Zone Not Loaded by DNS Server

Discussion:

(too old to reply)

twospoons

2005-08-02 16:51:35 UTC

Hello All

I'm new at this and just need pointed in the right direction. I'v
got a few reverse lookup zones that aren't loading. I'm getting th
typical

"Zone Not Loaded by DNS Serve
The DNS server encountered a problem while attempting to load the zon
The zone data may not be available in Active Directory, or the zon
data is corrupt
Correct the problem then either press F5, or on the action menu, clic
Refresh
For more information about troubleshooting DNS zone problems, se
Help.

I browsed through the properties of each zone in the reverse looku
and found no obvious discrepencies between the zones that are workin
correctly and the zones with this error. Next I examined the DN
event log to see if any errors were reporting there. The most recen
errors show problems with the same three zones

Event Type: Erro
Event Source: DN
Event Category: Non
Event ID: 400
Date: 7/19/200
Time: 12:36:06 A
User: N/
Computer: computernam
Description
The DNS server was unable to open zone x.x.x.in-addr.arpa in th
Active Directory. This DNS server is configured to obtain and us
information from the directory for this zone and is unable to loa
the zone without it. Check that the Active Directory is functionin
properly and reload the zone. The event data is the error code

Any help is greatly appreciated. Thanks

Kevin D. Goodknecht Sr. [MVP]

2005-08-02 17:21:29 UTC

Permalink

Hello All,
I'm new at this and just need pointed in the right direction. I've
got a few reverse lookup zones that aren't loading. I'm getting the
"Zone Not Loaded by DNS Server
The DNS server encountered a problem while attempting to load the zone
The zone data may not be available in Active Directory, or the zone
data is corrupt.

Make sure the DC points to itself for DNS and that ICS (Internet Connection
Sharing) is not enabled on the server with DNS.

--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

twospoons

2005-08-03 16:51:39 UTC

Permalink

Post by Kevin D. Goodknecht Sr. [MVP]
Make sure the DC points to itself for DNS and that ICS (Interne

Connection

Post by Kevin D. Goodknecht Sr. [MVP]
Sharing) is not enabled on the server with DNS
--
Best regards
Kevin D4 Dad Goodknecht Sr. [MVP
Hope This Help

I have checked this and do not think it is the problem. I hav
multiple DC's running and all are running DNS. The same three zon
in the reverse lookup are having the same errors on all DC'
regardless of the DNS pointing to itself or one of the other DC's.
ICS is not enabled

If the zone is corrupted in DNS what would I check to verify this?
What are the ramifications for just deleting the zone and recreatin
it

Ace Fekay [MVP]

2005-08-03 19:45:23 UTC

Permalink

I have checked this and do not think it is the problem. I have
multiple DC's running and all are running DNS. The same three zone
in the reverse lookup are having the same errors on all DC's
regardless of the DNS pointing to itself or one of the other DC's.
ICS is not enabled.
If the zone is corrupted in DNS what would I check to verify this?
What are the ramifications for just deleting the zone and recreating
it?

Can you provide us some info so we can verify your configuration for you?

1. Unedited ipconfig /all
2. The exact zone name spellng in DNS and whether updates are allowed on the
zone.
3. The AD DNS domain name as it shows up in ADUC.
4. If the SRV records exist under your zone.

Thanks
--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================

twospoons

2005-08-04 16:51:32 UTC

Permalink

1. Unedited ipconfig /al

Primary Dns Suffix ad.okstate.ed
Node Type Hybri
IP Routing Enabled N
WINS Proxy Enabled N
DNS Suffix Search List ad.okstate.ed

Connection-specific DNS Suffix
Description Broadcom NetXtreme Gigabit Ethernet #
Physical Address 00-0D-56-B9-46-4
DHCP Enabled N
IP Address 139.78.102.22
Subnet Mask 255.255.252.
Default Gateway 139.78.100.25
DNS Servers 139.78.102.22
139.78.102.22
Primary WINS Server 139.78.100.7
Secondary WINS Server 139.78.200.20

