
    DomainDnsZones.sub1.domain.com Not-Enlisted
    DomainDnsZones.sub2.domain.com Not-Enlisted
    DomainDnsZones.sub3.domain.com Not-Enlisted
    ForestDnsZones.domain.com Enlisted Auto Forest

    So I tried out ntdsutil:

    C:>ntdsutil
    ntdsutil: domain management
    domain management: connection
    server connections: connect to server server1.domain.com
    Binding to server1.domain.com ...
    Connected to server1.domain.com using credentials of locally logged on
    user.
    server connections: quit
    domain management: list nc replicas dc=domaindnszones,dc=domain,dc=com
    The application directory partition
    dc=domaindnszones,dc=domain,dc=com's Replicas are:
    CN=NTDS Settings,CN=server1,CN=Servers,CN=Default-First-Site-
    Name,CN=Sites,CN=Configuration,DC=domain,DC=com *
    CN=NTDS Settings,CN=server2,CN=Servers,CN=Default-First-Site-
    Name,CN=Sites,CN=Configuration,DC=domain,DC=com *
    CN=NTDS Settings,CN=server3,CN=Servers,CN=Default-First-Site-
    Name,CN=Sites,CN=Configuration,DC=domain,DC=com *
    CN=NTDS Settings,CN=server4,CN=Servers,CN=Default-First-Site-
    Name,CN=Sites,CN=Configuration,DC=domain,DC=com *
    NOTE: Couldn't verify the instantiated/uninstantiated state of these
    replicas.
    domain management:

    I assume that ntds couldn't verify the state because it is denied
    access due to an issue with the directory partition (I don't get this
    note with my other domains or with the ForestDnsZones).

    I next tried adsiedit, but when I tried to connect to
    DC=DomainDnsZones,DC=domain,DC=COM an any of the servers I received
    the error:

    "A referral was returned from the server"

    Adsiedit lets me connect to the ForestDnsZones partition and the
    DomainDnsZones partitions on my subdomains, just not this one at the
    top of the structure.

    I don't know very much about how any of this works. Would it be safe
    to do a "DELETE NC" from ntdsutil? Would this even work (since dnscmd
    couldn't delete it). I think that the root hints are the only thing
    that should be in it, so I assume that it should be safe to try. All
    of the other DNS zones in the AD appear to be replicated either to
    "All domain controllers in the domain" or "all DNS servers in the
    forest". Are there any other tools out there that could help? As
    always and suggestions as to how I should proceed would be greatly
    appreciated.

    Thanks,
    Chris

    On May 19, 12:57 am, cburgess...@gmail.com wrote:
    > For me thednscmd/config . /bootmethodmakes the problem go away. If
    > I restart DNS, still no problem, but if I restart the server the
    > problem happens again. This only happens on domain controllers for my
    > domain at the top of my forest. All of my domain controllers in its
    > subdomains work fine. The other strange thing with the domain
    > controllers at the top of the forest is that I can't set any zone
    > replication to "All DNS servers" in the domain, however I can set the
    > replication to "All DNS servers" in the forest, or "All domain
    > controllers" in the domain. However with my subdomains setting to "All
    > DNS servers" in the domain works just fine. I don't know very much
    > about DNS on Win 2K3, could I have an issue with DomainDnsZones? My
    > ForestDnsZones has info for all my domain controllers, but my
    > DomainDnsZones only has info for one domain controller (there are four
    > domain controllers in its domain). Is this normal? My forest and all
    > domains are at 2003 functional level, and domain controllers are a mix
    > of 2003 and 2003 R2.
    >
    > The switch from 2000 functional level to 2003 functional level was
    > fairly recent, and I had the9002error on one of my servers quite a
    > while before this. All the other servers worked fine until recently.
    >
    > Does any of this sound familiar to anybody? Any insights would be
    > greatly apreciated.
    >
    > Thanks,
    > Chris




  5. #20
    cburgess002@gmail.com Guest

    Re: EventID 4521 warning after SP2 upgrade

    It works!!!

    I have a solution to my "." zone loading issue.

    I first verified that none of my DNS zones were being stored in the
    DomainDnsZones partition (other that "." trying to go there). I did
    this with "dnscmd /enumzones" for each server. I used the "ntdsutil"
    "list NC replicas" command to find out where the partition was
    replicating to. I then removed all the replicas of the DomainDnsZones
    partition from each of the servers that it was replicating to and
    waited for domain replication to get things in sync.

    I next ran "delete NC dc=domainsdnszone,dc=domain,dc=com" and got back
    the following message:

    The operation was successful. The partition has been marked for
    removal from the enterprise. It will be removed over time in the
    background.
    Note: Please do not create another partition with the same name until
    the servers which hold this partition have had an opportunity to
    remove it. This will occur when knowledge of the deletion of this
    partition has replicated throughout the forest, and the servers which
    held the partition have removed all the objects within that partition.
    Complete removal of the partition can be verified by consulting the
    Directory event log on each server.

