- Remove From My Forums
-
Question
-
After recreating msdcs.domain.local zone on domain controllers I’m getting error 4010 in the DNS event log.
The DNS server was unable to create a resource record for 62ebf5b9-1450-4eef-aeaf-f4eb0a16457c._msdcs.domain.local. in zone domain.local. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event
data contains the error.The DNS server was unable to create a resource record for 1c9ddd24-8672-4052-a22a-22f853d81269._msdcs.domain.local. in zone domain.local. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event
data contains the error.I tried locating this resource records, but no luck.
What is the proper way to fix this error
Thanks!
Answers
-
This event may appear if a new _msdcs.domain.com zone is manually created
on the DNS server, which in turn converts the original _msdcs folder within the domain.com zone into a delegated folder.Regards,
Sandesh Dubey.
——————————-
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
My Blog: http://sandeshdubey.wordpress.com
This posting is provided AS IS with no warranties, and confers no rights.-
Proposed as answer by
Friday, December 30, 2011 4:27 AM
-
Marked as answer by
Elytis Cheng
Monday, January 2, 2012 5:17 AM
-
Proposed as answer by
-
It seems you have not connect to correct partition in ADSIedit.You need to check the correct zone.
It seems that the record is in DomainDNSzone if it is not in mentioned zon check others as well.
For DomainDNSZone refer below.
ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type DC=DomainDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS->Domain.local
For ForestDNSZone refer below.
ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type DC=ForestDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS->Domain.localLocate <offending-guid-from-dns-event>._msdcs and delete the same.Restart the
netlogon and dns service and check.If the <offending-guid-from-dns-event>._msdcs is not present in above check below as well.
ADSI Edit->Domain, DC=domain, DC=local ->System—> CN= MicrosoftDNS->Domain.localHope this helps
Regards,
Sandesh Dubey.
——————————-
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
My Blog: http://sandeshdubey.wordpress.com
This posting is provided AS IS with no warranties, and confers no rights.-
Edited by
Sandesh Dubey
Friday, December 30, 2011 3:55 AM -
Marked as answer by
Elytis Cheng
Monday, January 2, 2012 5:18 AM
-
Edited by
-
This event may appear if a new _msdcs.domain.com zone is manually created
on the DNS server, which in turn converts the original _msdcs folder within the domain.com zone into a delegated folder.Regards,
Sandesh Dubey.
——————————-
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator
My Blog: http://sandeshdubey.wordpress.com
This posting is provided AS IS with no warranties, and confers no rights.I already checked both of them, but when I open ADSI edit there is nothing like “Domain->System->MicrosoftDNS->domain.com-><offending-guid-from-dns-event>._msdcs». Unless I’m doing something wrong.
Hi,
Please try to perform the following steps to test:
ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type DC=ForestDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS
Hope this helps!
Best Regards
Elytis Cheng
Please remember to click “Mark as Answer” on the post that
Elytis Cheng
TechNet Community Support
-
Marked as answer by
Elytis Cheng
Monday, January 2, 2012 5:18 AM
-
Marked as answer by
Перейти к контенту
- Remove From My Forums
-
Вопрос
-
после перезапуска службы DNS на любом DNS сервере появляются такие сообщения:
DNS-серверу не удалось создать запись ресурса для «d1a05989-2ecd-4539-bfb1-7f551d289e55._msdcs.domain.local.» в зоне domain.local. Определение Active Directory для этой записи ресурса повреждено или содержит недопустимое DNS-имя. Данные о событии содержат
сведения об ошибке.таких 7 сообщений с различными guid (7 КД в сети). зона _msdcs.domain.local основная, интегрированная в AD, реплицируется на все DNS серверы леса domain.local
-
Изменено
8 декабря 2011 г. 4:06
-
Изменено
Ответы
-
в ntdsutil не значатся… перерыл всё в adsi нашел только в DC=DomainDnsZones,DC=domain,DC=local/MicrosoftDNS/domain.local 2 записи про несуществующие КД. удалил. количество ошибок 4010 сократилось до 5
Возможно надо тут продолжить: когда на одном из ваших DC вы удаляете зону, то в этой ветке запись пропадает? Если нет, то удалите ручками, а потом заново создайте зону и проверьте, что запись появилась.
