-
08 июля 2020
Остановите службу KDC на контроллере домена, в котором возникла ошибка.
Выполните следующую команду с повышенными правами:
c:/> netdom resetpwd /server:servername /userd:domaindomain_admin /password: *
Запросит пароль учетной записи администратора домена, можно использовать, введите.
После выполнения команды перезагрузите сервер.
Теперь следует загрузить DNS-зонах.
Если это является единственным контроллером домена в среде и нет других DNS-серверов выполните те же шаги но replate «PDC. Domain.com» с IP-адресом сервера (поскольку он сам по себе является основной контроллер домена)
- Remove From My Forums
-
Question
-
Hello All.
I am running Windows Server 2008 R2 for my small business. Today when my employees logged in through their clients, 10 comps with Windows 7 Pro SP1, they were unable to access the shared drive. They do have internet access but under Network and Sharing
it shows they are connected through a «Public network» instead of the usual Domain network. I logged into the server and saw that I am now getting DNS Error codes 4000 and 4007. I read a few MS tech articles and followed the recommendations
of restarting the server, restarting the tasks, etc but still expirencing the same errors and same issues.Anyone in here that can help out a beginner?
Thanks in advance for all your help-
David
Answers
-
Hello,
please remove the Default gateway as DNS from the client machines NIC:
Windows IP Configuration
Host Name . . . . . . . . . . . . : Downey-2
Primary Dns Suffix . . . . . . . : mcoc.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mcoc.localEthernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetXtreme Gigabit Ethernet
Physical Address. . . . . . . . . : D0-27-88-79-BC-0E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8154:31a2:bcb9:ebd%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.220(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, May 19, 2015 10:22:37 AM
Lease Expires . . . . . . . . . . : Wednesday, May 20, 2015 10:22:37 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 198190984
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-97-E8-57-D0-27-88-79-BC-0EDNS Servers . . . . . . . . . . . : 192.168.1.10
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : EnabledIn a domain ONLY the domain internal DNS servers have to be used to prevent problems you see.
After removing the wrong DNS server run ipconfig /flushdns and ipconfig /registerdns and reboot the Windows 7 machine.
If that was configured to get internet access you have to configure the FORWARDERS in the DNS management console instead to your ISPs DNS server for example.
On the server use also the real ip address as preferred DNS and the loopback 127.0.01 as secondary. If you don’t work with IPv6 you can uncheck on the NIC settings the option to the ::1 as DNS server.
Best regards
Meinolf Weber
MVP, MCP, MCTS
Microsoft MVP — Directory Services
My Blog: http://blogs.msmvps.com/MWeber
Disclaimer: This posting is provided AS IS with no warranties or guarantees and confers no rights.
Twitter:
-
Edited by
Wednesday, May 20, 2015 10:21 AM
-
Proposed as answer by
Frank Shen5
Wednesday, May 27, 2015 8:55 AM -
Marked as answer by
Frank Shen5
Thursday, May 28, 2015 8:46 AM
-
Edited by
- Remove From My Forums
-
Question
-
A user had issue with PC which gave message about losing trust relationship. Did not know issue was with server. Removed PC from domain , added to workgroup then tried to re add to domain. Thats when i realized something was wrong. Went to server and
noticed all the errors in DNS and AD. No one can join domain. For drive mappings i can do manually with IP address and share e.g. //10.2.5.20/share. . Went through a lot of blogs.Windows 2012 Server . Single server environment with Server also acting as DNS server
dns ID — 4000
ad ID — 1202
Ensure server pointing to itself for DNS.
Tried to do Netdom resetpwd however i get » An internal error has occured». The command failed to complete successfully. Using the domain admisistrator for user.
nltest /sc_reset:corp.server.com — I_NetLogonControl failed: Status = 1355 0x54b ERROR_NO_SUCH_DOMAIN
Answers
-
Hi Wgiwir,
>>The dynamic registration of the DNS record ‘_ldap._tcp.pdc._msdcs.corp.<domain>.com. 600 IN SRV 0 100 389 SVHAUS.corp.<domain>.com.’
failed on the following DNS server:DNS server IP address: 161.58.134.130
Returned Response Code (RCODE): 5
Returned Status Code: 9017The message means SRV record registration failed.
On domain controller, what is IP address of the preferred DNS server?