    After waiting a bit, and verifying that the DomainDnsZones partition
    was gone from all the servers, I ran "dnscmd /
    CreateBuiltinDirectoryPartitions /Domain", and I had success. I could
    see the DomainDnsZones zone getting populated with information, and I
    could now view the DomainDnsZones partition with adsiedit.

    After this was replicated to all the servers, I ran "dnscmd /Config . /
    BootMethod 3", and now had a functioning DomainDnsZones stored "."
    root hint zone. I verified the entries with adsiedit, and all looks
    good.

    Hope this can help some others out there with this issue.

    - Chris

    On May 19, 2:03 pm, cburgess...@gmail.com wrote:
    > I think my 4521/9002error for the "," zone may be caused by my
    > DomainDnsZones partition being messed up. Since the only zone that
    > should currently be stored in it is for the root hints ".", I decided
    > to try to delete it with:
    >
    > dnscmdserver /deletedirectorypartition DomainDnsZones.domain.com
    >
    > This failed from and to all servers :(
    >
    > The error I received was:
    >
    > Delete directory partition failed: DomainDnsZones.domain.com
    > status = 9005 (0x0000232d)
    >
    > Command failed: RCODE_REFUSED 9005 (0000232d)
    >
    > So I tried to recreate it without deleteing it:
    >
    > dnscmd<server> /createbuiltindirectorypartitions /domain
    >
    > This also failed:
    >
    > Create built-in directory partitions failed
    > status = 9902 (0x000026ae)
    >
    > Command failed: DNS_ERROR_DP_ALREADY_EXISTS 9902 (000026ae)
    >
    > As expected the partition shows up in the partition list:
    >
    > dnscmd/enumdirectorypartitions
    >
    > Enumerated directory partition list:
    >
    > Directory partition count = 5
    >
    > DomainDnsZones.domain.com Enlisted Auto Domain
    > DomainDnsZones.sub1.domain.com Not-Enlisted
    > DomainDnsZones.sub2.domain.com Not-Enlisted
    > DomainDnsZones.sub3.domain.com Not-Enlisted
    > ForestDnsZones.domain.com Enlisted Auto Forest
    >
    > So I tried out ntdsutil:
    >
    > C:>ntdsutil
    > ntdsutil: domain management
    > domain management: connection
    > server connections: connect to server server1.domain.com
    > Binding to server1.domain.com ...
    > Connected to server1.domain.com using credentials of locally logged on
    > user.
    > server connections: quit
    > domain management: list nc replicas dc=domaindnszones,dc=domain,dc=com
    > The application directory partition
    > dc=domaindnszones,dc=domain,dc=com's Replicas are:
    > CN=NTDS Settings,CN=server1,CN=Servers,CN=Default-First-Site-
    > Name,CN=Sites,CN=Configuration,DC=domain,DC=com *
    > CN=NTDS Settings,CN=server2,CN=Servers,CN=Default-First-Site-
    > Name,CN=Sites,CN=Configuration,DC=domain,DC=com *
    > CN=NTDS Settings,CN=server3,CN=Servers,CN=Default-First-Site-
    > Name,CN=Sites,CN=Configuration,DC=domain,DC=com *
    > CN=NTDS Settings,CN=server4,CN=Servers,CN=Default-First-Site-
    > Name,CN=Sites,CN=Configuration,DC=domain,DC=com *
    > NOTE: Couldn't verify the instantiated/uninstantiated state of these
    > replicas.
    > domain management:
    >
    > I assume that ntds couldn't verify the state because it is denied
    > access due to an issue with the directory partition (I don't get this
    > note with my other domains or with the ForestDnsZones).
    >
    > I next tried adsiedit, but when I tried to connect to
    > DC=DomainDnsZones,DC=domain,DC=COM an any of the servers I received
    > the error:
    >
    > "A referral was returned from the server"
    >
    > Adsiedit lets me connect to the ForestDnsZones partition and the
    > DomainDnsZones partitions on my subdomains, just not this one at the
    > top of the structure.
    >
    > I don't know very much about how any of this works. Would it be safe
    > to do a "DELETE NC" from ntdsutil? Would this even work (sincednscmd
    > couldn't delete it). I think that the root hints are the only thing
    > that should be in it, so I assume that it should be safe to try. All
    > of the other DNS zones in the AD appear to be replicated either to
    > "All domain controllers in the domain" or "all DNS servers in the
    > forest". Are there any other tools out there that could help? As
    > always and suggestions as to how I should proceed would be greatly
    > appreciated.
    >
    > Thanks,
    > Chris
    >
    > On May 19, 12:57 am, cburgess...@gmail.com wrote:
    >
    >
    >
    > > For me thednscmd/config . /bootmethodmakes the problem go away. If
    > > I restart DNS, still no problem, but if I restart the server the
    > > problem happens again. This only happens on domain controllers for my
    > > domain at the top of my forest. All of my domain controllers in its
    > > subdomains work fine. The other strange thing with the domain
    > > controllers at the top of the forest is that I can't set any zone
    > > replication to "All DNS servers" in the domain, however I can set the
    > > replication to "All DNS servers" in the forest, or "All domain
    > > controllers" in the domain. However with my subdomains setting to "All
    > > DNS servers" in the domain works just fine. I don't know very much
    > > about DNS on Win 2K3, could I have an issue with DomainDnsZones? My
    > > ForestDnsZones has info for all my domain controllers, but my
    > > DomainDnsZones only has info for one domain controller (there are four
    > > domain controllers in its domain). Is this normal? My forest and all
    > > domains are at 2003 functional level, and domain controllers are a mix
    > > of 2003 and 2003 R2.

