question

KahiN-8362 avatar image
0 Votes"
KahiN-8362 asked SunnyQi-MSFT commented

DNS error 4015 on backup DC servers if main DC is off

Everything related to this error seams to be IP addressing issue so far but I cant see thats may case.

I have 3 -Domain Controllers(Windows Server 2019): lets call them DC1, DC2 and DC3.
DC1 and DC2 are located on same site and DC3 is on remote site.

DC1 - is main server (operations master).
As a DNS IP it has DC2s IP address and itself.

DC2 - for backup and redundancy.
As a DNS IP it has DC1s IP and Itself.

DC3 - serves as Domain Controller and DNS for remote site
As a DNS IP it has DC2s IP address and itself. (No DC1s IP at all)

when DC1 is up and running I have no events or issues. Also, dcdiag.exe shows no issues.

When DC1 is off I see 4015 error logged every 5min on DC2 and DC3 ( which is remote server)
Strangely Im also loosing DFS management to my Namespace though I still can access my share and users not having issues. This could be somehow related with DNS errors I guess.

If main DC1 is off and I run dcdiag it complains that role holder is nor reachable as expected.

I have flushed, reregistered, restarted DNS server on DC2 but still same outcome.

Also not having DNS or AD/DS replication issues, as lets say if I create entry on DC2s DNS while DC1 is off, when DC1 comes back it replicates from DC2 and all records are equal.


I would highly appreciate any suggestions or thoughts.

windows-serverwindows-server-2019windows-server-2012windows-dhcp-dns
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,


Just want to confirm the current situations.


Please feel free to let us know if you need further assistance.


Best Regards,
Sunny

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered DSPatrick edited

Sounds like problematic DNS configuration.
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd349575(v=ws.10)?redirectedfrom=MSDN


Short outages of the PDC emulator should be a big deal. If there is going to be an extended outage you may want to transfer the roles to another healthy domain controller.

--please don't forget to Accept as answer if the reply is helpful--


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KahiN-8362 avatar image
0 Votes"
KahiN-8362 answered

I have tried that, restarting servers doesnt log any errors or warnings.
Even if I stop main DC1 DNS Server completely non of other server DC2 or DC3 complain or log any error.
I assume this is not related with DC1 DNS and its something else?

So when you say short outage of PDC emulator is big deal, is this behaviour expected? Or there is some issue behind that?
Im not shutting down main DC1 longer then and hour to see what happens next, but as soon as its of DNS error 4015 logs every 5 min on all servers.
Even on servers not pointing to DC1 in their DNS entry.

Any other troubleshooting steps for this?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered

Hi,

Thanks for posting in Q&A platform.

Before we go further, could you please help to provide screenshot of the Event 4015 with specific errors for further troubleshooting?

Best Regards,
Sunny

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KahiN-8362 avatar image
0 Votes"
KahiN-8362 answered KahiN-8362 edited

85539-untitled.jpg




This is when DC1(main server) is off. This error comes up straight away after 5 min and keeps logging


untitled.jpg (82.3 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered KahiN-8362 commented

Hi,

Thank you for your feedback.

For testing, could you please configure the zone to allow both non-secure and secure update on DC2 and DC3 when DC1 was down? Then please kindly check if event 4015 is still occurred.

If the issue still existed, please run the following command in DC2 and DC3, and please share the results for us further troubleshooting. (Please remove the information which may leak your private information)

Dcdiag /v >c:\dcdiag1.log

Repadmin /showrepl >C:\repl.txt

Repadmin /showreps *

Best Regards,
Sunny


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

86001-dc2-repl.txt


85933-dc2.log


85934-dc3-repl.txt


85935-dc3.log


86002-screenshot-2021-04-09-101901.jpg



Hi Sunny

Thanks for your reply.
I have changed zones to allow both non-secure and secure updates but 4015 event still occurred same manner.
Please see attached files, this were gathered while DC1 was up and running.
Let me know if you need logs while DC1 is off.
Also Repadmin /showreps * gaves attached error on all server, but its not seen on Server manager events.


Regards
Kahi


0 Votes 0 ·
dc2-repl.txt (2.0 KiB)
dc2.log (32.4 KiB)
dc3-repl.txt (1.2 KiB)
dc3.log (13.8 KiB)
DSPatrick avatar image
0 Votes"
DSPatrick answered KahiN-8362 commented

Please run;

Dcdiag /v /c /d /e /s:%computername% >c:\dcdiag.log
repadmin /showrepl >C:\repl.txt
ipconfig /all > C:\dc1.txt
ipconfig /all > C:\dc2.txt
ipconfig /all > C:\dc3.txt

then put unzipped text files up on OneDrive and share a link.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi there

Please see attached files on the following link

https://1drv.ms/u/s!ApQc_TiPos6vbQMB126Agp-4kA8?e=3Cgori


Regards
Kahi

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered KahiN-8362 commented

All three domain controllers are multi-homed. Multihoming will always cause no end to grief for active directory DNS. I did not look at other files since this one is a show stopper.

--please don't forget to Accept as answer if the reply is helpful--





· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

That happens even if I have disabled all other NICs.
Just tested right now still same outcome.

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered KahiN-8362 commented

After disabling the extra network adapters you'll also want to do ipconfig /flushdns, ipconfig /registerdns, restart the netlogon service.

--please don't forget to Accept as answer if the reply is helpful--







· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.


Sorry still same
Things I have tried:
ipconfig /flushdns, ipconfig /registerdns, clear dns cache, dns restart, netlogon restart, server restart.

Same outcome.
Any other ideas?

0 Votes 0 ·
SunnyQi-MSFT avatar image
0 Votes"
SunnyQi-MSFT answered SunnyQi-MSFT commented

Hi,

Thanks for your efforts on this issue.

DNS 4015 error is a quite common event which can be generated in a Microsoft DNS server and normally it won’t cause any functionality issue from DNS perspective.

Based on current information and log, it's hard for us to figure out the root cause of this event. The deeper trace collecting will be necessary for further troubleshooting.

I would suggest you open a case with Microsoft where more in-depth investigation can be done so that you would get a more satisfying explanation and solution to this issue.

You may find phone number for your region accordingly from the link below:
https://support.microsoft.com/en-us/gp/customer-service-phone-numbers

Best Regards,
Sunny


If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Will do.
Thanks for your time and help!

0 Votes 0 ·

Thank you very much for your feedback. You could accept the useful reply as answer if you want to end this thread up. If there is anything else we can do for you, please feel free to post in the forum.

0 Votes 0 ·