Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The DNS server was unable to load a resource record (RR) from the directory at <data> in zone <zone name>. Use the DNS console to recreate this RR or check that the Active Directory is functioning properly and reload the zone. The event data contains the error.
|English: This information is only available to subscribers. An example of English, please!|
|Concepts to understand:|
What is the role of a DNS server?
What types of resource records are recorded in DNS?
What are the DNS zone files and resource records?
T735667 provides instructions on how to use DNS Manager to add or recreate the missing resource record.
From a support forum:
I posted this on TechNet and received this suggestion:
* * *
It seems you have not connect to correct partition in ADSIedit.You need to check the correct zone.
It seems that the record is in DomainDNSzone if it is not in mentioned zon check others as well.
For DomainDNSZone refer below.
ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type >DC=DomainDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS->Domain.local
For ForestDNSZone refer below. ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type >DC=ForestDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS->Domain.local
Locate <offending-guid-from-dns-event>._msdcs and delete the same.Restart the netlogon and dns service >and check.
If the <offending-guid-from-dns-event>._msdcs is not present in above check below as well. ADSI Edit->Domain, DC=domain, DC=local ->System--> CN= MicrosoftDNS->Domain.local
* * *
I found GUID entries in both forest and domain DNS zones. So I stopped the netlogon service, deleted the two GUID entries from ADSI and also deleted the %WinDir%\system32\config\netlogon.dnb and netlogon.dns.
I then ran ipconfig /flushdns and /registerdns. Then started netlogon and restarted the DNS server service. Upon restart I was no longer receiving the 4010 error.
Using ADSI edit I connected to DC=ForestDNSZones, DC=mydomain, DC=local the navigated to CN=MicrosoftDNS then DC=mydomain.local. I then deleted the dnsNode entry referred to in the 4010 log entry, restarted the DNS Server and Netlogon.
If you have grey item _msdcs in zone mydomain.local delete it and restart the DNS Server.
- Data: "89345471-33aa-5f82-9c54-a70ea3cd43c2._msdcs.domain.com" - From a newsgroup post: "There are a couple of possibilities to why this event may appear. First did you manually create the _MSDCS folder? This can occur if a new _msdcs.domain.com zone is manually created on the DNS server, which in turn converts the original _msdcs folder within the domain.com zone into a delegated folder. Run ADSI Edit and delete this “Domain->System->MicrosoftDNS->domain.com-><offending-guid-from-dns-event>._msdcs". On the other hand, you could have a bad delegation to a child domain. Temporarily remove the delegations and test this".
From a newsgroup post: "If the DC and the clients are pointing only at the internal DNS server and the problem continues try this. Stop the netlogon service. Go to Winnt\system32\config and delete the netlogon.dns and netlogon.dnb files. From a command prompt type "ipconfig /flushdns" and press enter. Then run "ipconfig /registerdns" and press enter. Lastly, start netlogon again. Check to see if the 4010 error message comes back. If so, delete the DNS forward lookup zone. Create a new forward lookup zone by the same name. Ensure it is setup to allow dynamic updates. Run the two IPconfig commands from above and restart netlogon".
You might not have permission to access this file. See MSW2KDB for additional information on this event.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
|Custom search for *****: Google - Bing - Microsoft - Yahoo|
Send comments or solutions
- Notify me when updated