    >
    > > The switch from 2000 functional level to 2003 functional level was
    > > fairly recent, and I had the9002error on one of my servers quite a
    > > while before this. All the other servers worked fine until recently.

    >
    > > Does any of this sound familiar to anybody? Any insights would be
    > > greatly apreciated.

    >
    > > Thanks,
    > > Chris- Hide quoted text -

    >
    > - Show quoted text -




  6. #21
    rpremuz@yahoo.com Guest

    Re: EventID 4521 warning after SP2 upgrade

    Yes, your solution works, but it's rather complicated and you
    misspelled one of the commands:
    "delete NC dc=domainsdnszone,dc=domain,dc=com"
    should be:
    "delete NC dc=domaindnszones,dc=domain,dc=com"

    In my case I preferred the advice given by Mike Lou to reinstall
    dynamic DNS AD-integrated zones by following the procedure given at
    http://support.microsoft.com/kb/294328 as I had only a few static host
    records in my DNS servers.

    --rpr. /Robert Premuz/

    On May 19, 10:39 pm, cburgess...@gmail.com wrote:
    >
    > I have a solution to my "." zone loading issue.
    >
    > I first verified that none of my DNS zones were being stored in the
    > DomainDnsZones partition (other that "." trying to go there). I did
    > this with "dnscmd /enumzones" for each server. I used the "ntdsutil"
    > "list NC replicas" command to find out where the partition was
    > replicating to. I then removed all the replicas of the DomainDnsZones
    > partition from each of the servers that it was replicating to and
    > waited for domain replication to get things in sync.
    >
    > I next ran "delete NC dc=domainsdnszone,dc=domain,dc=com" and got back
    > the following message:
    >
    > The operation was successful. The partition has been marked for
    > removal from the enterprise. It will be removed over time in the
    > background.
    > Note: Please do not create another partition with the same name until
    > the servers which hold this partition have had an opportunity to
    > remove it. This will occur when knowledge of the deletion of this
    > partition has replicated throughout the forest, and the servers which
    > held the partition have removed all the objects within that partition.
    > Complete removal of the partition can be verified by consulting the
    > Directory event log on each server.
    >
    > After waiting a bit, and verifying that the DomainDnsZones partition
    > was gone from all the servers, I ran "dnscmd /
    > CreateBuiltinDirectoryPartitions /Domain", and I had success. I could
    > see the DomainDnsZones zone getting populated with information, and I
    > could now view the DomainDnsZones partition with adsiedit.
    >
    > After this was replicated to all the servers, I ran "dnscmd /Config . /
    > BootMethod 3", and now had a functioning DomainDnsZones stored "."
    > root hint zone. I verified the entries with adsiedit, and all looks
    > good.
    >
    > Hope this can help some others out there with this issue.
    >
    > - Chris



  7. #22
    Join Date
    Nov 2009
    Posts
    1

    Re: EventID 4521 warning after SP2 upgrade

    Hi,

    Apologies for dredging up an old thread but this was one of the top hits on Google for my problem.

    I noticed that running "dnscmd /zoneinfo ." on both of my DCs gave different output, the working one said it was loading from cache.dns and that was it. The non-working one had extra output down the bottom indicating it was trying to load from AD. running "dnscmd /config . /bootmethod" worked until dns/netlogon was restarted - its output would match the working DC's until the restart and then it would try and reload from AD again. This matches several peoples' symptoms in the thread.

    I solved the issue by the following method:

    1) go into DNS MMC snap-in
    2) right click server, properties
    3) click the Advanced tab
    4) change "Load zone data on startup" to be "from registry" (previously from registry and active directory).

    After this I can restart the DNS service and it does not come up with the eventlog error any more.

    Cheers,

    Geoff

Page 2 of 2 FirstFirst 12

Similar Threads

  1. EventId: 4356
    By Landon in forum Small Business Server
    Replies: 4
    Last Post: 23-09-2009, 08:54 PM
  2. EventID 566 unixUserPassword
    By Scott2580 in forum Active Directory
    Replies: 2
    Last Post: 28-04-2009, 11:55 PM
  3. DNS Warning ID 4521 and ID 9999
    By Andrea Caldarone in forum Windows Server Help
    Replies: 4
    Last Post: 19-08-2008, 04:08 PM
  4. DNS Event 4521 after SP2 on SBS 2003 Std
    By JoeF in forum Small Business Server
    Replies: 3
    Last Post: 09-05-2007, 12:36 PM
  5. Err 4004, 4015, and 4521
    By DaGenester in forum Windows Server Help
    Replies: 3
    Last Post: 13-12-2006, 09:29 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,635,084.18769 seconds with 17 queries