The DNS server is now booting from the registry. The existing server boot file will no longer be read by the DNS server at startup. For any new zones that you add or for changes you make to zone information, you must make them using DNS Manager. The previous DNS server boot file has been moved to the %SystemRoot%\\System32\\Dns\\backup directory. To return to using the server boot file, you must perform the following: (1) Open the Registry Editor (Regedt32.exe), (2) navigate to the DNS server registry location: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\DNS\\Parameters, (3) delete this value: EnableRegistryBoot, and (4) recopy or create the server boot file to be used by the DNS Server in the %SystemRoot%\\System32\\Dns directory. If you revert to booting the server from file, all prior changes to zone information (including any new zones you might have added) that were made while using DNS Manager are lost.

Details
Product: Windows Operating System
Event ID: 2000
Source: DNS
Version: 5.0
Symbolic Name: DNS_BOOTFILE_BACKUP_MESSAGE
Message: The DNS server is now booting from the registry. The existing server boot file will no longer be read by the DNS server at startup. For any new zones that you add or for changes you make to zone information, you must make them using DNS Manager. The previous DNS server boot file has been moved to the %SystemRoot%\\System32\\Dns\\backup directory. To return to using the server boot file, you must perform the following: (1) Open the Registry Editor (Regedt32.exe), (2) navigate to the DNS server registry location: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\DNS\\Parameters, (3) delete this value: EnableRegistryBoot, and (4) recopy or create the server boot file to be used by the DNS Server in the %SystemRoot%\\System32\\Dns directory. If you revert to booting the server from file, all prior changes to zone information (including any new zones you might have added) that were made while using DNS Manager are lost.
   
Explanation

If you see this in conjunction with event ID 157 or event ID 7023 from the Service Control Manager, this might indicate that the registry key which determines whether your DNS initializes from a boot file or from the registry might not have been updated properly.

   
User Action

Edit an entry in the registry, and if your DNS server initializes from a boot file, you might need to copy a new boot file into the DNS folder.

Caution:
Do not use a registry editor to edit the registry directly unless you have no alternative. The registry editors bypass the standard safeguards provided by administrative tools. These safeguards prevent you from entering conflicting settings or settings that are likely to degrade performance or damage your system. Editing the registry directly can have serious, unexpected consequences that can prevent the system from starting and require that you reinstall Windows 2000. To configure or customize Windows 2000, use the programs in Control Panel or Microsoft Management Console (MMC) whenever possible.

Start a registry editor (regedt32.exe or regedit.exe), and then locate the following subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dns\Parameters.

Edit the entry EnableRegistryBoot (data type: REG_DWORD) so that the value is 1 for registry boot or 0 for boot file. Exit the registry editor. The value of this entry was set to 1 when the first zone was created, and by default the boot file’s information was then migrated into the registry. When you reset this entry back to zero, it disables the DNS server from booting or initializing from the registry. If the DNS server does not boot from the registry, it must initialize from a boot file. A backup boot file can be found in the following location:

Systemroot\System32\Dns\Backup. Copy this file to the Dns folder, and then start DNS.

Related:

Zone transfer request for secondary zone %1 refused by master server at %2. Check the zone at the master server %2 to verify that zone transfer is enabled to this server. To do so, use the DNS console, and select master server %2 as the applicable server, then in secondary zone %1 Properties, view the settings on the Zone Transfers tab. Based on the settings you choose, make any configuration adjustments there (or possibly in the Name Servers tab) so that a zone transfer can be made to this server.

Details
Product: Windows Operating System
Event ID: 6525
Source: DNS
Version: 5.0
Symbolic Name: DNS_EVENT_AXFR_REFUSED
Message: Zone transfer request for secondary zone %1 refused by master server at %2. Check the zone at the master server %2 to verify that zone transfer is enabled to this server. To do so, use the DNS console, and select master server %2 as the applicable server, then in secondary zone %1 Properties, view the settings on the Zone Transfers tab. Based on the settings you choose, make any configuration adjustments there (or possibly in the Name Servers tab) so that a zone transfer can be made to this server.
   
Explanation

The zone transfer request initiated by the master DNS server was refused by the primary server.

   
User Action

Check the specified zone file on the primary DNS server. Verify that the zone name and the secondary master server’s IP addresses have been properly configured in a dotted decimal format. Verify that you can ping each IP address successfully. If you have set the Notify parameters, check the IP addresses and verify that they match the addresses displayed on the General tab of the Zone Properties dialog box.

