Microsoft KB Archive/867464

= Event ID 4515 is logged in the DNS Server log in Windows Server 2003 =

Article ID: 867464

Article Last Modified on 6/4/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, 64-Bit Datacenter Edition
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)

-



SYMPTOMS
When you view the DNS Server log in Event Viewer, you may see an event that resembles the following event.

Note In the following example event and throughout this article,  is used as a placeholder for an actual domain. Event ID: 4515

Event Source: DNS

Event Type: Warning

Event Description: The zone  was previously loaded from the directory partition ForestDnsZones. but another copy of the zone has been found in directory partition DomainDnsZones. . The DNS Server will ignore this new copy of the zone. Please resolve this conflict as soon as possible.



CAUSE
This issue may occur when the DNS zone that is listed in the Event 4515 exists in more than one location in Active Directory.

Note A DNS zone must exist in only one Active Directory partition at the same time.

A DNS zone may be incorrectly created in more than one location in Active Directory in the following scenarios:
 * The DNS zone was moved from one directory partition to another directory partition.
 * The replication scope for Windows 2000 Active Directory integrated DNS zones are transitioned to domain DNS application partitions or to forest-wide DNS application partitions that are supported by Windows Server 2003 domain controllers.



RESOLUTION
To resolve this behavior, determine which Active Directory partition for  you would like to use, and then remove the other   zone(s) from Active Directory.

The following locations are the three default directory partition locations in Active Directory that DNS can be stored in on a Windows Server 2003 Domain Controller (DC). These are:
 * 1) To all DNS servers in the Active Directory Forest  . [ForestDNSZones]
 * 2) To all DNS servers in the Active Directory domain  . [DomainDNSZones]
 * 3) To all domain controllers in the Active Directory domain.

To determine which zone should be deleted, you should take into consideration the information below, where you would like to have the DNS zone replicated to in your environment, and which zone currently has the majority of the records. Typically, all of the DNS zones for  should be set to utilize the same Active Directory partition for all Microsoft DNS servers in the environment.

Option 1 [ForestDNSZones] and Option 2 [DomainDNSZones] listed above are only understood by Windows Server 2003 domain controllers. Option 3 is understood by Windows 2000 and Windows Server 2003 domain controllers. If you have any Windows 2000 DCs that need to host this zone, you must choose Option 3.

If possible, it is recommended to use either Option 1 or 2. Here are some benefits of storing DNS zones in default DNS application partitions:  Relocating DNS zones from the Active Directory integrated domain partitions to application partitions removes DNS records from non-DNS Servers in the domain and Global Catalog domain controllers in the forest. DNS zones and their records are only present on the domain controllers running the Microsoft DNS Server service in the domain for zones placed in domain-wide partitions or DNS Servers in the forest for forest-wide DNS application partitions. This reduces the amount of replication required throughout the domain or forest as compared to using option 3. When the _MSDCS sub-domain is placed in a forest-wide DNS application partition, all DNS servers in the forest host a local copy of the _MSDCS. zones containing CNAME and SRV locator records for all DCs in the forest. This configuration is easier to administer and has less overhead for DCs to resolve these records which are required for AD replication. The Windows 2000 alternative is to utilize secondary zones or forwarders to internal DNS servers which host the _MSDCS zone when in a forest with multiple domains. For more information about how to convert the _MSDCS zone, see the following Microsoft Knowledge Base article:

817470 How to reconfigure an _msdcs Subdomain to a Forest-wide DNS application directory partition when you upgrade from Windows 2000 to Windows Server 2003



There are two ways to migrate off of Windows 2000 Active Directory-integrated DNS zones in your environment and convert to DomainDNSZones or ForestDNSZones:
 * 1) Upgrade existing Windows 2000 DCs that are running the Microsoft DNS Server Service to Windows Server 2003.
 * 2) Remove the DNS Server Service on Windows 2000 DCs and optionally install the Microsoft DNS Server Service on Windows Server 2003 DCs, ideally on the same subnet as the deprecated Windows 2000 DNS Server. When you relocate the DNS Server service from one computer to another, remember to modify the IP address for DNS Server settings on member computers, member servers, domain controllers, DHCP Servers and DNS Servers (forwarders + delegations + NS records). Alternatively, have the new Windows Server 2003 DNS Server swap IP address with the deprecated Windows 2000 DNS Server if both computers are on the same subnet. Again, remember to verify record registration for new and deprecated DNS Servers.

