Hi all

I have a bit of a strange issue with the creation of AD-Integrated DNS zones where I receive an error message "The zone cannot be created. There was a server failure".
The same error occurs for primary and stub zones, forward and reverse, that I try to create as AD-integrated. I can create non AD-integrated zones with no issues.

The domain contains 3 domain controllers with the DNS role installed on 2. Issue is occurring on both. I've tried reinstalling the server on one of them however it hasn't made a difference.

To throw a spanner in the works the issue only occurs when I select to create the AD-integrated zone on the standard all DC's in the domain or forest. If I select the option "To all domain controllers in this domain (for Windows 2000 compatibility)" it seems to create fine and replicate to the other DC.

Two domain controllers are running Windows Server 2008 R2 and one is running Windows Server 2012 R2. Domain and forest functional level is at Windows Server 2008 R2.

There does not appear to be any errors in the Application, System or DNS Server event logs.

If I were to create a non AD-integrated primary zone and then try and convert it to an AD-integrated zone I receive the following error message and the DNS Server service crashes:

"The replication scope could not be set. For more information, see "DNS zone replication in Active Directory" in Help and Support. The error was: The server is unavailable"

A "repadmin /showrepl" is showing no errors with replication.

Does anyone have any ideas as to what is causing this?

Cheers
Brady

• Edited by Kenman87 22 hours 0 minutes ago spelling mistake

Hi,

install DNS on the third DC

That has made no difference. Can you explain how it would?

I would highly suggest that you check the Directory Service Logs and the DNS Logs also. Have you ensured that all of the DNS services and AD services have been started?

Have you been able to power cycle the DC's?

Will.

can you check on the partition dc=domaindnszones, dc=contoso,dc=com using ADSIEDIT.msc? whether you already have the domain i.e. "example.com" in dc=microsoftdns tree of dc=domaindnszones,dc=contoso,dc=com.

also, check the partition dc=contoso,dc=com on whether you have duplicate domain "example.com". the example.com is located if you set the "To all domain controllers in this domain(for windows 2000 compatibily)".

Thanks Aliyani

You've put me on the right track!

I tried to connect directly to the domaindnszones and forestdnszones partition using ADSI edit however it presented me with a pretty strange error message (cant quite remember what it was). I thought that the partitions simply didn't exist so from a DNS MMC I performed a "Create Default Application Directory Partitions" which gave me a message saying that the partitions already existed. Strange!

Using Adsi edit I connect to the Configuration partition and confirmed that the 2 CN's existed within CN=Partitions.

Using Adsiedit I nuked them doing a "delete nc DC=DomainDnsZones,DC=xxx,DC=xxx,DC=xxx,DC=xx" and  "delete nc DC=ForestDnsZones,DC=xxx,DC=xxx,DC=xxx,DC=xx". Waited until replication took place then reran "Create Default Application Directory Partitions" from the DNS MMC. It recreated the partitions and all is working fine now!!

Thanks for the assistance! Even when checking the Directory Service Log and DNS Log there were no error or warning events occurring at all.

Thanks again
Brady