Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 4010 Source: DNS

The DNS server was unable to load a resource record (RR) from the directory at <data> in zone <zone name>. Use the DNS console to recreate this RR or check that the Active Directory is functioning properly and reload the zone. The event data contains the error.
T735667 provides instructions on how to use DNS Manager to add or recreate the missing resource record.
From a support forum:
I posted this on TechNet and received this suggestion:

* * *
It seems you have not connect to correct partition in ADSIedit.You need to check the correct zone.
It seems that the record is in DomainDNSzone if it is not in mentioned zon check others as well.
For DomainDNSZone refer below.
ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type >DC=DomainDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS->Domain.local
For ForestDNSZone refer below. ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type >DC=ForestDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS->Domain.local
Locate <offending-guid-from-dns-event>._msdcs and delete the same.Restart the netlogon and dns service >and check.
If the <offending-guid-from-dns-event>._msdcs is not present in above check below as well. ADSI Edit->Domain, DC=domain, DC=local ->System--> CN= MicrosoftDNS->Domain.local
* * *

I found GUID entries in both forest and domain DNS zones. So I stopped the netlogon service, deleted the two GUID entries from ADSI and also deleted the %WinDir%\system32\config\netlogon.dnb and netlogon.dns.
I then ran ipconfig /flushdns and /registerdns. Then started netlogon and restarted the DNS server service. Upon restart I was no longer receiving the 4010 error.
Using ADSI edit I connected to DC=ForestDNSZones, DC=mydomain, DC=local the navigated to CN=MicrosoftDNS then DC=mydomain.local. I then deleted the dnsNode entry referred to in the 4010 log entry, restarted the DNS Server and Netlogon.
If you have grey item _msdcs in zone mydomain.local delete it and restart the DNS Server.
- Data: "" - From a newsgroup post: "There are a couple of possibilities to why this event may appear. First did you manually create the _MSDCS folder? This can occur if a new zone is manually created on the DNS server, which in turn converts the original _msdcs folder within the zone into a delegated folder. Run ADSI Edit and delete this “Domain->System->MicrosoftDNS->><offending-guid-from-dns-event>._msdcs". On the other hand, you could have a bad delegation to a child domain. Temporarily remove the delegations and test this".

From a newsgroup post: "If the DC and the clients are pointing only at the internal DNS server and the problem continues try this. Stop the netlogon service. Go to Winnt\system32\config and delete the netlogon.dns and netlogon.dnb files. From a command prompt type "ipconfig /flushdns" and press enter. Then run "ipconfig /registerdns" and press enter. Lastly, start netlogon again. Check to see if the 4010 error message comes back. If so, delete the DNS forward lookup zone. Create a new forward lookup zone by the same name. Ensure it is setup to allow dynamic updates. Run the two IPconfig commands from above and restart netlogon".

You might not have permission to access this file. See MSW2KDB for additional information on this event.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.