RODC logs DNS event 4015 every 3 minutes with error code 00002095
Source: Microsoft Support
RAPID PUBLISHING ARTICLES PROVIDE INFORMATION DIRECTLY FROM WITHIN THE MICROSOFT SUPPORT ORGANIZATION. THE INFORMATION CONTAINED HEREIN IS CREATED IN RESPONSE TO EMERGING OR UNIQUE TOPICS, OR IS INTENDED SUPPLEMENT OTHER KNOWLEDGE BASE INFORMATION.
If we are running the Domain Name Service (DNS) role on a Read-Only Domain Controller (RODC) and a Windows 2008 writable Domain Controller (hosting DNS) is not accessible, we see the following event being logged on the RODC.
Log Name: DNS Server
Date: date time
Event ID: 4015
Task Category: None
The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is "00002095: SvcErr: DSID-03210A6A, problem 5012 (DIR_ERROR), data 16". The event data contains the error.
When a Read Only Domain Controller (RODC) locates a writeable DNS server to perform ReplicateSingleObject (RSO), it performs a DSGETDC function with the following flags set:
Once a DC is returned from the DSGETDC call, it uses the result to search for the NS record in DNS. If the DSGETDC call fails, or it fails to find the NS record of the DC returned from DSGETDC, the error 4105 will be logged.
Possible causes of the 4105 error:
1) No writeable Windows 2008 DC is accessible, or none returned from DSGETDC call
2) The DSGETDC call was successful, but the DC returned does not have the DNS Server Role installed, or does not register a NS record in DNS.
The following command can be ran from the RODC to check which DC is returned from the DSGETDC call:
nltest /dsgetdc:DOMAIN.COM /WRITABLE /AVOIDSELF /TRY_NEXT_CLOSEST_SITE /DS_6
Where DOMAIN.COM is your domain name.
To resolve either cause above, ensure that a writable Windows 2008 DC is accessible from the RODC, that the DNS Server Role is installed on that DC, and that the NS record is registered in DNS for the Windows 2008 writable DC.
For more information about the DSGETDC function, see TechNet article:
MICROSOFT AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS OR WARRANTIES ABOUT THE SUITABILITY, RELIABILITY OR ACCURACY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEBSITE (THE “MATERIALS”) FOR ANY PURPOSE. THE MATERIALS MAY INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS AND MAY BE REVISED AT ANY TIME WITHOUT NOTICE.
TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, MICROSOFT AND/OR ITS SUPPLIERS DISCLAIM AND EXCLUDE ALL REPRESENTATIONS, WARRANTIES, AND CONDITIONS WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING BUT NOT LIMITED TO REPRESENTATIONS, WARRANTIES, OR CONDITIONS OF TITLE, NON INFRINGEMENT, SATISFACTORY CONDITION OR QUALITY, MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, WITH RESPECT TO THE MATERIALS.
Article ID: 969488 - Last Review: 04/14/2011 18:51:00 - Revision: 3.0
Windows Server 2008 Enterprise without Hyper-V, Windows Server 2008 R2 Enterprise, Windows Server 2008 Enterprise
- kbrapidpub kbnomt KB969488