Starting test: KccEvent
A warning event occurred. EventID: 0x800004C0
Time Generated: 10/14/2013 00:12:48
EvtFormatMessage failed (second call), error 15029 The substitution
string for insert index (%1) could not be found..
(Event String (event log = Directory Service) could not be
retrieved, error 0x3ab5)
This can be a tricky one. I see there is a KCC error. The KCC is the service that partners up DCs for replication within a site and uses the ISTG to create partnerships between sites and maintains replication topology.
I assume the following:
- All DCs, member servers and workstations are only using the DCs for DNS, meaning no outside DNS servers or the router is being used as a DNS server on any machine.
- None of the DCs are multihomed (more than one unteamed NIC, IP address, RRAS or iSCSI connection is on it).
- An ipconfig /all does not show WINS proxy or IP Routing enabled.
- The Windows firewall is disabled (done in Control Panel, Windows Firewall)
- Any antivirus software’s sercurity features have been disabled. AV is a major cause of AD DC communications and functionality problems if not properly configured to exclude AD and DC functions, files and folders.
—
Here’s more info on it:
http://eventid.net/display.asp?eventid=4016&eventno=1632&source=DNS&phase=1
—
If you use ADSI Edit, can you see the zones in the database? You can use my blog below on how to connect to the partitions to view the DNS zones. While you’re at it, you can check to make sure no duplicate zones exist.
Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx
—
Another suggestion is you could try the following, and it will work fine if you have only a handful of
DCs, but if you have numerous DCs and in many sites, I do NOT recommend this due to the complexity of the process and all DCs involved.
— Turn the zone into a Primary zone.
— Stop the DNS service
— Delete your zone(s)
— Delete the data in the system32\dns folder
— Delete the system32\config\netlogon.dns and netlogon.bak files
— Uninstall DNS — Do not restart the machine
— Reinstall DNS — Do not restart the machine
— Re-create the zone
— Enable updates
— ipconfig /registerdns
— net stop netlogon
— net start netlogon
— Makes sure the SRV records now exist and see if that helps.
—
Here’s some info on troubleshooting KCCEvents by the Microsoft Ask DS team:
http://blogs.technet.com/b/askds/archive/2008/10/31/troubleshooting-kcc-event-log-errors.aspx
—
If you have numerous DCs, and the above suggestions do not work, maybe the best bet is to demote the DC in question, then repromote it.
—
Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP — Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
This post is provided AS-IS with no warranties or guarantees and confers no rights.
-
Marked as answer by
Monday, October 21, 2013 1:13 AM
Starting test: KccEvent
A warning event occurred. EventID: 0x800004C0
Time Generated: 10/14/2013 00:12:48
EvtFormatMessage failed (second call), error 15029 The substitution
string for insert index (%1) could not be found..
(Event String (event log = Directory Service) could not be
retrieved, error 0x3ab5)
This can be a tricky one. I see there is a KCC error. The KCC is the service that partners up DCs for replication within a site and uses the ISTG to create partnerships between sites and maintains replication topology.
I assume the following:
- All DCs, member servers and workstations are only using the DCs for DNS, meaning no outside DNS servers or the router is being used as a DNS server on any machine.
- None of the DCs are multihomed (more than one unteamed NIC, IP address, RRAS or iSCSI connection is on it).
- An ipconfig /all does not show WINS proxy or IP Routing enabled.
- The Windows firewall is disabled (done in Control Panel, Windows Firewall)
- Any antivirus software’s sercurity features have been disabled. AV is a major cause of AD DC communications and functionality problems if not properly configured to exclude AD and DC functions, files and folders.
—
Here’s more info on it:
http://eventid.net/display.asp?eventid=4016&eventno=1632&source=DNS&phase=1
—
If you use ADSI Edit, can you see the zones in the database? You can use my blog below on how to connect to the partitions to view the DNS zones. While you’re at it, you can check to make sure no duplicate zones exist.
Using ADSI Edit to Resolve Conflicting or Duplicate AD Integrated DNS zones
http://msmvps.com/blogs/acefekay/archive/2009/09/02/using-adsi-edit-to-resolve-conflicting-or-duplicate-ad-integrated-dns-zones.aspx
—
Another suggestion is you could try the following, and it will work fine if you have only a handful of
DCs, but if you have numerous DCs and in many sites, I do NOT recommend this due to the complexity of the process and all DCs involved.
— Turn the zone into a Primary zone.