Сазонов Илья http://www.itcommunity.ru/blogs/sie-wl/
-
Помечено в качестве ответа
Peter Koreshkov
15 декабря 2011 г. 7:51
-
Помечено в качестве ответа
- Remove From My Forums
-
Question
-
I have this error logging on all of our DNS servers, the record is a domain controller record. I have read suggestions to delete the record, I ahve never deleted a DC in AD so I am bit nervous to do so. Does anybody have explicit directions for correcting
this?The DNS server was unable to create a resource record for 95d10a4b-c617-49b1-adc3-2739d2956e59._msdcs.domain.local. in zone domain.local. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event
data contains the error.For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
Answers
-
At earlier I thought that the partion might be corrupted however as this point of time I would recommend Stop the netlogon service. Go to Windowssystem32config and rename the netlogon.dns and netlogon.dnb files to netlogon.dns_old and netlogon.dnb-old .
From a command prompt type «ipconfig /flushdns» then run «ipconfig /registerdns» and then start netlogon again and check the event log if the error reoccurs.If still the issue persist take the backup of DNS as suggested earlier,delete foward lookup zone and recreate new forward lookup zone.I think this should fix the issue.
Hope this helps
Best Regards,
Sandesh Dubey.
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator |
My BlogDisclaimer: This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.
-
Proposed as answer by
Monday, October 15, 2012 8:31 AM
-
Marked as answer by
Yan Li_
Friday, October 19, 2012 1:47 AM
-
Proposed as answer by
Hello all,
I am needing some advice about an issue I am running into on our DNS Server.
The error: «The DNS server was unable to create a resource record for 153.0.0.10.in-addr.arpa. in zone 0.10.in-addr.arpa. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.»
That’s the error I am encountering. Now to describe our infrastructure:
Windows Server 2008 R2(10.0.0.10) Main AD/DC with DNS, DHCP, Web Server, and File Server. We also have a virtualized DC with DNS and File server for redundancy on Windows Server 2008 R2 (10.0.0.134).
Now how I got to this point of this error. I was having a problem with one of my users computer accessing the domain while they were remote and found someone with a similar issue with Windows 10. Well the site recommended I create a second reverse lookup zone at 0.0.10.in-addr.arpa I made that then that still didnt correct the problem. Later come to find out we just had to do a fresh install of 10 opposed to an upgrade. So then I decided to delete the entry in the reverse look up zone and is how I have gotten here.
I found this walkthrough (https://www.experts-exchange.com/questions/24635968/Error-event-id-4010-on-the-domain-controller.htm… Opens a new window) and this sounds like it will work but not being specialized in DNS I don’t want to pull the trigger before talking with someone who has had more experience. Would there have to be anything that I would also have to do on my second DC as well to correct my issue? Thank you for the help!
Also on a side note would issues with DNS not allow access to the internet through a virtual? (Just a curious thought)
-Richard
check
Best Answer
I don’t know of a particular known issue that would cause the problem you’re having. It sounds like a misconfiguration. What is the netmask for the IP’s you’re using? Is it 255.255.255.0?
You’re going to need a zone that matches the network/subnet you’re using. So if your subnet is 10.0.0.X with netmask 255.255.255.0, you should have a reverse DNS lookup zone (0.0.10.in-addr.arpa) for that subnet.
I think that this is the key (bolded):
The DNS server was unable to create a resource record for 153.0.0.10.in-addr.arpa. in zone 0.10.in-addr.arpa.
Your zone is set to 10.0.X.X (netmask 255.255.0.0). Maybe this is intentional — you plan on having more than 255 computers in your zone? Is your DHCP or static IPs on your devices set to use the correct subnet (255.255.0.0) that matches this reverse DNS entry?
Was this post helpful?
thumb_up
thumb_down
View Best Answer in replies below
Read these next…
Internet Speed — How Fast is Fast Enough?
Spiceworks
I was looking at the Speedtest Global index and seeing those average speeds for the biggest cities in the world seemed kind of slow… and of course rural areas would be much worse.It would be interesting to compare the community’s overall speeds. How fa…
Where are they in Windows 11?
Windows
Quick and I hope easy question, I have figured out ways to do this in W11 but just wondering if there is an easier way.Where are the following in «Windows 11″1. Map Network Drive2. Add PC to a Domain3. This PC (Option)Thank you.