[b:c39e2ced26]2. The exact zone name spellng in DNS and whethe
updates are allowed on the zone.[/b:c39e2ced26

One of the zones that is not working is listed as "139.78.103.
Subnet", but that's the subnet I'm using and I am able to perfor
nslookup of other systems in this subnet both forward and reverse.
Dynamic updates are set to "Secure only"

[b:c39e2ced26]3. The AD DNS domain name as it shows up i
ADUC.[/b:c39e2ced26

ad.okstate.ed

[b:c39e2ced26]4. If the SRV records exist under you
zone.[/b:c39e2ced26

How do I check this

Kevin D. Goodknecht Sr. [MVP]

2005-08-04 18:58:23 UTC

Permalink

Post by Ace Fekay [MVP]
1. Unedited ipconfig /all
Primary Dns Suffix ad.okstate.edu
Node Type Hybrid
IP Routing Enabled No
WINS Proxy Enabled No
DNS Suffix Search List ad.okstate.edu
Connection-specific DNS Suffix
Description Broadcom NetXtreme Gigabit Ethernet #2
Physical Address 00-0D-56-B9-46-4F
DHCP Enabled No
IP Address 139.78.102.225
Subnet Mask 255.255.252.0
Default Gateway 139.78.100.254
DNS Servers 139.78.102.224
139.78.102.225
Primary WINS Server 139.78.100.77
Secondary WINS Server 139.78.200.200
[b:c39e2ced26]2. The exact zone name spellng in DNS and whether
updates are allowed on the zone.[/b:c39e2ced26]
One of the zones that is not working is listed as "139.78.103.x
Subnet", but that's the subnet I'm using and I am able to perform
nslookup of other systems in this subnet both forward and reverse.
Dynamic updates are set to "Secure only".

Are you sure? According to this ipconfig /all this machine is in the
139.78.102.x subnet.

Post by Ace Fekay [MVP]
[b:c39e2ced26]3. The AD DNS domain name as it shows up in
ADUC.[/b:c39e2ced26]
ad.okstate.edu
[b:c39e2ced26]4. If the SRV records exist under your
zone.[/b:c39e2ced26]
How do I check this?

The SRV records are in the _msdcs.ad.okstate.edu.
Directly in that zone you should have <verylongGUID>._msdcs.ad.okstate.edu
Cname records for every DC in the forest. Verify these and post back.
Replication will not proprly work without these records.
Incedentally, Win2k used to have the _msdcs folder under the DNSForestname,
Win2k3 changed that behavior and made the _msdcs sub folder a delegation
which would contain only the NS records of the DNS server that have the full
_msdcs.ad.okstate.edu forward lookup zone.
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================

Ace Fekay [MVP]

2005-08-05 03:39:55 UTC

Permalink

Post by Ace Fekay [MVP]
One of the zones that is not working is listed as "139.78.103.x
Subnet", but that's the subnet I'm using and I am able to perform
nslookup of other systems in this subnet both forward and reverse.
Dynamic updates are set to "Secure only".

How many reverse zones do you have created?

Your machine's subnetmask is in a /22 subnet (255.255.252.0), so it would
encompass more than just 139.72.102 or 103. It includes all of 100, 101, 102
and 103.

With the /22 subnet mask, your subnet range is:

139.72.100.0 to 139.78.103.255

If you want all the machines in this subnet to reg into a reverse zone, I
would suggest to set the reverse zone as 139.78.x.x to insure everything
gets registered.

If the 103 zone is the problem zone, it may not be attributed to what I
mentioned, but it would be easier for you to use that one reverse zone. If
the zone is the problem, and the current data is disposable (they will
re-reg anyway), you can delete the reverse zones and just create the one
above.

Ace

twospoons

2005-08-05 16:51:25 UTC

Permalink

Thank you for the help. I will pass the information along and pos
back with the results

There are several reverse zones listed... 139.78.100.x, 139.78.101.x
139.78.102.x, up to 139.78.103.x. There are also some interna
private IPs listed and a couple of other 139.78x.x zones for remot
sites. I'm not the one that set this up, just trying to figure ou
how to fix it for the Exchange Admin

Is there any precautions I should take before deleting these zones an
creating the new one? Or should I create the new zone first and the
delete the others

Ace Fekay [MVP]

2005-08-06 01:42:24 UTC

Permalink

Thank you for the help. I will pass the information along and post
back with the results.
There are several reverse zones listed... 139.78.100.x, 139.78.101.x,
139.78.102.x, up to 139.78.103.x. There are also some internal
private IPs listed and a couple of other 139.78x.x zones for remote
sites. I'm not the one that set this up, just trying to figure out
how to fix it for the Exchange Admin.
Is there any precautions I should take before deleting these zones and
creating the new one? Or should I create the new zone first and then
delete the others?

I see. There are already multiple reverse zones. Well, if the others are
working, we'll just leave them alone and work on the one that isn't. For
starters, change the one that is not working as AD Integrated and make it a
Primary Zone. Then let the change replicate, then change it back to AD
Integrated to see if it works.

Ace

twospoons

2005-08-05 16:51:25 UTC

Permalink

Are you sure? According to this ipconfig /all this machine is in th
139.78.102.x subnet

Yes I'm sure
The SRV records are in the _msdcs.ad.okstate.edu. Directly in tha
zone you should have <verylongGUID>._msdcs.ad.okstate.edu Cnam
records for every DC in the forest. Verify these and post back
Replication will not proprly work without these records
Incedentally, Win2k used to have the _msdcs folder under th
DNSForestname, Win2k3 changed that behavior and made the _msdcs su
folder a delegation which would contain only the NS records of th
DNS server that have the full _msdcs.ad.okstate.edu forward looku
zone

I don't see any SRV records inside the _msdcs folder o
ad.okstate.edu. there is another domain root.ads that has the CNAM
alias for all the servers in both domains

Kevin D. Goodknecht Sr. [MVP]

2005-08-05 18:08:21 UTC

Permalink

Post by Kevin D. Goodknecht Sr. [MVP]
Are you sure? According to this ipconfig /all this machine is in the
139.78.102.x subnet.
Yes I'm sure.
The SRV records are in the _msdcs.ad.okstate.edu. Directly in that
zone you should have <verylongGUID>._msdcs.ad.okstate.edu Cname
records for every DC in the forest. Verify these and post back.
Replication will not proprly work without these records.
Incedentally, Win2k used to have the _msdcs folder under the
DNSForestname, Win2k3 changed that behavior and made the _msdcs sub
folder a delegation which would contain only the NS records of the
DNS server that have the full _msdcs.ad.okstate.edu forward lookup
zone.
I don't see any SRV records inside the _msdcs folder of
ad.okstate.edu. there is another domain root.ads that has the CNAME
alias for all the servers in both domains.

Is this domain a domain in another forest?

Would that be root.ads?

Does this DC have a zone for _msdcs.root.ads?

I'm in Wichita Falls, do I need to come to Stillwater? :-)
--
Best regards,
Kevin D4 Dad Goodknecht Sr. [MVP]
Hope This Helps
===================================
When responding to posts, please "Reply to Group"
via your newsreader so that others may learn and
benefit from your issue, to respond directly to
me remove the nospam. from my email address.
===================================
http://www.lonestaramerica.com/
===================================
Use Outlook Express?... Get OE_Quotefix:
It will strip signature out and more
http://home.in.tum.de/~jain/software/oe-quotefix/
===================================
Keep a back up of your OE settings and folders
with OEBackup:
http://www.oehelp.com/OEBackup/Default.aspx
===================================