No announcement yet.

Adding a DNS record is Refused

  • Filter
  • Time
  • Show
Clear All
new posts

  • Adding a DNS record is Refused

    Hi All,

    I have a forest with only one domain with 3 DCs which are all Windows Server 2008 R2 Std Full Install.

    Previously, this domain had 2 DCs with Windows Server 2003 R2 Std. We added the new DCs with Win 2008 and removed the DCs with Win 2003.

    All seemed to be working fine, but I encountered a problem with our DNS.
    The DNS zone of our domain in AD integrated with a scope of All DC in the domain.

    I can delete a record, modify a record, create a sub-domain or delete a sub-domain. I cannot create a new DNS record. When I try to do so, I have an error saying : The host record cannot be created. Refused.
    I also have ar error logged in the DNS Event Log :

    Event Type: Error
    Event Source: DNS
    Event Category: None
    Event ID: 4015
    Date: 6/4/2010
    Time: 2:05:16 PM
    User: N/A
    The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "0000051B: AtrErr: DSID-030F1F8D, #1:
    0: 0000051B: DSID-030F1F8D, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 20119 (nTSecurityDescriptor)". The event data contains the error.
    For more information, see Help and Support Center at
    0000: 13 00 00 00 ....

    I have the same problem on all of my DC. I have the same problem if I try to create it directly on my server or from wy admin workstation. DNSCMD give me the same error.

    If I set the Dynamic updates on my DNS zone at "nonsecure and secure" instead of "Secure only", it works.

    If I try to change le replication scope to All DNS servers in forest or All DNS servers in domain, I have an error :
    The replication scope could not be set. For more information, see "DNS zone replication in Active Directory" in Help and Support. The error was : There was a server failure.

    I searched on the web and found two things :
    - Someone rebooted the server and it was ok. Didin't work for me.
    - Verify Administrators group has the right Manage auditing and security log through Default Domain Controllers Policy. It is set correctly. I verified with RSOP.

    At this point, I don't have a clue, any help would be appreciated.

    Thank you,
    Dominic Cadorette

  • #2
    Re: Adding a DNS record is Refused

    Have you seen this thread:

    Might help.
    A recent poll suggests that 6 out of 7 dwarfs are not happy


    • #3
      Re: Adding a DNS record is Refused

      Thanks Blood for the reply.
      However, it doesn't seem to be related to te problem I have.
      I don't have any problem when I reboot my DC or when I promoted them.

      I recevied the error only when I add a DNS record when my zone is set to "Secure only" dynamic updates.

      I also receive an error when I try to move the DNS partition.

      Thanks for the help,


      • #4
        Re: Adding a DNS record is Refused

        two things.
        firstly - check you have the right permissions
        secondly, when you run the DNS console, or the command prompt to enter the dnscmd line, make sure you right click and choose "run as administrator" - even if you ARE the domain administrator

        this one caught us out a few times initially when we first deployed 2008... quite a few things need you to elevate, even though you are 'elevated'
        Please do show your appreciation to those who assist you by leaving Rep Point