Tape library
Data Storage, Backup & Recovery
HI I am trying to learn my self how to connect a Dell R720 server with a LTO 7 tape library. Can someone advise and guide me with the best practice? because to begin with I have these questions.1. Can I connect the tape Libary directly to the server? if …
Raspberry Pi uses? As a desktop?
Hardware
I saw this post:https://twitter.com/mysterybiscuit5/status/1663271923063685121I like the form factor. Got me thinking — are any of the Raspberry Pi offerings a viable replacement for a windows 10 PC? For general work — surfing, document writing? spreadsh…
Spark! Pro series – 2nd June 2023
Spiceworks Originals
Today in History marks the Passing of Lou Gehrig who died of
ALS or Lou Gehrig’s Disease. I have a
friend suffering from this affliction, so this hits close to home. If you get the opportunity, or are feeling
g…
Hi,
I get in the Dns Server event log an error message «source dns» «category none» «event id 4010» «The DNS server was unable to create a resource record for 65.10.2.10.in-addr.arpa. in zone 2.10.in-addr.arpa. The active Directory deficition of the resource record is corrupt or contains and invalid DNS name. The event data contins the error.» DATA= 000: 7b 00 00 00
This happens about 50 times in the same second and then the server writes an event id 3000 saying it will stop write event 4010 because it occurs too many time a second. It then blank for a couple of days before restarting to rights the error in the event log.
This is the same on both my DC controllers.
Any idea?
DNS
Good afternoon all,
I am at wits end here trying to figure out why my DC in my test environment continues to give a DNS error EventID 4010 every time the box is rebooted or the DNS Server service is restarted.
I have read over a bunch of TechNet posts and other posts on the web regarding recreating the _msdcs zone and such but I am still getting an error:
The DNS server was unable to create a resource record for GUID._msdcs.domain.local. in zone domain.local. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.
I can not figure out how to prevent this from occurring and how to resolve this. Does anyone have any ideas or some insight they can shed on this issue?
Thank you.
EDIT SOLVED: I had also posted this on TechNet and received a link to this post: http://social.technet.microsoft.com/Forums/en-US/winserverDS/thread/9240ae89-5e19-4c8b-a4cc-a2963bd5c8dd
Specifically the post stated:
It seems you have not connect to correct partition in ADSIedit.You need to check the correct zone.
It seems that the record is in DomainDNSzone if it is not in mentioned zon check others as well.
For DomainDNSZone refer below.
ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type >DC=DomainDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS->Domain.local
For ForestDNSZone refer below. ADSI Edit-> Connect to -> choose Select or type a Distinguished Name or Naming Context -> type >DC=ForestDNSZones, DC=domain, DC=local -> click OK -> CN= MicrosoftDNS->Domain.local
Locate <offending-guid-from-dns-event>._msdcs and delete the same.Restart the netlogon and dns service >and check.
If the <offending-guid-from-dns-event>._msdcs is not present in above check below as well. ADSI Edit->Domain, DC=domain, DC=local ->System—> CN= MicrosoftDNS->Domain.local
I found GUID entries in both forest and domain DNS zones. So I stopped the netlogon service, deleted the two GUID entries from ADSI and also deleted the %WinDir%system32confignetlogon.dnb and netlogon.dns.
I then ran ipconfig /flushdns and /registerdns. Then started netlogon and restarted the DNS server service. Upon restart I was no longer receiving the 4010 error.
Hope this helps someone in the future.
- Remove From My Forums
-
Question
-
I have this error logging on all of our DNS servers, the record is a domain controller record. I have read suggestions to delete the record, I ahve never deleted a DC in AD so I am bit nervous to do so. Does anybody have explicit directions for correcting
this?The DNS server was unable to create a resource record for 95d10a4b-c617-49b1-adc3-2739d2956e59._msdcs.domain.local. in zone domain.local. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event
data contains the error.For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
Data:
Answers
-
At earlier I thought that the partion might be corrupted however as this point of time I would recommend Stop the netlogon service. Go to Windows\system32\config and rename the netlogon.dns and netlogon.dnb files to netlogon.dns_old and netlogon.dnb-old .
From a command prompt type «ipconfig /flushdns» then run «ipconfig /registerdns» and then start netlogon again and check the event log if the error reoccurs.If still the issue persist take the backup of DNS as suggested earlier,delete foward lookup zone and recreate new forward lookup zone.I think this should fix the issue.
