Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.
Data: 0000: f5 25 00 00
|English: This information is only available to subscribers. An example of English, please!|
|Concepts to understand:|
What is the role of a DNS server?
In my case, after a reboot of a Windows 2008 R2 server, KDC service did not start. Started KDC and DNS came back on line.
Apparently, this problem was fixed in Windows 2000 Service Pack 1 (see the link below) but we have received reports about this error even on systems with Service Pack 2. See ME258072 for more details.
Each instance of this problem should be approached based on the error code in the Data portion of the event. The fix for one will not apply to the other so pay attention to that. Example of codes:
Data: 3a 00 00 00 = The specified server cannot perform the requested operation.
Data: 54 05 00 00 = A specified authentication package is unknown.
Data: 2a 23 00 00 = DNS server failure.
Data: 2d 23 00 00 = DNS operation refused. Some support forums suggest that this may happen if DNS attempts to start before AD itself finished initializing.
Data: f5 25 00 00 = The directory service is unavailable.
The behavior will occur if the DNS server IP address is incorrect. See "JSI Tip 8507" to solve the problem. WITP81885
Data: 0000: f5 25 00 00 - This is a permissions issues. See ME305837.
ME316685 describes a situation when certain settings for the Windows event log creates this problem.
According to ME884499, this can happen on servers with two or more network adapters. Only the first IP address can be used for DNS.
In my case, this error message came up after a crash on a single W2K AD Server. You could not log into the system with any AD account. The fix was to reboot in safe mode (AD restore) and restore AD.
The odd thing is that the next time the system crashed (a month later), the same symptoms returned. Any restore I ran that was dated after the first crash would not fix the problem. I had to use a tape that was created before the first crash that created this problem, which, then fixed the problem.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated