Netlogon Event 5781 and DNS Event 4007 occur after you change the domain that a Windows 2000 domain controller belongs to

Support for Windows Server 2003 ended on July 14, 2015

Microsoft ended support for Windows Server 2003 on July 14, 2015. This change has affected your software updates and security options. Learn what this means for you and how to stay protected.

This article was previously published under Q311354
After you have changed the domain that a Windows 2000 domain controller belongs to, you may frequently receive the following event 5781 in the System Event log:
Event Type: Warning
Event Source: NETLOGON
Event Category: None
Event ID: 5781
Date: date
Time: time
User: N/A
Computer: SERVER

Dynamic registration or deregistration of one or more DNS records failedbecause no DNS servers are available.
In addition to the Netlogon 5781 Event, you may receive DNS Event 4007 when the DC was previously configured as a DNS server.
Event Type: Error
Event Source: DNS
Event Category: None
Event ID: 4007
Description:The DNS server was unable to open zone in the Active Directory from the application directory partition This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error codeFor more information, see Help and Support Center at 0d 00 00 00 ....DC=DomainDNSZones,DC=contoso,DC=com----------------------------
This issue can be caused by stale entries in the DNS zone for the old domain that the domain controller belonged to. DNS Event 4007 indicates a DNS configuration problem. The DNS server service uses Active Directory to store DNS data, and it encountered a Lightweight Directory Access Protocol (LDAP) error that is associated with this zone. This problem can appear for zones that have a registry reference but that are not stored in the ForestDnsZones or the DomainDnsZones application partition of the new domain.
To resolve this issue:
  1. Stop the Netlogon service.
  2. Rename the Netlogon.dns file to Netlogon.old, and then rename the Netlogon.dnb file to Netlogon.old2.

    Note Netlogon.dns and Netlogon.dnb are located in the Windows\System32\Config folder.
  3. Start the Netlogon service or restart your computer.
To prevent the DNS Event 4007 errors from occurring, perform one of the following steps:
  • If they exist, manually remove forward lookup zones that still appear in DNS manager that are not associated with the current Active Directory domain, and then restart DNS.
  • In most cases, Event ID 4007 is resolved by removing from the registry the DNS zone that is indicated in the error when it no longer exists in Active Directory. The zone information is usually left in the registry when the DC previously hosted another zone, was demoted, and then was re-promoted to host a new zone. The location in the registry to remove the problem zone when it does not exist in AD is as follows:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DNS Server\Zones
During the demotion of the domain controller, Dcpromo.exe might not be able to de-register all of the Netlogon service records at the DNS server, which hosts the domain controller's domain.

Article ID: 311354 - Last Review: 04/06/2009 21:11:58 - Revision: 5.0

Microsoft Windows 2000 Server, Microsoft Windows 2000 Advanced Server, Microsoft Windows Server 2003, Datacenter x64 Edition, Microsoft Windows Server 2003, Enterprise x64 Edition, Microsoft Windows Server 2003, Datacenter Edition (32-bit x86), Microsoft Windows Server 2003, Enterprise Edition (32-bit x86), Microsoft Windows Server 2003, Standard Edition (32-bit x86)

  • kbenv kberrmsg kbnetwork kbprb KB311354