Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. Netlogon Event 5781 and DNS Event 4007 occur after you change the domain that a Windows 2000 domain controller belongs to

Netlogon Event 5781 and DNS Event 4007 occur after you change the domain that a Windows 2000 domain controller belongs to

View products that this article applies to.

Symptoms

After you have changed the domain that a Windows 2000 domain controller belongs to, you may frequently receive the following event 5781 in the System Event log:
Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5781
Date: date
Time: time
User: N/A
Computer: SERVER

Description:
Dynamic registration or deregistration of one or more DNS records failed because no DNS servers are available.
In addition to the Netlogon 5781 Event, you may receive DNS Event 4007 when the DC was previously configured as a DNS server.
------------------------
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4007
Computer: SERVERNAME
Description: The DNS server was unable to open zone _msdcs.contoso.com in the Active Directory from the application directory partition DomainDnsZones.contoso.com. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. Data: 0000: 0d 00 00 00 .... DC=DomainDNSZones,DC=contoso,DC=com ----------------------------

↑ Back to the top

Cause

This issue can be caused by stale entries in the DNS zone for the old domain that the domain controller belonged to. DNS Event 4007 indicates a DNS configuration problem. The DNS server service uses Active Directory to store DNS data, and it encountered a Lightweight Directory Access Protocol (LDAP) error that is associated with this zone. This problem can appear for zones that have a registry reference but that are not stored in the ForestDnsZones or the DomainDnsZones application partition of the new domain.

↑ Back to the top

Resolution

To resolve this issue:
  1. Stop the Netlogon service.
  2. Rename the Netlogon.dns file to Netlogon.old, and then rename the Netlogon.dnb file to Netlogon.old2.

    Note Netlogon.dns and Netlogon.dnb are located in the Windows\System32\Config folder.
  3. Start the Netlogon service or restart your computer.
To prevent the DNS Event 4007 errors from occurring, perform one of the following steps:
  • If they exist, manually remove forward lookup zones that still appear in DNS manager that are not associated with the current Active Directory domain, and then restart DNS.
  • In most cases, Event ID 4007 is resolved by removing from the registry the DNS zone that is indicated in the error when it no longer exists in Active Directory. The zone information is usually left in the registry when the DC previously hosted another zone, was demoted, and then was re-promoted to host a new zone. The location in the registry to remove the problem zone when it does not exist in AD is as follows:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones

↑ Back to the top

More information

During the demotion of the domain controller, Dcpromo.exe might not be able to de-register all of the Netlogon service records at the DNS server, which hosts the domain controller's domain.

↑ Back to the top

Keywords: KB311354, kbprb, kbnetwork, kberrmsg, kbenv

↑ Back to the top

Article Info
Article ID : 311354
Revision : 5
Created on : 4/6/2009
Published on : 4/6/2009
Exists online : False
Views : 371