Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 4515 Source: DNS

Source
Level
Description
The zone <domain.com> was previously loaded from the directory partition DomainDnsZones.<domain.com> but another copy of the zone has been found in directory partition ForestDnsZones.<domain.com>. The DNS Server will ignore this new copy of the zone. Please resolve this conflict as soon as possible.

If an administrator has moved this zone from one directory partition to another this may be a harmless transient condition. In this case, no action is necessary. The deletion of the original copy of the zone should soon replicate to this server.

If there are two copies of this zone in two different directory partitions but this is not a transient caused by a zone move operation then one of these copies should be deleted as soon as possible to resolve this conflict.

To change the replication scope of an application directory partition containing DNS zones and for more details on storing DNS zones in the application directory partitions, please see Help and Support.
Data:
0000: <data bytes>
Comments
 
See the link to "How can I keep from getting event ID 4515 errors in my DNS server event log?" for information on fixing this problem.
As per Microsoft: "This behavior occurs when the contoso.com zone exists in more than one location in Active Directory. For example, this can be a side effect of actions such as trying to move the zone from one directory partition to another". See ME867464 and MSW2KDB for information on this event.
- Data: 0000: 00002589 = 9609 decimal - DNS zone already exists. (net helpmsg 9609).
From a newsgroup post:
1. Stop DNS Server service on all servers except one.
2. On that one, turn off AD integration for all forward or reverse zones for which EventID 4515 appears (we had several).
3. Restart the DNS Server service on the one server.
4. Check the DNS log - all occurrences of EventID 4515 should be gone. If not make sure AD Integration is off and restart the service again until it starts without any 4515 warnings.
5. Enable AD integration. Remember to set the replication scope (Win2003 and higher) and turn on secure updates.
6. If there are other zones on other DNS servers that are not replicated to the server you chose in step 1, stop the DNS Server service on the machine you've been working on, then repeat steps 1 through 5 for zones on a DNS server that hosts the remaining, conflicting zones.
5. Force AD replication to all DCs running DNS.
6. Start DNS Server service on the other DNS servers. Once the replication is complete, the 4515 warnings will be gone.
In a Windows Server 2003 domain, changing the replication scope using the DNS snap-in can cause this error. It may only happen once, but if it repeats, the old copy might not have been deleted. When this happens, use ADSI Edit from the Windows Support Tools to delete the duplicate. To get to the necessary partition, such as DomainDNSZones, you must tell ADSI to use a custom connection point of DC=DomainDNSZones, DC=domain, DC=com. You cannot see this partition using any of the default well-known naming contexts.


See ME322669 and the link to Designing and Deploying Directory and Security Services for more details.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...