— Stop the DNS service
— Delete your zone(s)
— Delete the data in the system32\dns folder
— Delete the system32\config\netlogon.dns and netlogon.bak files
— Uninstall DNS — Do not restart the machine
— Reinstall DNS — Do not restart the machine
— Re-create the zone
— Enable updates
— ipconfig /registerdns
— net stop netlogon
— net start netlogon
— Makes sure the SRV records now exist and see if that helps.
—
Here’s some info on troubleshooting KCCEvents by the Microsoft Ask DS team:
http://blogs.technet.com/b/askds/archive/2008/10/31/troubleshooting-kcc-event-log-errors.aspx
—
If you have numerous DCs, and the above suggestions do not work, maybe the best bet is to demote the DC in question, then repromote it.
—
Ace Fekay
MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP — Directory Services
Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/
This post is provided AS-IS with no warranties or guarantees and confers no rights.
-
Marked as answer by
Monday, October 21, 2013 1:13 AM
Hi There,
i have a similar issue for my 2008 r2
sbs server , google suggests running the DCDiag tool to look for errors
after running
dcdiag i get this error:
Starting test : system log
an warning event occurred.
event ID 0x80001795
time generated: 01/31/2014 10:27:24
evtformatmessage failed, error 15100 Win32 error 15100
<event string <eventlog = system > could not be retrieved, error 0x3afc)
the
dcdiag output has around 17 of these errors all with the «error 15100 Win32 Error 15100
could
some one please help/ explain/ help resolve?
the first hint of this is when a client phoned in saying that the internet was going very slow,
i checked their router link with speed test, all good, then checked the event log to find some
activite directory
dns issues , google search
on the event id 4016 has
lead me thus far.
any suggestions /help is
appriciated.
Todd
Hello ,
We have an big Performance Problem with our W2019 DNS Server with AD integrated Zones .
When the Server was restarted then maybe 1 or 2 Weeks there is no Eventlog Entry and the Performance from the DNS Server is ok.
But after 2 Weeks suddenly the Event Log from DNS Server fills up every Minute with the Event ID 4016 and 4004 .
If this happens and u are in the DNS Tool and maybe you choose the registercard Forwarder , the DNS stucks completely and u have to restart the whole Server .
We have 5800 Host Record Entrys in DNS .
Our DC with DNS is an virtuall W2019 DC under Vmware Vsphere 7.0.3 .
We check the Excludes in Virus Scan. We check with ADSI Edit double Zones .
We did an new installation of the DC .
We have an special configuration in DNS .
As forwarders we use Secure DNS Domain Names .
For work with the Secure DNS we use the Debug Logging in DNS .
We have only one Reverse lookup Zone in which all PTR Records reside .
Our W2019 DNS Server VM was configured with 8GB RAM 4 CPUs and an 50 GB Harddisk.
It seems like the DNS Server runs after an restart ok , but after a while something runs «full» and then we become this Performance Problems.
Maybe someone can help me .
Michael
MurCode
- Форумы
- Поиск
- О проекте
McLighter
Дата: 26.06.2006 12:54:58
Здравствуйте.
Появилась следующая ошибка — DNS код 4016
The DNS server timed out attempting an Active Directory service operation on —. Check Active Directory to see that it is functioning properly. The event data contains the error.
у нас 2 сервера 2003. Завис один.
Перед повисанием загрузка CPU доходит до 100%, что вобщем и вызывает зависание. Говорят это может быть из-за 1С. Может кто знает такую ошибку.
Green2
Дата: 26.06.2006 12:56:37
какой процесс грузит сервер?
— 
Posted via ActualForum NNTP Server 1.3
Biz©
Дата: 26.06.2006 12:57:32
физическая память насколько занята ?
похоже на массированный своп …
Green2
Дата: 26.06.2006 12:58:27
в документации написано, что это: Caching problems
—
Posted via ActualForum NNTP Server 1.3
Green2
Дата: 26.06.2006 12:59:54
Проблема именно в DNS
—
Posted via ActualForum NNTP Server 1.3
Biz©
Дата: 26.06.2006 13:02:41
любая проблема мобыть следствием другой проблемы …
McLighter
Дата: 26.06.2006 13:34:35
Грузит похоже DNS. Паралельно выпадает ошибка KDC с кодом 7. Загрузку памяти не посмотреть т.к все повисает, после перезагрузки системы все нормально.
Когда сервер повисает его можно успешно пинговать, но все остальные сетевые службы не работают(терминалы, удаленное подключение дисков и т.д.)
aleks2
Дата: 26.06.2006 15:51:04
диск на ошибки проверяли?