To view the records for the various DNS partitions or to delete the  zone in the desired directory partition(s), follow these steps.

Warning If you use the ADSI Edit snap-in, the LDP utility, or any other LDAP version 3 client, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Windows Server 2003, Microsoft Exchange 2000 Server, Microsoft Exchange Server 2003, or both Windows and Exchange. Microsoft cannot guarantee that problems that occur if you incorrectly modify Active Directory object attributes can be solved. Modify these attributes at your own risk.

For Option 1: [ForestDNSZones]
 Click Start, click Run, type adsiedit.msc, and then click OK. In the console tree, right-click ADSI Edit, and then click Connect to. Click Select or type a Distinguished Name or Naming Context, type the following text in the list, and then click OK:

DC=ForestDNSZones, DC=contoso, DC=com

 In the console tree, double-click DC=ForestDNSZones, DC=, DC= .</li> Double-click CN=MicrosoftDNS, and click the zone. You should now be able to view the DNS records which exist in this DNS partition. If you desire to remove this partition, right-click on  and then click Delete.

Note Deleting a zone is a destructive operation. Please confirm that a duplicate zone exists before you perform a deletion.</li> If you have deleted a zone, restart the DNS service. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, point to All Programs, point to Administrative Tools, and then click DNS.</li> In the console tree, right-click  , point to All Tasks, and then click Restart.</li></ol> </li></ol>

For Option 2: [DomainDNSZones]
<ol> Click Start, click Run, type adsiedit.msc, and then click OK.</li> In the console tree, right-click ADSI Edit, and then click Connect to.</li> Click Select or type a Distinguished Name or Naming Context, type the following text in the list, and then click OK: DC=DomainDNSZones,DC= ,DC=com .</li> In the console tree, double-click DC=DomainDNSZones,DC= ,DC=com</li> Double-click CN=MicrosoftDNS, and click the zone. You should now be able to view the DNS records which exist in this DNS partition. If you desire to remove this partition, right-click on  and then click Delete.

Note Deleting a zone is a destructive operation. Please confirm that a duplicate zone exists before you perform a deletion.</li> If you have deleted a zone, restart the DNS service. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> Click Start, point to All Programs, point to Administrative Tools, and then click DNS.</li> In the console tree, right-click  , point to All Tasks, and then click Restart.</li></ol> </li></ol>

For Option 3
<ol> Click Start, click Run, type adsiedit.msc, and then click OK.</li> In the console tree, double-click Domain NC [servername.contoso.com].</li> If, for some reason, Domain NC is not already present in the console tree, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>In the console tree, right-click ADSI Edit, and then click Connect to.</li> <li>Click Select or type a Distinguished Name or Naming Context, type the following text in the list, and then click OK:

DC=contoso,DC=com

</li></ol> </li> <li>In the console tree, double-click DC= ,DC=com and double-click CN=System.</li> <li>Double-click CN=MicrosoftDNS, and click the zone. You should now be able to view the DNS records which exist in this DNS partition. If you desire to remove this partition, right-click on  and then click Delete.

Note Deleting a zone is a destructive operation. Please confirm that a duplicate zone exists before you perform a deletion.</li> <li>If you have deleted a zone, restart the DNS service. To do this, follow these steps: <ol style="list-style-type: lower-alpha;"> <li>Click Start, point to All Programs, point to Administrative Tools, and then click DNS.</li> <li>In the console tree, right-click  , point to All Tasks, and then click Restart.</li></ol> </li></ol>

Restart the services and reset DNS
After you perform these operations, follow these steps:
 * 1) Restart the DNS service.
 * 2) Restart the Net Logon service.
 * 3) At a command prompt, type the following commands. Press ENTER after each command.
 * 4) * ipconfig /flushdns

ipconfig /registerdns

Keywords: kbprb KB867464

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.