Содержание
- Зоны DNS не загружаются и регистрируются события с идентификаторами 4000 и 4007.
- Симптомы
- Причина
- Решение
- DNS zones don’t load and event ID 4000 and 4007 are logged
- Symptoms
- Cause
- Resolution
- Отвалился DNS — Сервер. EventID 4000
Зоны DNS не загружаются и регистрируются события с идентификаторами 4000 и 4007.
В этой статье устранена проблема, из-за которую регистрируются идентификаторы событий 4000 и 4007, когда зоны DNS не загружаются в консоль DNS.
Применяется к: Windows Server 2012 R2
Исходный номер базы знаний: 2751452
Симптомы
На одном из DNS-серверов в вашей среде начинается проблема, из-за которой зоны не загружаются в консоль DNS. А идентификаторы событий 4000 и 4007 регистрируются в журналах событий DNS:
Код события 4000:
Код события 4007:
Кроме того, при попытке открыть консоль DNS вы получаете всплывающее окно с сообщением об отказе в доступе.
Обратите внимание, что служба DNS-сервера запущена.
При попытке выполнить любую операцию в зонах, интегрированных с AD, с помощью DNSCMD вы получаете сообщение об ошибке «Отказано в доступе «.
Причина
Эта проблема возникает, когда определенный dc/DNS-сервер теряет свой безопасный канал с собой или PDC.
Эта проблема также может возникать в одной среде контроллера домена, где этот DNS-сервер содержит все роли FSMO и указывает на себя в качестве основного DNS-сервера.
Решение
Если в среде есть другой контроллер домена или DNS-сервер, настройте сервер, на котором возникла проблема, чтобы он указывал на другой активный DNS-сервер в свойствах TCP/IP.
Остановите службу KDC на контроллере домена, в которой возникла проблема.
Выполните следующую команду с повышенными правами:
Он запросит пароль учетной записи домена Администратор, которую вы использовали, введя его.
После выполнения команды перезагрузите сервер.
Источник
DNS zones don’t load and event ID 4000 and 4007 are logged
This article solves an issue that event IDs 4000 and 4007 are logged when the DNS zones aren’t loaded on the DNS console.
Applies to: В Windows Server 2012 R2
Original KB number: В 2751452
Symptoms
One of the DNS servers in your environment starts showing an issue that the zones aren’t loaded on the DNS console. And Event IDs 4000 and 4007 are logged in the DNS event logs:
Also when you try to open the DNS console you get a pop-up giving Access Denied.
You notice that the DNS Server service is up and running.
When you try to perform any operation on the AD-integrated zones using DNSCMD, you receive the Access Denied error message.
Cause
This issue happens when that particular DC/DNS server has lost its Secure channel with itself or PDC.
This issue can also happen in a single DC environment where that DC/DNS server holds all the FSMO roles and is pointing to itself as Primary DNS server.
Resolution
In case you have other Domain Controller/DNS server present in the environment, then configure the server experiencing the issue to point to other active DNS server in TCP/IP properties.
Stop the KDC service on the DC experiencing the issue.
Run the following command with elevated rights:
It will prompt for the password of the Domain Admin account that you used, enter that.
Once the command executes, reboot the server.
Источник
Отвалился DNS — Сервер. EventID 4000
Все новые темы
| Автор | ||||
|---|---|---|---|---|
| dreft Новичок Зарегистрирован: 27.08.2020 |
|
|||
| Вернуться к началу |
|
|||
 |
||||
| Зарегистрируйтесь и реклама исчезнет!
|
||||
|
||||
| ipmanyak Windows guru  Windows guru » title=» Windows guru » border=»0″/>
Зарегистрирован: 28.03.2007
|
|
|||
| Вернуться к началу |
|
|||
|
||||
| dreft Новичок Зарегистрирован: 27.08.2020 |
|
|||
| Вернуться к началу |
|
|||
|
||||
| ipmanyak Windows guru Windows guru » title=» Windows guru » border=»0″/>
Зарегистрирован: 28.03.2007
|
|
|||
| Вернуться к началу |
|
|||
|
||||
| dreft Новичок Зарегистрирован: 27.08.2020 |
|
|||
| Вернуться к началу |
|
|||
|
||||
| ipmanyak Windows guru Windows guru » title=» Windows guru » border=»0″/>
Зарегистрирован: 28.03.2007
|
|
|||
| Вернуться к началу |
|
|||
|
||||
| dreft Новичок Зарегистрирован: 27.08.2020 |
|
|||
| Вернуться к началу |
|
|||
|
||||
| ipmanyak Windows guru Windows guru » title=» Windows guru » border=»0″/>
Зарегистрирован: 28.03.2007
|
|
|||
| Вернуться к началу |
|
|||
|
||||
| dreft Новичок Зарегистрирован: 27.08.2020 |
|
|||
| Вернуться к началу |
|
|||
|
||||
| ipmanyak Windows guru Windows guru » title=» Windows guru » border=»0″/>
Зарегистрирован: 28.03.2007 Источник Adblock |
- Remove From My Forums
-
Question
-
A user had issue with PC which gave message about losing trust relationship. Did not know issue was with server. Removed PC from domain , added to workgroup then tried to re add to domain. Thats when i realized something was wrong. Went to server and
noticed all the errors in DNS and AD. No one can join domain. For drive mappings i can do manually with IP address and share e.g. //10.2.5.20/share. . Went through a lot of blogs.Windows 2012 Server . Single server environment with Server also acting as DNS server
dns ID — 4000
ad ID — 1202
Ensure server pointing to itself for DNS.
