El servidor DNS ha actualizado sus propios registros de host (A). Para asegurarse de que sus servidores DNS integrados en DS pueden replicarse con este servidor, se intentó actualizarlos con los nuevos registros mediante una actualización dinámica. Hubo un error durante una actualización; los datos del registro son el código de error.
Si este servidor DNS no tiene ningún homólogo integrado DS, este error debe
ignorarse.
Si los asociados de replicación de Active Directory de este servidor DNS no tienen las direcciones IP correctas para este servidor, no podrán replicarse con él.
Para asegurar una replicación correcta:
1) Busque los asociados de replicación de Active Directory de este servidor que ejecuten el servidor DNS.
2) Abra el Administrador DNS y conecte con cada uno de los asociados de replicación.
3) En cada servidor, compruebe el registro de host (registro A) para ESTE servidor.
4) Elimine cualquier registro A que NO corresponda con direcciones IP de este servidor.
5) Si no hay ningún registro A para este servidor, agregue al menos un registro A que corresponda a una dirección de este servidor y con el que pueda ponerse en contacto el asociado de replicación. (Es decir, si hay varias direcciones IP para este servidor DNS, agregue al menos una de la misma red que el servidor DNS de Active Directory que esté actualizando.)
6) Tenga en cuenta que no es necesario actualizar TODOS los asociados de replicación. Sólo es necesario reparar los registros en suficientes asociados de replicación como para que todos los servidores que se repliquen con éste reciban (mediante replicación) los nuevos datos.
Para obtener más información, vea el Centro de ayuda y soporte técnico en http://go.microsoft.com/fwlink/events.asp.
CAUSAS
Este problema se produce cuando se cumplen las condiciones siguientes:
- El nombre de dominio es un nombre de etiqueta única. Esto significa que el nombre de dominio no tiene un sufijo, como «local».
- La zona del nombre de dominio está integrada con Active Directory.
- La zona del nombre de dominio está alojada en dos o más controladores de dominio o servidores DNS.
RESOLUTION
The following locations are the three default directory partition locations in Active Directory that DNS can be stored in on a Windows Server 2003
Domain Controller (DC). These are:
- To all DNS servers in the Active Directory Forest contoso.com. [ForestDNSZones]
- To all DNS servers in the Active Directory domain contoso.com. [DomainDNSZones]
- To all domain controllers in the Active Directory domain contoso.com.
To determine which zone should be deleted, you should take into consideration the information below, where you would like to have the DNS zone replicated to in your environment, and which zone currently has the majority of the records. Typically, all of the DNS zones for contoso.com should be set to utilize the same Active Directory partition for all Microsoft DNS servers in the environment.
Option 1 [ForestDNSZones] and Option 2 [DomainDNSZones] listed above are only understood by Windows Server 2003 domain controllers. Option 3 is understood by Windows 2000 and Windows Server 2003 domain controllers. If you have any Windows 2000 DCs that need to host this zone, you must choose Option 3.
If possible, it is recommended to use either Option 1 or 2. Here are some benefits of storing DNS zones in default DNS application partitions:
- Relocating DNS zones from the Active Directory integrated domain partitions to application partitions removes DNS records from non-DNS Servers in the domain and Global Catalog domain controllers in the forest. DNS zones and their records are only present on the domain controllers running the Microsoft DNS Server service in the domain for zones placed in domain-wide partitions or DNS Servers in the forest for forest-wide DNS application partitions. This reduces the amount of replication required throughout the domain or forest as compared to using option 3.
- When the _MSDCS sub-domain is placed in a forest-wide DNS application partition, all DNS servers in the forest host a local copy of the _MSDCS.<forest root domain> zones containing CNAME and SRV locator records for all DCs in the forest. This configuration is easier to administer and has less overhead for DCs to resolve these records which are required for AD replication. The Windows 2000 alternative is to utilize secondary zones or forwarders to internal DNS servers which host the _MSDCS zone when in a forest with multiple domains. For more information about how to convert the _MSDCS zone, see the following Microsoft Knowledge Base article:
817470Â (http://kbalertz.com/Feedback.aspx?kbNumber=817470/ ) How to reconfigure an _msdcs Subdomain to a Forest-wide DNS application directory partition when you upgrade from Windows 2000 to Windows Server 2003
There are two ways to migrate off of Windows 2000 Active Directory-integrated DNS zones in your environment and convert to DomainDNSZones or ForestDNSZones:
- Upgrade existing Windows 2000 DCs that are running the Microsoft DNS Server Service to Windows Server 2003.