1. In DNS Manager, right-click the specified zone file, then click Properties.
2. Verify that the configured IP Master(s) address(es) are valid by pinging each address in the list.
3. If you have set the Notify parameters for your DNS server, then click the Notify tab.
4. Verify that the IP addresses configured on the General tab are the same as those configured on the Notify tab. If there is a difference between the two lists, only the IP addresses displayed in the Notify list will be used to perform zone transfers if the “Only Allow Access From Secondaries Included on Notify List” check box is selected.

Related:

The DNS server failed to open adapter %1, for netBIOS adapter status lookup.

Details
Product: Windows Operating System
Event ID: 132
Source: DNS
Version: 5.0
Symbolic Name: DNS_EVENT_NBSTAT_ADAPTER_FAILED
Message: The DNS server failed to open adapter %1, for netBIOS adapter status lookup.
   
Explanation

The DNS server tried and failed to perform a WINS reverse lookup by using the NetBIOS nbtstat utility. DNS uses nbtstat for lookup because the WINS database is not indexed using IP addresses, and therefore the Windows 2000 DNS functionality cannot perform a reverse name lookup on the WINS server (that is, it cannot locate a computer’s name given its IP address). Instead, DNS uses nbtstat to send a node status request directly to the given IP address.

   
User Action

Check the bindings of your NetBIOS interface by double-clicking Network and Dial-up Connection in Control Panel, and opening the network connection. Check the cable connection from your network adapter to the 10BT drop. Try running nbtstat from the command prompt. If you are able to resolve the address from the command line, try stopping and restarting DNS.

Related:

The connectivity verifier “%1” reported an error when trying to connect to %2.Reason: %3.

Details
Product: Internet Security and Acceleration Server
Event ID: 21137
Source: Microsoft Firewall
Version: 4.0.3443.594
Component: ISA Server Services
Message: The connectivity verifier “%1” reported an error when trying to connect to %2.Reason: %3.
   
Explanation
This event occurs when the connection between the ISA Server computer and the specified destination server cannot be established using the requested verification method. A connectivity verifier may fail to connect to a destination for one of the following reasons:
The server you are trying to verify connectivity with may not be responding. The server or service running on the machine may be malfunctioning or over flooded.If all connectivity verifiers are failing, the ISA Server computer may not be connected properly to the network or there may be a networking-related configuration problem (e.g. wrong routing configuration).The DNS server is unreachable. Therefore, ISA Server can not resolve the DNS name and cannot know which IP address to connect.The name of the specified destination can not be resolved, ISA Server cannot know which IP address to connect.
   
User Action
Verify that the ISA Server computer is connected to the network.To find out if this is a DNS problem, try running: ???ping ???a ???. If ping can???t resolve the IP address of the given destination, then this is a DNS problem. Running ping to the destination server also validates network connectivity. If the server responds to ping sent from the ISA Server computer, then this is not a network connectivity problem. Note that if the destination computer does not respond to ping, there may still be a network connectivity issue. A firewall, for example, running on the destination computer may block ping requests. Check that the destination computer is functional. You can try to connect to it from a different server.Use ISA Server logging feature to determine if the connection request was denied by a policy rule.

Related:

The following DNS server that is authoritative for the DNS domain controller locator records of this domain controller does not support dynamic DNS updates: DNS server IP address: %1 Returned Response Code (RCODE): %2 Returned Status Code: %3 USER ACTION Configure the DNS server to allow dynamic DNS updates or manually add the DNS records from the file ‘%SystemRoot%\System32\Config\Netlogon.dns’ to the DNS database.

Details
Product: Windows Operating System
Event ID: 5773
Source: NetLogon
Version: 5.2
Symbolic Name: NELOG_NetlogonNoDynamicDns
Message: The following DNS server that is authoritative for the DNS domain controller locator records of this domain controller does not support dynamic DNS updates: DNS server IP address: %1 Returned Response Code (RCODE): %2 Returned Status Code: %3 USER ACTION Configure the DNS server to allow dynamic DNS updates or manually add the DNS records from the file ‘%SystemRoot%\System32\Config\Netlogon.dns’ to the DNS database.
   
Explanation

The DNS server that is hosting the zone for this domain controller’s (DC) locator records does not support DNS dynamic updates, but this DC is configured to perform dynamic updates.

   
User Action

Configure the DNS server to support secure DNS dynamic updates or, if you are manually managing these locator records, add them to the appropriate zone using the DNScmd.exe tool or the MMC console management interface.