Tried to do Netdom resetpwd however i get » An internal error has occured». The command failed to complete successfully. Using the domain admisistrator for user.
nltest /sc_reset:corp.server.com — I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
Answers
-
Hi Wgiwir,
>>The dynamic registration of the DNS record ‘_ldap._tcp.pdc._msdcs.corp.<domain>.com. 600 IN SRV 0 100 389 SVHAUS.corp.<domain>.com.’
failed on the following DNS server:DNS server IP address: 161.58.134.130
Returned Response Code (RCODE): 5
Returned Status Code: 9017The message means SRV record registration failed.
On domain controller, what is IP address of the preferred DNS server?
Please try to restart
Netlogon service and turn off firewall.Please perform the operation as article mentioned to troubleshoot Active Directory:
Troubleshooting Active Directory—Related DNS Problems
https://msdn.microsoft.com/en-us/library/bb727055.aspx
Best Regards
John
Please remember to mark the replies as answers if they help and
unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact
tnmff@microsoft.com.-
Edited by
Friday, September 9, 2016 8:28 AM
-
Proposed as answer by
John Lii
Monday, September 19, 2016 8:22 AM -
Marked as answer by
Leo Han
Thursday, September 22, 2016 1:31 AM
-
Edited by
- Remove From My Forums
-
Question
-
A user had issue with PC which gave message about losing trust relationship. Did not know issue was with server. Removed PC from domain , added to workgroup then tried to re add to domain. Thats when i realized something was wrong. Went to server and
noticed all the errors in DNS and AD. No one can join domain. For drive mappings i can do manually with IP address and share e.g. //10.2.5.20/share. . Went through a lot of blogs.Windows 2012 Server . Single server environment with Server also acting as DNS server
dns ID — 4000
ad ID — 1202
Ensure server pointing to itself for DNS.
Tried to do Netdom resetpwd however i get » An internal error has occured». The command failed to complete successfully. Using the domain admisistrator for user.
nltest /sc_reset:corp.server.com — I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
Answers
-
Hi Wgiwir,
>>The dynamic registration of the DNS record ‘_ldap._tcp.pdc._msdcs.corp.<domain>.com. 600 IN SRV 0 100 389 SVHAUS.corp.<domain>.com.’
failed on the following DNS server:DNS server IP address: 161.58.134.130
Returned Response Code (RCODE): 5
Returned Status Code: 9017The message means SRV record registration failed.
On domain controller, what is IP address of the preferred DNS server?
Please try to restart
Netlogon service and turn off firewall.Please perform the operation as article mentioned to troubleshoot Active Directory:
Troubleshooting Active Directory—Related DNS Problems
https://msdn.microsoft.com/en-us/library/bb727055.aspx
Best Regards
John
Please remember to mark the replies as answers if they help and
unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact
tnmff@microsoft.com.-
Edited by
Friday, September 9, 2016 8:28 AM
-
Proposed as answer by
John Lii
Monday, September 19, 2016 8:22 AM -
Marked as answer by
Leo Han
Thursday, September 22, 2016 1:31 AM
-
Edited by
- Remove From My Forums
-
Question
-
Hi,
I’m having problems with the DNS server that lauches a 4000 error, on a 2008 r2 server.
After reading about the problem, one of the steps is to report the dcdiag output. But here there are problems to… so the output is:
Directory Server Diagnosis Performing initial setup: Trying to find home server... Home Server = kaos * Identified AD Forest. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-NameKAOS Starting test: Connectivity The host 18c0aea1-dec5-445e-b4df-0d593f8994ee._msdcs.EPBJCPORTO.LAN could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc. Got error while checking LDAP and RPC connectivity. Please check your firewall settings. ......................... KAOS failed test Connectivity Doing primary tests Testing server: Default-First-Site-NameKAOS Skipping all tests, because server KAOS is not responding to directory service requests. Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : EPBJCPORTO Starting test: CheckSDRefDom ......................... EPBJCPORTO passed test CheckSDRefDom Starting test: CrossRefValidation ......................... EPBJCPORTO passed test CrossRefValidation Running enterprise tests on : EPBJCPORTO.LAN Starting test: LocatorCheck ......................... EPBJCPORTO.LAN passed test LocatorCheck Starting test: Intersite ......................... EPBJCPORTO.LAN passed test Intersitethe network config is this (ipconfig /all output)
Windows IP Configuration Host Name . . . . . . . . . . . . : kaos Primary Dns Suffix . . . . . . . : EPBJCPORTO.LAN Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : EPBJCPORTO.LAN Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 PM Network Connection Physical Address. . . . . . . . . : 00-15-17-50-07-1A DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.1.1(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.254 DNS Servers . . . . . . . . . . . : 192.168.1.1 Primary WINS Server . . . . . . . : 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-15-17-50-07-1B DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{BBA6ABAF-7E07-4241-975E-F9FD5655F86D}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{7A57B408-0A28-4129-A7E9-90AD1AD3ECEE}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:84b:7d52:a83b:ac5(Preferred) Link-local IPv6 Address . . . . . : fe80::84b:7d52:a83b:ac5%15(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabledthe 192.168.1.254 gateway is proxy under linux (endia)
thanks in advance
Carlos
PS:sorry my bad english
Answers
-
Solved!