Please try to restart
Netlogon service and turn off firewall.Please perform the operation as article mentioned to troubleshoot Active Directory:
Troubleshooting Active Directory—Related DNS Problems
https://msdn.microsoft.com/en-us/library/bb727055.aspx
Best Regards
John
Please remember to mark the replies as answers if they help and
unmark them if they provide no help.
If you have feedback for TechNet Subscriber Support, contact
tnmff@microsoft.com.-
Edited by
Friday, September 9, 2016 8:28 AM
-
Proposed as answer by
John Lii
Monday, September 19, 2016 8:22 AM -
Marked as answer by
Leo Han
Thursday, September 22, 2016 1:31 AM
-
Edited by
В некоторых случаях, например при переводе контроллера из одного домена в другой, возможно возникновение ошибок DNS 4007:
DNS-сервер не может открыть зону zonename.domain.local в Active Directory из раздела каталога приложений DomainDnsZones.domain.local. Этот DNS-сервер настроен для получения и использования данных из каталога для указанной зоны и без них не может загрузить зону. Проверьте, нормально ли работает Active Directory, и перезагрузите зону. В данных события содержится код ошибки.
В реестре контроллера домена содержится информация о данной зоне, но самой зоны уже не существует. Вылечить это довольно просто – достаточно удалить все упоминания о зоне zonename.domain.local в следующей ветке реестра контроллера домена:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionDNS ServerZones
Запись опубликована в рубрике IT с метками dns, windows. Добавьте в закладки постоянную ссылку.
Recently we had “Patch Monday” – unusual since we usually patch on Fridays (in case something goes wrong we have weekend ahead), but this one time was good opportunity since there was some infrastructure work and we had planed downtime and we took the opportunity to patch.
Unfortunately something went very wrong. First after rebooting one of the Exchange servers I got following error:
Exchange ECP / The LDAP Server is unavailable
“Topology Provider couldn’t find the Microsoft Exchange Active Directory”
In logs event id 2142 MSExchangeADTopology was logged with error “Topology discovery failed”
At first I thought it was a bad patch, but soon after that still unpatched Exchange
reported errors.
Errors obviously point to AD. I looked at domain controller since it also was updated. Immediately after logging onto DC I was greeted with unpleasant surprise.
After opening DNS console “Access Denied” message appeared.
DNS was unreachable.
On DC following events were logged:
Microsoft-Windows-DNS-Server-Service Event ID 4000
The description for Event ID ( 4000 ) in Source ( Microsoft-Windows-DNS-Server-Service ) cannot be found. Either the component that raises this event is not installed on your local computer, or the installation is corrupted. You can install or repair the component on the local computer, or contact the component manufacturer for a newer version.
If the event was saved from another computer or forwarded from a remote computer, you might have to include display information with the events when saving them or when setting up the forwarding s
Microsoft-Windows-DNS-Server-Service Event ID 4007
The description for Event ID ( 4007 ) in Source ( Microsoft-Windows-DNS-Server-Service ) cannot be found. Either the component that raises this event is not installed on your local computer, or the installation is corrupted. You can install or repair the component on the local computer, or contact the component manufacturer for a newer version.
If the event was saved from another computer or forwarded from a remote computer, you might have to include display information with the events when saving them or when setting up the forwarding
According to Microsoft / https://support.microsoft.com/en-us/help/2751452/dns-zones-do-not-load–event-4000–4007 this happens in two cases:
This happens when that particular DC/DNS server has lost its Secure channel with itself or PDC.
This can also happen in a single DC environment where that DC/DNS server holds all the FSMO roles and is pointing to itself as Primary DNS server.
I’m still not sure why this happened in my case, but here are steps that resolved this problem for me
Stop KDC (Kerberos Key Distribution Center) Service in Service Console on DC that doesn’t work.
Run command prompt with elevated priviledges (as Administrator) and enter following command
netdom resetpwd /server:DC.domain.local /userd:Domaindomain_admin /passwordd:*
(change dc.domain.local with fqdn of your DC, and DOMAINdomain_admin with your domain and admin account)
You will be prompted for the password. Enter domain admin password that you use for that account.
Once command is executed restart the server.
DNS zones after that worked for me and Exchange Servers were fine.
Disclaimer