Hope this helps
Best Regards,
Sandesh Dubey.
MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator |
My BlogDisclaimer: This posting is provided «AS IS» with no warranties or guarantees , and confers no rights.
-
Proposed as answer by
Monday, October 15, 2012 8:31 AM
-
Marked as answer by
Yan Li_
Friday, October 19, 2012 1:47 AM
-
Proposed as answer by
Hello all,
I am needing some advice about an issue I am running into on our DNS Server.
The error: «The DNS server was unable to create a resource record for 153.0.0.10.in-addr.arpa. in zone 0.10.in-addr.arpa. The Active Directory definition of this resource record is corrupt or contains an invalid DNS name. The event data contains the error.»
That’s the error I am encountering. Now to describe our infrastructure:
Windows Server 2008 R2(10.0.0.10) Main AD/DC with DNS, DHCP, Web Server, and File Server. We also have a virtualized DC with DNS and File server for redundancy on Windows Server 2008 R2 (10.0.0.134).
Now how I got to this point of this error. I was having a problem with one of my users computer accessing the domain while they were remote and found someone with a similar issue with Windows 10. Well the site recommended I create a second reverse lookup zone at 0.0.10.in-addr.arpa I made that then that still didnt correct the problem. Later come to find out we just had to do a fresh install of 10 opposed to an upgrade. So then I decided to delete the entry in the reverse look up zone and is how I have gotten here.
I found this walkthrough (https://www.experts-exchange.com/questions/24635968/Error-event-id-4010-on-the-domain-controller.htm… Opens a new window) and this sounds like it will work but not being specialized in DNS I don’t want to pull the trigger before talking with someone who has had more experience. Would there have to be anything that I would also have to do on my second DC as well to correct my issue? Thank you for the help!
Also on a side note would issues with DNS not allow access to the internet through a virtual? (Just a curious thought)
-Richard
check
Best Answer
I don’t know of a particular known issue that would cause the problem you’re having. It sounds like a misconfiguration. What is the netmask for the IP’s you’re using? Is it 255.255.255.0?
You’re going to need a zone that matches the network/subnet you’re using. So if your subnet is 10.0.0.X with netmask 255.255.255.0, you should have a reverse DNS lookup zone (0.0.10.in-addr.arpa) for that subnet.
I think that this is the key (bolded):
The DNS server was unable to create a resource record for 153.0.0.10.in-addr.arpa. in zone 0.10.in-addr.arpa.
Your zone is set to 10.0.X.X (netmask 255.255.0.0). Maybe this is intentional — you plan on having more than 255 computers in your zone? Is your DHCP or static IPs on your devices set to use the correct subnet (255.255.0.0) that matches this reverse DNS entry?
Was this post helpful?
thumb_up
thumb_down
View Best Answer in replies below
Read these next…
Beginner to RDP needs some basic pointers
Windows
HI, I am not new to IT at all, but have never set up an RDP server before today. I need to allow a user to connect in to a desktop session.What I have managed so far is install Remote Desktop Services on a Windows 2022 server, including a client access l…
Your thoughts on Surface Pro devices?
Hardware
Personally, I hate them. They’re terrible, little confined pieces of cr*p that overheat so easily, a nightmare to image unless you buy a dock for it. The only people i’ve seen who actually praise them are managers and directors since it makes them look be…
Snap! — Space Submarines, Brain Waves, Chernobyl Wind Farm, Real-Life Asteroids
Spiceworks Originals
Your daily dose of tech news, in brief.
Welcome to the Snap!
Flashback: September 21, 1996: Programming Error May Have Contributed to Plane Crash (Read more HERE.)
Bonus Flashback: September 21, 2003: Galileo Completes Jupiter Mission (Re…
Large amount of spam recently getting around filters. How to stop these?
Security
Got a HUGE uptick in spam emails recently, and they are actually getting through. The spam is coming from gibberish@gibberish.onmicrosoft.com and coming from IPs 40.107.X.X which after a quick search is Microsoft IPs…I am not able to just filter the do…
Old invoicing / tracking software
Software
Hi wonderful people. I hope someone may be able to assist with a rather perplexing issue.We started working with a company a few years ago providing their IT support.They use a very old (20 years plus) software package which they had built from scratch. …