the step were:
analyzing the hosts file i’ve detected this entry:
127.0.0.1 localhost127.0.0.1 localhosti haven’t edit this file, so i don’t understand how became like this !?!?!
then edit the hosts file putting this entries (because of the dcdiag error reported):
127.0.0.1 localhost
192.168.1.1 18c0aea1-dec5-445e-b4df-0d593f8994ee._msdcs.EPBJCPORTO.LANthen activate IPV6 protocol in the NIC et voila, access to DNS role permitted.
Thanks all for your support!
-
Marked as answer by
Monday, April 11, 2011 8:24 AM
-
Marked as answer by
- Remove From My Forums
-
Question
-
Hi,
I’m having problems with the DNS server that lauches a 4000 error, on a 2008 r2 server.
After reading about the problem, one of the steps is to report the dcdiag output. But here there are problems to… so the output is:
Directory Server Diagnosis Performing initial setup: Trying to find home server... Home Server = kaos * Identified AD Forest. Done gathering initial info. Doing initial required tests Testing server: Default-First-Site-NameKAOS Starting test: Connectivity The host 18c0aea1-dec5-445e-b4df-0d593f8994ee._msdcs.EPBJCPORTO.LAN could not be resolved to an IP address. Check the DNS server, DHCP, server name, etc. Got error while checking LDAP and RPC connectivity. Please check your firewall settings. ......................... KAOS failed test Connectivity Doing primary tests Testing server: Default-First-Site-NameKAOS Skipping all tests, because server KAOS is not responding to directory service requests. Running partition tests on : ForestDnsZones Starting test: CheckSDRefDom ......................... ForestDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... ForestDnsZones passed test CrossRefValidation Running partition tests on : DomainDnsZones Starting test: CheckSDRefDom ......................... DomainDnsZones passed test CheckSDRefDom Starting test: CrossRefValidation ......................... DomainDnsZones passed test CrossRefValidation Running partition tests on : Schema Starting test: CheckSDRefDom ......................... Schema passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Schema passed test CrossRefValidation Running partition tests on : Configuration Starting test: CheckSDRefDom ......................... Configuration passed test CheckSDRefDom Starting test: CrossRefValidation ......................... Configuration passed test CrossRefValidation Running partition tests on : EPBJCPORTO Starting test: CheckSDRefDom ......................... EPBJCPORTO passed test CheckSDRefDom Starting test: CrossRefValidation ......................... EPBJCPORTO passed test CrossRefValidation Running enterprise tests on : EPBJCPORTO.LAN Starting test: LocatorCheck ......................... EPBJCPORTO.LAN passed test LocatorCheck Starting test: Intersite ......................... EPBJCPORTO.LAN passed test Intersitethe network config is this (ipconfig /all output)
Windows IP Configuration Host Name . . . . . . . . . . . . : kaos Primary Dns Suffix . . . . . . . : EPBJCPORTO.LAN Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : EPBJCPORTO.LAN Ethernet adapter Local Area Connection 2: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 PM Network Connection Physical Address. . . . . . . . . : 00-15-17-50-07-1A DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv4 Address. . . . . . . . . . . : 192.168.1.1(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.1.254 DNS Servers . . . . . . . . . . . : 192.168.1.1 Primary WINS Server . . . . . . . : 192.168.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connection Physical Address. . . . . . . . . : 00-15-17-50-07-1B DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{BBA6ABAF-7E07-4241-975E-F9FD5655F86D}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{7A57B408-0A28-4129-A7E9-90AD1AD3ECEE}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:84b:7d52:a83b:ac5(Preferred) Link-local IPv6 Address . . . . . : fe80::84b:7d52:a83b:ac5%15(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabledthe 192.168.1.254 gateway is proxy under linux (endia)
thanks in advance
Carlos
PS:sorry my bad english
Answers
-
Solved!
the step were:
analyzing the hosts file i’ve detected this entry:
127.0.0.1 localhost127.0.0.1 localhosti haven’t edit this file, so i don’t understand how became like this !?!?!
then edit the hosts file putting this entries (because of the dcdiag error reported):
127.0.0.1 localhost
192.168.1.1 18c0aea1-dec5-445e-b4df-0d593f8994ee._msdcs.EPBJCPORTO.LANthen activate IPV6 protocol in the NIC et voila, access to DNS role permitted.
Thanks all for your support!
-
Marked as answer by
Monday, April 11, 2011 8:24 AM
-
Marked as answer by