Register

Forgot Password

Site FAQ

Home > IT Answers > Windows Server > Event ID 4515 – zone exists in more than 1 location in Active Directory

ITBird

15 pts.

Event ID 4515 – zone exists in more than 1 location in Active Directory

Active Directory, Availability, DNS, Microsoft Windows, Networking, Tech support

I posed a question a couple of weeks ago and had no response so I'm hoping I just worded it badly. I'm desperate to sort this out so I'm having another try. The first error I got in my DNS log was Event ID 4515 "The zone contoso.com was previously loaded from the directory partition ForestDNSZones.contoso.com but another copy of the zone has been found in directory partition DomainDnsZones.contoso.com. The DNS server will ignore this new copy of the zone. Please resolve this conflict ASAP". I now get it the other way around too with Forest & DomainDNS zones reversed. Apparently the way to correct this is to use adsiedit.msc to delete one of the zones but it says to confirm that a duplicate zone exists before doing this. So I went in and had a look using adsiedit.msc and sure enough there are records in both forest and domain DNS zones. But they don't look the same. The Forest zone within DC=_msdcs.techset.local contains the following:- DC=@ DC=_kerberos._tcp.dc DC=_kerberos._tcp.Default-First-Site-Name._sites.dc DC=_ldap._tcp.48b60e56-...etc. DC=_ldap._tcp.dc DC=_ldap._tcp.Default-First-Site-Name._sites.dc DC=_ldap._tcp.Default-First-Site-Name._sites.gc DC=_ldap._tcp.gc DC=_ldap._tcp.pdc DC=10d556611-...etc. DC=677cc99c-...etc. DC=arwen (this is a new DC which has the same name as my old PDC) DC=c8721c1-... DC=gc DC=legolas (this is my PDC) There is no mention of the other DC on the network. Also within the Forest Zone in DC=254.168.192.in-addr.arpa are all the pointer records for the whole network. In the Domain Zone under DC=techset.local there are:- DC=A DC=_gc._tcp DC=_gc._tcp.Default-First-Site-Name._sites DC=_kerberos._tcp DC=_kerberos._tcp.Default-First-Site-Name DC=_kerberos._udp DC=_dpasswd._tcp DC=_kpasswd._udp DC=_ldap._tcp DC=_ldap._tcp.Default-First-Site-Name._sites DC=_ldap._tcp.Default-First-Site-Name._sites.DomainDNSZones DC=_ldap._tcp.Default-First-Site-Name._sites.ForestDNSZones DC=_ldap._tcp.DomainDnsZones DC=_ldap._tcp.ForestDnsZones DC=_msdcs DC=DomainDnsZones DC=ForestDnsZones DC=Aragorn DC=arwen DC=Ben DC=Bilbo etc. (all records for all computers on network) Sorry for so much typing but my question is this. Is it normal for the Forest zone to have so few records in it? I'm really asking which one I should get rid of. The forest zone is missing records for 1 of my DC's and doesn't have any DNS records apart from pointer records for the network. Is that normal? And the Domain Zone doesn't have any pointer records at all. Which one should I delete? I'd really appreciate an answer if anyone knows! Thanks.

Software/Hardware used:

ASKED: May 15, 2007 7:31 AM

UPDATED: May 17, 2007 9:54 PM

RELATED QUESTIONS

Answer Wiki:

Since no one else has responded, I will take a crack at this. I would look at the logs and see which system complained first about the duplication. My guess would be to remove the copy this first message objected to. Naturally you shouldn't try any of this without having a good backup of all of these DCs in case you have to restore the current state. Playing with adsiedit is dangerous in any case so make sure you have a good back out plan. In kb 322692 they give a few hints about the pitfalls of backing out of a change in domain level. Sorry I don't have a better suggestion for you. rt

Last Wiki Answer Submitted: May 15, 2007 12:43 pm by Astronomer

0 pts.

All Answer Wiki Contributors: Astronomer

0 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: May 15, 2007 6:02 PM (GMT)

EventID.net includes the information about ADSIEdit, but also talks about stopping DNS on all servers but one, removing the AD integration on it, clearing the logs, re-integrating them into AD and then restarting the other DNS servers. This seems like it would work because your DNS server sounds like it was upgraded from a previous Windows 2000 domain. In cases such as that, the DNS needs to be upgraded from a Win2k zone to the newer Windows 2003 DNS zones. It’s worth checking out because it sounds like your problem is synchronizing the DNS in AD.

http://www.eventid.net/display.asp?eventid=4515&eventno=3593&source=DNS&phase=

Don

Sonyfreek

0 pts.

POSTED: May 17, 2007 11:03 AM (GMT)

Thanks very much for your suggestions. I went with Sonyfreeks answer “…EventID.net includes the information about ADSIEdit, but also talks about stopping DNS on all servers but one, removing the AD integration on it, clearing the logs, re-integrating them into AD and then restarting the other DNS servers….” because it seemed less destructive than messing about with adsiedit. And it worked like a charm. Thank you!

ITBird

15 pts.

POSTED: May 17, 2007 9:54 PM (GMT)

Sweet. I’m glad everything worked out for you.

Sonyfreek

0 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags