Windows 2003 Small Business Server (SBS) has wizards for configuring all sorts of settings during the initial server setup. Unfortunately changing those settings without the wizard later can be a hassle. This is the story of an SBS server which was originally setup as a gateway router with two network interfaces (WAN/LAN) only later to be re-configured to connect to the internet using just the LAN interface and a 3rd party router/firewall. After the change, the WAN interface was disabled and the DNS event log started filling up with Event ID’s 4004, 4015 and 4521 every three minutes.
After some analysis it turns out that the problem was with the DNS server configuration of the machine. Since the server was originally configured as a gateway with two interfaces (one with an internet IP and the other with a local one) the DNS configuration still had and a reverse look-up zone for the internet IP’s address space. The event errors indicated that this zone could not be loaded or enumerated properly (likely because the WAN interface no longer exists with that internet IP address).
So why not just delete the zone, since it no longer has any useful purpose and just generates errors that fill up the log? Because…you can’t!
Aha, so my MCSE training tells me the zone must be Active Directory Integrated. To delete it, I’ll need to go to the zone properties, un-check AD Integration and then I should be able to delete the zone and have all my problems go away, right?
Sort of…but not really. Even though I can delete the zone now, stopping and restarting the DNS server service makes it magically re-appear along with all the errors in the event log. Dang!
At least now I know that this problem zone must be stored in the registry or in active directory. So how do you start the DNS server without loading zone files from Active Directory? Meet the little command line utility that can, its called “dnscmd”.
With dnscmd you can specify where the DNS server should lookup its config information at startup. The exact syntax is as follows:
dnscmd /config /bootmethod [0|1|2|3]
Determines the source from which the DNS server gets its configuration information.
- 0 – No source.
- 1 – Loads from the BIND file.
- 2 – Loads from the registry.
- 3 – Loads from Active Directory and the registry (default).
Great! So now I’ll just tell the DNS server to start without loading any stored zone information from Active Directory and I’ll be home free. NOTE: Be sure to get the syntax right though, typing the command without capitalization gets you a cryptic error message (yea MS is aware of it).
Now I simply restart the DNS server and voila! No more problematic reverse looking zone or errors clogging up my event log! Awesome.
I just restart the DNS server a few more times to make sure and…yep, problem solved.
Comments
4 responses to “Fixing stubborn DNS errors on SBS 2003”
Thanks for the posting…resolved an issue with one of my clients.
Thank you very much, I tried to fix that problem for hours but I didn’t get it working until I found your helpful advice!!
Thank you for your VERY helpfull posting…like Tom, I tried to fix the issue for hours. It’s working now. Cheers
[…] Fixing stubborn DNS errors on SBS 2003 | David Vielmetter – 3 comments found Comments for: Fixing stubborn DNS errors on SBS 2003… […]