Check DNS event log

Updated: November 4, 2009

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

You can use the following procedure to check for errors in the Domain Name System (DNS) event long for troubleshooting or monitoring purposes.

Administrative credentials

To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using the Run as command to perform this procedure.

Checking the DNS event log

To check the DNS event log

1. Open the DNS console.

2. In the console tree, open Event Viewer and then click DNS Events.

3. Review the list of events that is displayed. The following table provides examples some critical DNS events and procedures you can use to resolve them.

   Event ID	Description
   140	The DNS server could not initialize the Remote Procedure Call (RPC) service. If it is not running, start the RPC service or reboot the computer. For specific error code, see the Record Data page on the Event Viewer. In order for DNS to run, the Remote Procedure Call (RPC) service must be running on the DNS server. Verify that the Remote Procedure Call (RPC) service has been started. Open Administrative Tools, and double-click Services. If the service has been started, try restarting the server. If the error continues, remove and reinstall the Client for Microsoft Networks service on the network connection. This will reinstall the Netlogon and RPC locator services.
   403	The DNS server could not create a Transmission Control Protocol (TCP) socket. Restart the DNS server or reboot the computer. For the specific error code, see the Record Data page. The Wsock32.dll might be incompatible with a third-party TCP/IP stack. This problem can also occur if the TCP/IP protocol is not bound to the network adapter. If you are using a third-party TCP/IP protocol, verify that the protocol is compatible with the Wsock32.dll. Check the bindings of the protocol stack. It is a good idea to have TCP/IP bound at the top of the stack. If the error continues, remove and reinstall the TCP/IP protocol, and then try again. Open Control Panel, and then double-click Network and Dial-up Connections. Right-click the connection, and then click Properties. Verify that the bindings for all protocols to network adapters are enabled and that no broken connections exist in the stack.
   407	DNS server could not bind the main datagram socket. The data is the error. This error can occur if there is a mismatch between the configured IP address in the Advanced IP Addressing dialog box and the addresses listed in the Server Properties dialog box for the DNS server. This problem can also occur if the TCP/IP protocol is not bound to the network adapter. Verify that the TCP/IP addresses configured in the Advanced IP Addressing dialog box match those configured in the Server Properties dialog box in DNS Manager: Open Control Panel, and double-click Network. Click the Protocols tab, and click TCP/IP Protocol in the Network Protocols list. Click Properties, and then click Advanced. Match the IP addresses to those displayed in the DNS server Properties dialog box: In DNS Manager, right-click the DNS server name, and then click Properties. Compare the IP addresses with those from the Advanced IP Addressing dialog box. If there are no IP addresses configured in the Advanced IP Addressing dialog box or on the Interfaces tab of the Server Properties dialog box, enter the IP address of your network adapter. Use the ipconfig -all command to obtain your IP address. Check the binding of the TCP/IP protocol to the network adapter: Open Control Panel, and double-click Network. Click the Bindings tab. Verify that the bindings for all protocols to network adapters are enabled and that no broken connections exist in the stack.
   408	DNS server could not open socket for address [IP address of server]. The DNS server could not open a socket with the current TCP/IP and DNS service configurations. Verify that this is a valid IP address on this computer. If the IP is not valid: Use the Interfaces dialog under Server Properties in the DNS Manager to remove it from the list of IP interfaces. Stop and restart the DNS server. (If this was the only IP interface on this computer, the DNS server may not have started as a result of this error. In that case, remove the DNS\Parameters\ListenAddress value in the services section of the registry and restart.) If the IP is valid: Verify that no other application (for example, another DNS server) is running that would attempt to use the DNS port.
   4000, 4004, 4007, 4014, 4015	The DNS Server service relies on Active Directory to store and retrieve information for Active Directory–integrated zones. This error indicates that Active Directory is not responding to requests from the DNS Server service. Ensure that Active Directory is functioning properly, troubleshoot any problems, and then restart the DNS Server service. For information about troubleshooting Active Directory, see Active Directory Troubleshooting Topics (https://go.microsoft.com/fwlink/?LinkId=95789). To restart the DNS Server service: Open the Services console. To open Services, click Start, click Control Panel, double-click Administrative Tools, and then click Services. Right-click DNS Server, and then click Restart. If the problem continues, restart the computer, and then use the Services console to verify that the DNS Server service has started.
   4001	The DNS Server service relies on Active Directory to store and retrieve information for Active Directory–integrated zones. This error indicates that Active Directory is not responding to requests from the DNS Server service. Ensure that Active Directory is functioning properly, troubleshoot any problems, and then reload the zone. For information about troubleshooting Active Directory, see Active Directory Troubleshooting Topics (https://go.microsoft.com/fwlink/?LinkId=95789). To reload a zone: Open the DNS console. In the console tree, right-click the applicable zone, and then click Reload.
   4016	The DNS Server service relies on Active Directory to store and retrieve information for Active Directory–integrated zones. This error indicates that Active Directory is not responding to requests from the DNS Server service. Ensure that Active Directory is functioning properly, troubleshoot any problems, and then retry the operation that failed. For information about troubleshooting Active Directory, see Active Directory Troubleshooting Topics (https://go.microsoft.com/fwlink/?LinkId=95789). Add a zone If the event message indicates that an attempt to add a zone failed, you must create the zone after resolving any problems with Active Directory. To add a zone: Open the DNS console. In the console tree, expand the DNS server, right-click the zone folder for the type of zone that you want to add, and then click New Zone to open the New Zone Wizard. Follow the instructions in the wizard to create the zone. Delete a zone If the event message indicates that an attempt to remove a zone failed, you must delete the zone after resolving any problems with Active Directory. To delete a zone: Open the DNS console. In the console tree, expand the DNS server, right-click the zone folder for the type of zone that you want to delete. Right-click the zone, and then click Delete.