- Remove the DNS Server Service on Windows 2000 DCs and optionally install the Microsoft DNS Server Service on Windows Server 2003 DCs, ideally on the same subnet as the deprecated Windows 2000 DNS Server. When you relocate the DNS Server service from one computer to another, remember to modify the IP address for DNS Server settings on member computers, member servers, domain controllers, DHCP Servers and DNS Servers (forwarders + delegations + NS records). Alternatively, have the new Windows Server 2003 DNS Server swap IP address with the deprecated Windows 2000 DNS Server if both computers are on the same subnet. Again, remember to verify record registration for new and deprecated DNS Servers.
To view the records for the various DNS partitions or to delete the contoso.com zone in the desired directory partition(s), follow these steps.
Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.
Back to the topFor Option 1: [ForestDNSZones]
- Click Start, click Run, type adsiedit.msc, and then click OK.
- In the console tree, right-click ADSI Edit, and then click Connect to.
- Click Select or type a Distinguished Name or Naming Context, type the following text in the list, and then click OK:
DC=ForestDNSZones, DC=contoso, DC=com
- In the console tree, double-click DC=ForestDNSZones, DC=contoso, DC=com.
- Double-click CN=MicrosoftDNS, and click the zone (contoso.com). You should now be able to view the DNS records which exist in this DNS partition. If you desire to remove this partition, right-click on contoso.com and then click Delete.
Note Deleting a zone is a destructive operation. Please confirm that a duplicate zone exists before you perform a deletion.
- If you have deleted a zone, restart the DNS service. To do this, follow these steps:
- Click Start, point to All Programs, point to Administrative Tools, and then click DNS.
- In the console tree, right-click contoso.com, point to All Tasks, and then click Restart.
For Option 2: [DomainDNSZones]
- Click Start, click Run, type adsiedit.msc, and then click OK.
- In the console tree, right-click ADSI Edit, and then click Connect to.
- Click Select or type a Distinguished Name or Naming Context, type the following text in the list, and then click OK: DC=DomainDNSZones,DC=contoso,DC=com.
- In the console tree, double-click DC=DomainDNSZones,DC=contoso,DC=com
- Double-click CN=MicrosoftDNS, and click the zone (contoso.com). You should now be able to view the DNS records which exist in this DNS partition. If you desire to remove this partition, right-click on contoso.com and then click Delete.
Note Deleting a zone is a destructive operation. Please confirm that a duplicate zone exists before you perform a deletion.
- If you have deleted a zone, restart the DNS service. To do this, follow these steps:
- Click Start, point to All Programs, point to Administrative Tools, and then click DNS.
- In the console tree, right-click contoso.com, point to All Tasks, and then click Restart.
For Option 3
- Click Start, click Run, type adsiedit.msc, and then click OK.
- In the console tree, double-click Domain NC [servername.contoso.com].
- If, for some reason, Domain NC is not already present in the console tree, follow these steps:
- In the console tree, right-click ADSI Edit, and then click Connect to.
- Click Select or type a Distinguished Name or Naming Context, type the following text in the list, and then click OK:
DC=contoso,DC=com
- In the console tree, double-click DC=contoso,DC=com and double-click CN=System.
- Double-click CN=MicrosoftDNS, and click the zone (contoso.com). You should now be able to view the DNS records which exist in this DNS partition. If you desire to remove this partition, right-click on contoso.com and then click Delete.
Note Deleting a zone is a destructive operation. Please confirm that a duplicate zone exists before you perform a deletion.
- If you have deleted a zone, restart the DNS service. To do this, follow these steps:
- Click Start, point to All Programs, point to Administrative Tools, and then click DNS.
- In the console tree, right-click contoso.com, point to All Tasks, and then click Restart.
Restart the services and reset DNS
After you perform these operations, follow these steps:
- Restart the DNS service.
- Restart the Net Logon service.
- At a command prompt, type the following commands. Press ENTER after each command.
- ipconfig /flushdns
ipconfig /registerdns
- ipconfig /flushdns
