Microsoft KB Archive/938459

= Error message when you replicate an Active Directory-integrated zone from a Windows Server 2003-based domain controller: &quot;The zone cannot be replicated to all DNS servers in the (null) Active Directory domain&quot; =

Article ID: 938459

Article Last Modified on 7/6/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Web Edition

-



SYMPTOMS
You create a new Domain Name System (DNS) zone, or you replicate an Active Directory directory service-integrated DNS zone from a Microsoft Windows Server 2003-based domain controller. After you do this, you may receive an error message that resembles the following:

The zone cannot be replicated to all DNS servers in the (null) Active Directory domain because the required application does not exist. Only Enterprise administrators have the appropriate permissions to create an application directory partition. To store this zone in a domain container until the partition is created, close this message, and then replicate to all domain controllers in the active directory domain option.



CAUSE
This issue may occur if Active Directory replication fails. Active Directory replication may fail because of a DNS lookup failure or because the security channel is broken.

If you verify Active Directory replication by using the Active Directory sites and Services Microsoft Management Console (MMC) snap-in, you may receive one of the following error messages:

Error message 1

Target Principal Name is incorrect

Error message 2

DNS lookup failure

When you reset the security channel, you may receive an error message that resembles the following:

Target Principal Account name is incorrect



RESOLUTION
To resolve this issue, follow these steps:  Change the DNS server to another DNS server that is available in the domain. To do this, follow these steps:  Right-click My Network Places, and then click Properties. Right-click Local Area Connection, and then click Properties. Click Internet Protocol (TCP/IP), and then click Properties. Type the IP address of any other DNS server in the Preferred DNS server box, and then click OK two times. Click Close to close the Local Area Connection Status dialog box.</ol> </li> Disable the Kerberos Key Distribution Center service. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, point to Programs, click Administrative Tools, and then click Services.</li> In the list of services, double-click Kerberos Key Distribution Center.</li> In the Startup type list, click Disabled, click Stop, click Apply, and then click OK.</li> Close the Services MMC snap-in.</li></ol> </li> Restart the domain controller.</li> Start the Kerberos Key Distribution Center service. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, point to Programs, click Administrative Tools, and then click Services.</li> In the list of services, double-click Kerberos Key Distribution Center.</li> In the Startup type list, click Automatic, click Apply, click Start, and then click OK.</li> Close the Services MMC snap-in.</li></ol> </li></ol>

Keywords: kberrmsg kbtshoot kbexpertiseadvanced kbprb KB938459

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.