To learn more about dynamic updates, see Help and Support.

Related:

The DNS server has detected that the secondary zone %1 has no master IP addresses in registry data. Secondary zones require at least one master server to act as a source. You can add or update the IP address for the master server for this zone using the DNS console. For more information, see “To update the master server for a secondary zone” in the online Help.

Details
Product: Windows Operating System
Event ID: 503
Source: DNS
Version: 5.0
Symbolic Name: DNS_EVENT_SECONDARY_REQUIRES_MASTERS
Message: The DNS server has detected that the secondary zone %1 has no master IP addresses in registry data. Secondary zones require at least one master server to act as a source. You can add or update the IP address for the master server for this zone using the DNS console. For more information, see “To update the master server for a secondary zone” in the online Help.
   
Explanation

When defining secondary zones, an IP address must be configured for the master server from which the zone information is obtained during startup or when the refresh interval times out in the SOA record.

   
User Action

Verify that the master IP address of the secondary zone has been defined on the server:

1. In DNS Manager, right-click the specified secondary zone file, and then click Properties.
2. Verify that the primary server IP address is defined in the IP Masters address list. If the primary server IP address is missing, add it to the list.
3. If the IP address is defined, delete it and then add it back to the IP Masters address list.
4. Click OK.
5. Click DNS on the menu bar, and then click Update Server Data Files.

Check the registry to verify that the primary server IP address has been added to the zone directory:

1. Click Start, and then click Run.
2. Start a registry editor (Regedit.exe or regedt32.exe).
3. Open the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Zones subkey.
4. Click the specified zone name in the left pane, and then click Delete.
5. Click the secondary zone file specified in the error message.
6. Verify that the MasterServers entry has an IP address assigned to it. The value of this entry is in hexadecimal format. For example: 01 00 00 00 9d 39 79 57. You can convert the last four sets of numbers in the hexadecimal value to a decimal value to obtain the IP address entered in the IP Masters list.

Related:

The DNS server failed to initialize WINSR reverse lookup, through NetBIOS adapter status lookup. The server will continue to run but will not attempt to perform WINS reverse lookups. This may be due to an incorrect configuration. If WINSR lookup is not required, remove WINSR records from zone data files and reload modified zones or restart the DNS server. If the DNS server should support WINSR reverse lookup, restart the server computer and verify that the WINS/NetBT configuration for TCP/IP client properties on the computer are correctly set.

Details
Product: Windows Operating System
Event ID: 131
Source: DNS
Version: 5.0
Symbolic Name: DNS_EVENT_NBSTAT_INIT_FAILED
Message: The DNS server failed to initialize WINSR reverse lookup, through NetBIOS adapter status lookup. The server will continue to run but will not attempt to perform WINS reverse lookups. This may be due to an incorrect configuration. If WINSR lookup is not required, remove WINSR records from zone data files and reload modified zones or restart the DNS server. If the DNS server should support WINSR reverse lookup, restart the server computer and verify that the WINS/NetBT configuration for TCP/IP client properties on the computer are correctly set.
   
User Action

To check the NetBIOS over TCP/IP configuration:

1. Open Control Panel, and then double-click Network and Dial-up Connections.
2. Right-click the network connection, and then click Properties.
3. Click Internet Protocol (TCP/IP), and then click Properties.
4. Click Advanced, and then the WINS tab.
5. Verify that the IP addresses for both the primary and secondary WINS servers are correct, and that the Enable NetBIOS over TCP/IP radio button is selected.
6. Click OK.

If you continue to receive this message, verify that the WINS reverse lookup record has been configured correctly by using DNS Manager or by opening the appropriate XXX.XXX.in-addr.arpa database file located in the Systemroot/System32/Dns folder. You can edit this database file using Notepad, but you must stop DNS first.

Related:

The DNS server encountered a “forwarders” directive in with no forwarding addresses in file %1 at line %2. Although the DNS server will continue running it will not be able to forward unresolved queries to the forwarders. To correct the problem, in the DNS console select the server in the console tree, then from the Action menu, click Properties and click the Forwarders tab. Add IP addresses for forwarders. For more information, see “Using forwarders” in the online Help.

