No announcement yet.

AD/DNS problems

  • Filter
  • Time
  • Show
Clear All
new posts

  • AD/DNS problems

    Howdy guys

    One of our DCs was not replicating throughout the forest, with certain errors. After trying for hours to resolve this, I decided to rebuild. However, after a complete rebuild and disk format, the exact same errors have returned.

    Here are examples:


    The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "000020B5: AtrErr: DSID-03152392, #1:

    0: 000020B5: DSID-03152392, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 9067d (msDS-NC-Replica-Locations)". The event data contains the error.

    Couldnít find anything on this error.


    The DNS server detected that it is not enlisted in the replication scope of the directory partition This prevents the zones that should be replicated to all DNS servers in the forest from replicating to this DNS server.

    To create or repair the forest-wide DNS directory partition, open the the DNS console. Right-click the applicable DNS server, and then click 'Create Default Application Directory Partitions'. Follow the instructions to create the default DNS application directory partitions. For more information, see 'To create the default DNS application directory partitions' in Help and Support.

    This error I donít trust. The server IS listed in the directory partition And when you try the 'Create Default Application Directory Partitions' is results in Ďaccess is deniedí.

    This may not make sense, but Iím leaning towards a hardware fault, perhaps a problem with one of the hard drives.

    Iím not going to pretend I understand exactly the details of how an operating system is written to a hard drive, but could it be the case that when a server is dcpromoíd, the AD database is written to the same part of the disk each time?

    I canít think of anything else right now.

    Iíll do some disk checks and see what I can come up with.

    Cheers for now


  • #2
    Re: AD/DNS problems

    Did you dcpromo down the server before rebuilding ?
    If it is not related to stale metadata that needs to be cleaned up, I would remove DNS from the DC, point it to another DNS server in the forest and let it replicate.
    After you have replication stablized, reinstall DNS and check if the error returns.
    Guy Teverovsky
    "Smith & Wesson - the original point and click interface"