Details
Product: Windows Operating System
Event ID: 1203
Source: DNS
Version: 5.0
Symbolic Name: DNS_EVENT_NO_FORWARDING_ADDRESSES
Message: The DNS server encountered a “forwarders” directive in with no forwarding addresses in file %1 at line %2. Although the DNS server will continue running it will not be able to forward unresolved queries to the forwarders. To correct the problem, in the DNS console select the server in the console tree, then from the Action menu, click Properties and click the Forwarders tab. Add IP addresses for forwarders. For more information, see “Using forwarders” in the online Help.
   
Explanation

If you are using a boot file to boot the DNS server and plan to use forwarders to resolve queries outside your domain, the names and IP addresses of the forwarders must be defined in the boot file. If you are using DNS Manager to resolve queries outside your domain, the names and IP addresses of the forwarders must be defined in the DNS Server Properties dialog box.

   
User Action

Edit the boot file that contains the name and the IP addresses of the forwarders:

1. In Windows Explorer, go to the Systemroot\System32\Dns folder.
2. Double-click the boot file, and then select Notepad to open it.
3. Scroll down to the Forwarders command line.
4. Enter the IP addresses of the DNS servers that are used to resolve queries outside your domain. You can include more than one server on the line. For example:

forwarders 192.249.249.1 192.249.249.2

If you decide not to use forwarders, you must disable the Forwarder command in the boot file. For example:

;forwarders 192.249.249.1 192.249.249.2

To edit the forwarders using DNS Manager:

1. In DNS Manager, right-click the specified server name.
2. Click Properties, and then click the Forwarders tab.
3. Type the IP addresses of the forwarders.

Related:

The DNS server encountered a packet addressed to itself on IP address %1. The packet is for the DNS name “%2”. The packet will be discarded. This condition usually indicates a configuration error. Check the following areas for possible self-send configuration errors: 1) Forwarders list. (DNS servers should not forward to themselves). 2) Master lists of secondary zones. 3) Notify lists of primary zones. 4) Delegations of subzones. Must not contain NS record for this DNS server unless subzone is also on this server. 5) Root hints. Example of self-delegation: -> This DNS server dns1.example.microsoft.com is the primary for the zone example.microsoft.com. -> The example.microsoft.com zone contains a delegation of bar.example.microsoft.com to dns1.example.microsoft.com, (bar.example.microsoft.com NS dns1.example.microsoft.com) -> BUT the bar.example.microsoft.com zone is NOT on this server. Note, you should make this delegation check (with nslookup or DNS manager) both on this DNS server and on the server(s) you delegated the subzone to. It is possible that the delegation was done correctly, but that the primary DNS for the subzone, has any incorrect NS record pointing back at this server. If this incorrect NS record is cached at this server, then the self-send could result. If found, the subzone DNS server admin should remove the offending NS record. You can use the DNS server debug logging facility to track down the cause of this problem.

Details
Product: Windows Operating System
Event ID: 7062
Source: DNS
Version: 5.2
Symbolic Name: DNS_EVENT_SELF_SEND
Message: The DNS server encountered a packet addressed to itself on IP address %1. The packet is for the DNS name “%2”. The packet will be discarded. This condition usually indicates a configuration error. Check the following areas for possible self-send configuration errors: 1) Forwarders list. (DNS servers should not forward to themselves). 2) Master lists of secondary zones. 3) Notify lists of primary zones. 4) Delegations of subzones. Must not contain NS record for this DNS server unless subzone is also on this server. 5) Root hints. Example of self-delegation: -> This DNS server dns1.example.microsoft.com is the primary for the zone example.microsoft.com. -> The example.microsoft.com zone contains a delegation of bar.example.microsoft.com to dns1.example.microsoft.com, (bar.example.microsoft.com NS dns1.example.microsoft.com) -> BUT the bar.example.microsoft.com zone is NOT on this server. Note, you should make this delegation check (with nslookup or DNS manager) both on this DNS server and on the server(s) you delegated the subzone to. It is possible that the delegation was done correctly, but that the primary DNS for the subzone, has any incorrect NS record pointing back at this server. If this incorrect NS record is cached at this server, then the self-send could result. If found, the subzone DNS server admin should remove the offending NS record. You can use the DNS server debug logging facility to track down the cause of this problem.
   
Explanation
For additional troubleshooting information, see articles #235689 and #218814 in the Microsoft Knowledge Base.
   
User Action
b>To select and enable debug logging options on the DNS server

  1. Open DNS.
  2. In the console tree, right-click the applicable DNS server, then click Properties.
  3. Click the Debug Logging tab.
  4. Select Log packets for debugging, and then select the events that you want the DNS server to record for debug logging.

Related: