Event ID: 3000

[Dave Onex]

Hi Folks;

I have 3 internal Windows 2000 DNS Servers and they are all correctly
configured.
I know, you've heard that before but try to believe it

Two of them are domain controllers and have no issues. The 3rd is a
secondary to the primary domain controller. It can accept transfers from
both domain controllers.

Every once in a while that one machine coughs up a Event ID: 3000 error;

The DNS server is logging numerous run-time events. For information about
these events, see previous DNS Server event log entries. To prevent the DNS
Server from clogging server logs, further logging of this event and other
events with higher Event IDs will now be suppressed.

It's the only server that reports this warning. The other servers have clean
logs. DNS works perfectly and I'd be really surprised if a person could find
anything wrong with it.

Does anyone know what that error actually means and how to get rid of it?
It's one of the last errors in any of the even logs on all of my servers

Best & Thanks;
Dave

 

[Ace Fekay [MCT]]

Hi Folks;

I have 3 internal Windows 2000 DNS Servers and they are all correctly
configured.
I know, you've heard that before but try to believe it

Two of them are domain controllers and have no issues. The 3rd is a
secondary to the primary domain controller. It can accept transfers from
both domain controllers.

Every once in a while that one machine coughs up a Event ID: 3000 error;

The DNS server is logging numerous run-time events. For information about
these events, see previous DNS Server event log entries. To prevent the
DNS
Server from clogging server logs, further logging of this event and other
events with higher Event IDs will now be suppressed.

It's the only server that reports this warning. The other servers have
clean
logs. DNS works perfectly and I'd be really surprised if a person could
find
anything wrong with it.

Does anyone know what that error actually means and how to get rid of it?
It's one of the last errors in any of the even logs on all of my servers


Best & Thanks;
Dave

Dave,

Please post an ipconfig /all of all three. Let us evaluate your DCs' configs
for any issues.

No such thing as a "secondary" domain controller. They are all replicas.
Some DCs hold certain roles than others, but that's the only difference.
Unless you mean there's a Secondary Zone on it pulling DNS zone transfers
from one of the other DCs? If so, what zone is that?

Are all DCs in one AD Site or location?

EventID 3000 can mean a number of things.
http://eventid.net/display.asp?eventid=3000&eventno=297&source=DNS&phase=1

To help diagnose the EventID 3000 issue will require configuration
information, an elaborate description of the AD zone on each DC, whether
they are AD integrated, what replication scope each DC thinks the zone is in
(look at the zone properties), or if truly a Secondary Zone exists on that
one DC and the others are AD Integrated. If the latter is the issue, I can
see why you are seeing 3000s in the logs.

Are there any other errors in any other Event logs, such as the NTFRS, app,
system or any other logs?

Have you ran the following lately? If not, please do so and post any fails
or errors.
dcdiag /v /fx > c:\dcdiag.txt
netdiag /v /fix > c:\netdiag.txt
replmon /showreps


--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Please reply back to the newsgroup or forum for collaboration benefit among
responding engineers, and to help others benefit from your resolution.

Ace Fekay, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA
2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer

For urgent issues, please contact Microsoft PSS directly. Please check
http://support.microsoft.com for regional support phone numbers.

 

[Dave Onex]

Hi Ace!

All DNS servers/DC's are all on the same network in the same location on the
same subnet.
They're actually all sitting on top of each other in a rack

Here's an overview;

Backup is what I consider the PDC. It's AD integrated on the first zone
because it's a DC
There are 3 zones, and they are all primary.

NS1 is also a DC so it has an AD integrated root zone
It also has 2 other zones - these are Secondary (Backup is primary for
those).

Neither of these machines has any issues.

The third machine is Mail. It's a secondary for all 3 zones and can accept
transfers from either of the DC's.

Here's a complete breakdown on the Servers.

=========================================
This is the first DC - all zones are Primaries and it's AD integrated
=========================================

Machine = Backup (.70)
Role = Domain Controller
O/S = Windows 2000

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : backup
Primary DNS Suffix . . . . . . . : askmarvin.ca
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : askmarvin.ca

Ethernet adapter NIC Team:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP Network Team #1
Physical Address. . . . . . . . . : 00-08-02-54-DA-77
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.70
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.25
DNS Servers . . . . . . . . . . . : 192.168.1.70
192.168.1.50
Primary WINS Server . . . . . . . : 192.168.1.70

=========================================
This is the Second DC - the root domain is Primary and it's AD integrated
The 2 other zones are secondary - they pull from the Master (above)
=========================================

Machine = NS1 (.50)
Role = Domain Controller
O/S = Windows 2000

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : ns1
Primary DNS Suffix . . . . . . . : askmarvin.ca
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : askmarvin.ca

Ethernet adapter Team 1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : BASP Virtual Adapter
Physical Address. . . . . . . . . : 00-06-5B-F7-25-56
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.54
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 192.168.1.53
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 192.168.1.50
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.25
DNS Servers . . . . . . . . . . . : 192.168.1.50
192.168.1.70
Primary WINS Server . . . . . . . : 192.168.1.70

=========================================
Note:
None of the Domain Controllers have any errors in their event logs
They are as happy as clams
=========================================

Machine = MAIL (.60)
Role = Mail Server & Secondary DNS Server
O/S = Windows 2000

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : mail
Primary DNS Suffix . . . . . . . : askmarvin.ca
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : askmarvin.ca

Ethernet adapter NIC Team:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP Network Team #1
Physical Address. . . . . . . . . : 00-0E-7F-B4-77-81
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.60
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.25
DNS Servers . . . . . . . . . . . : 192.168.1.60
Primary WINS Server . . . . . . . : 192.168.1.70
=========================================
Note:
This is the machine that randomly reports the error.
It's entirely configured as a secondary and can accept zone
transfers from either of the two DC's. Error below;

The DNS server is logging numerous run-time events. For information about
these events, see previous DNS Server event log entries. To prevent the
DNS Server from clogging server logs, further logging of this event and
other
events with higher Event IDs will now be suppressed.
=========================================

Best & Thanks;
Marvin

 

[J de Boyne Pollard]

DO> I know, you've heard that before but try to believe it

Indeed, we've heard it before. And from what you describe whilst the
configuration may be _correct_, for some limited definition of the
concept, it is still _poor_. You are mixing and matching two quite
different forms of DNS database replication in a single zone, for
starters.

<URL:http://homepage.ntlworld.com./jonathan.deboynepollard/FGA/dns-soa-
field-semantics.html#Replication>

As M. Fekay says, that's a source of log messages in itself, for
starters. It's also a poor idea. You already have Active Directory
replicating the DNS data around. Don't mix in a second different
replication mechanism. Use the one that you already have in place.

DO> The DNS server is logging numerous run-time events. For
information
DO> about these events, see previous DNS Server event log entries.

The message _is_ pretty self-explanatory. It says see the previous
log entries. So see the previous log entries. Yes, there _will be_
previous log entries, even though you say this:

DO> The other servers have clean logs. [...]
DO> It's one of the last errors in any of the even logs on all of my
servers.

Now _turn logging fully on_ and read all of the logs, so that you see
the previous log messages that are leading up to that DNS-3000
message. (-:

 

[Ace Fekay [MCT]]

Hi Ace!

All DNS servers/DC's are all on the same network in the same location on
the same subnet.
They're actually all sitting on top of each other in a rack

Here's an overview;

Backup is what I consider the PDC. It's AD integrated on the first zone
because it's a DC
There are 3 zones, and they are all primary.

NS1 is also a DC so it has an AD integrated root zone
It also has 2 other zones - these are Secondary (Backup is primary for
those).

Neither of these machines has any issues.

The third machine is Mail. It's a secondary for all 3 zones and can accept
transfers from either of the DC's.

Here's a complete breakdown on the Servers.

=========================================
This is the first DC - all zones are Primaries and it's AD integrated
=========================================

Machine = Backup (.70)
Role = Domain Controller
O/S = Windows 2000

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : backup
Primary DNS Suffix . . . . . . . : askmarvin.ca
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : askmarvin.ca

Ethernet adapter NIC Team:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP Network Team #1
Physical Address. . . . . . . . . : 00-08-02-54-DA-77
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.70
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.25
DNS Servers . . . . . . . . . . . : 192.168.1.70
192.168.1.50
Primary WINS Server . . . . . . . : 192.168.1.70

=========================================
This is the Second DC - the root domain is Primary and it's AD integrated
The 2 other zones are secondary - they pull from the Master (above)
=========================================

Machine = NS1 (.50)
Role = Domain Controller
O/S = Windows 2000

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : ns1
Primary DNS Suffix . . . . . . . : askmarvin.ca
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : askmarvin.ca

Ethernet adapter Team 1:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : BASP Virtual Adapter
Physical Address. . . . . . . . . : 00-06-5B-F7-25-56
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.54
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 192.168.1.53
Subnet Mask . . . . . . . . . . . : 255.255.255.0
IP Address. . . . . . . . . . . . : 192.168.1.50
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.25
DNS Servers . . . . . . . . . . . : 192.168.1.50
192.168.1.70
Primary WINS Server . . . . . . . : 192.168.1.70

=========================================
Note:
None of the Domain Controllers have any errors in their event logs
They are as happy as clams
=========================================

Machine = MAIL (.60)
Role = Mail Server & Secondary DNS Server
O/S = Windows 2000

Windows 2000 IP Configuration

Host Name . . . . . . . . . . . . : mail
Primary DNS Suffix . . . . . . . : askmarvin.ca
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : askmarvin.ca

Ethernet adapter NIC Team:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP Network Team #1
Physical Address. . . . . . . . . : 00-0E-7F-B4-77-81
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.1.60
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.25
DNS Servers . . . . . . . . . . . : 192.168.1.60
Primary WINS Server . . . . . . . : 192.168.1.70
=========================================
Note:
This is the machine that randomly reports the error.
It's entirely configured as a secondary and can accept zone
transfers from either of the two DC's. Error below;

The DNS server is logging numerous run-time events. For information about
these events, see previous DNS Server event log entries. To prevent the
DNS Server from clogging server logs, further logging of this event and
other
events with higher Event IDs will now be suppressed.
=========================================

Best & Thanks;
Marvin

Marvin,

Thank you for posting the info.

The problem is the multiple IPs on the DC. Why all of those IPs? It causes
havoc with DNS registration as well as DC/AD functionality and
communication. If you REALLY need to have all of those IPs on a DC (I've
never seen a DC with such a configuration), please read the following for
more info as to how DCs work, DNS registrations, effects of such a config
and options to fix it.

Multihomed DCs with DNS, RRAS, multiple IPs, and/or PPPoE adapters
http://msmvps.com/blogs/acefekay/ar...-dcs-with-dns-rras-and-or-pppoe-adapters.aspx


Ace

 

[Dave Onex]

Hi Ace;

Thanks for taking a look at the DNS configuration.

The reason the second DC has 3 IP's bound to it is because it's doing duty
as a web server. In fact, that machine never was a DC until I did some
upgrades to the network recently that required it to be upgraded.

The thing is, there's no errors between the two DC's. The errors are only
appearing (randomly) about once or twice a day on the mail server. That's
the one that's a secondary and it pulls it's zone information from the DC
with only one IP bound to it.

I enabled DNS logging on the mail server (the one that reports the error) so
that I could hopefully see what's going on more clearly. The problem is that
the error event occurs so rarely that the DNS log file has usually turned
over by the time I see the event entry and by then the information is gone
:-(

I could remove the extra two IP's from the other server as a temporary test
but I kind of doubt it's going to change anything. The two domain
controllers are happy as clams and report no errors with each other.

A more proper solution would be to add more machines and re-design the
network a bit but that's not likely to happen any time soon. It might be a
case of having to live with one error in the event logs on one machine
The thing is, I wish I knew exactly what was causing the error to be
reported.

Best & thanks!

 

[Ace Fekay [MCT]]

Hi Ace;

Thanks for taking a look at the DNS configuration.

The reason the second DC has 3 IP's bound to it is because it's doing duty
as a web server. In fact, that machine never was a DC until I did some
upgrades to the network recently that required it to be upgraded.

The thing is, there's no errors between the two DC's. The errors are only
appearing (randomly) about once or twice a day on the mail server. That's
the one that's a secondary and it pulls it's zone information from the DC
with only one IP bound to it.

I enabled DNS logging on the mail server (the one that reports the error)
so that I could hopefully see what's going on more clearly. The problem is
that the error event occurs so rarely that the DNS log file has usually
turned over by the time I see the event entry and by then the information
is gone :-(

I could remove the extra two IP's from the other server as a temporary
test but I kind of doubt it's going to change anything. The two domain
controllers are happy as clams and report no errors with each other.

A more proper solution would be to add more machines and re-design the
network a bit but that's not likely to happen any time soon. It might be a
case of having to live with one error in the event logs on one machine
The thing is, I wish I knew exactly what was causing the error to be
reported.

Best & thanks!

Hi Dave,

It sounds like you already know the solution. Either move the web server to
a non-DC, demote the web server, or make a boat load of registry changes to
fix it. I hope you've found my blog informational on the implications and
why this current configuration causes problems.

Ace

 

[Dave Onex]

Hi Ace;

Adding more machines and changing the network around (once more) would be
the perfect solution.
I did read your article on multi-homed domain controllers but it's not
really specific to my situation as I'm not using an external IP or my ISP
DNS servers etc. In my case there is no 'external' adapter or network in
that DC.

I agree that it would be foolish to have my ISP's DNS servers on any of
machines. In my case, each machine that DNS is running on points only to
itself for DNS resolution. The DNS on each machine is then set to use a
forwarder, in this case my firewall machine, in the event that it's not able
to resolve the request locally. Thus, any 'internal' requests are handled
internally and any 'external' requests go over to the firewall for
processing. If the DNS on the firewall can't service the request (because
it's not cached) then the DNS on the firewall is configured to then go
looking for the answer on my ISP's DNS servers. On so on up the chain.

The article you reference is really, really good but I think it's more
geared towards someone truly running a multi-homed NIC - ie, one that is
bound top two different networks. In my case the DC in question has 3 IP's -
but they are bound to the same network, so I think it's a little different
in that respect.

Eiether way, I'm in agreement that the real solution would be a small
re-design of the network. The best thing would be two dedicated DNS servers
and get both AD & DNS off the web server Separate everything onto
separate machines as it's supposed to be.

Still, I don't why the mail server reports this one error every once in a
while.

J de Boyne Pollard;

I read the link you posted and it was also excellent. You also brought up
some good points that caused me to re-think how my DNS is set up. I think it
could be improved

You mentioned;

"DO> The DNS server is logging numerous run-time events. For
information
DO> about these events, see previous DNS Server event log entries.

The message _is_ pretty self-explanatory. It says see the previous
log entries. So see the previous log entries. Yes, there _will be_
previous log entries, even though you say this:

DO> The other servers have clean logs. [...]
DO> It's one of the last errors in any of the even logs on all of my
servers.

Now _turn logging fully on_ and read all of the logs, so that you see
the previous log messages that are leading up to that DNS-3000
message. (-: "

The previous entries are nothing but informational notifications about zone
transfers. Nothing about them really seems to give me any direction as far
as that goes. I did turn on DNS logging but the problem is that the error is
so intermittant that the DNS log has always been wrapped by the time I
notice an error :-(

Nevertheless, you reply did get me thinking about my DNS implementation.
While it's working well (except for the one intermittent error), I can see
that there is going to be a better way to skin the cat

Best & Thanks!
Dave

 

[Dave Onex]

BTW, I just wanted to thank you both for your help with this issue!

Hearing both your thoughts on the matter and looking up those articles you
guys wrote put in the right head space to understand that I could implement
my DNS a little differently. In fact, in the brief time that I've had to
think about it I've already come up with several different ways of
restructuring my DNS setup.

Thanks guys! You got me thinking the right way

Best!
Dave

 

[Ace Fekay [MCT]]

Hi Ace;

Adding more machines and changing the network around (once more) would be
the perfect solution.
I did read your article on multi-homed domain controllers but it's not
really specific to my situation as I'm not using an external IP or my ISP
DNS servers etc. In my case there is no 'external' adapter or network in
that DC.

I agree that it would be foolish to have my ISP's DNS servers on any of
machines. In my case, each machine that DNS is running on points only to
itself for DNS resolution. The DNS on each machine is then set to use a
forwarder, in this case my firewall machine, in the event that it's not
able to resolve the request locally. Thus, any 'internal' requests are
handled internally and any 'external' requests go over to the firewall for
processing. If the DNS on the firewall can't service the request (because
it's not cached) then the DNS on the firewall is configured to then go
looking for the answer on my ISP's DNS servers. On so on up the chain.

The article you reference is really, really good but I think it's more
geared towards someone truly running a multi-homed NIC - ie, one that is
bound top two different networks. In my case the DC in question has 3
IP's - but they are bound to the same network, so I think it's a little
different in that respect.

Eiether way, I'm in agreement that the real solution would be a small
re-design of the network. The best thing would be two dedicated DNS
servers and get both AD & DNS off the web server Separate everything
onto separate machines as it's supposed to be.

Still, I don't why the mail server reports this one error every once in a
while.

J de Boyne Pollard;

I read the link you posted and it was also excellent. You also brought up
some good points that caused me to re-think how my DNS is set up. I think
it could be improved

You mentioned;

"DO> The DNS server is logging numerous run-time events. For
information
DO> about these events, see previous DNS Server event log entries.

The message _is_ pretty self-explanatory. It says see the previous
log entries. So see the previous log entries. Yes, there _will be_
previous log entries, even though you say this:

DO> The other servers have clean logs. [...]
DO> It's one of the last errors in any of the even logs on all of my
servers.

Now _turn logging fully on_ and read all of the logs, so that you see
the previous log messages that are leading up to that DNS-3000
message. (-: "

The previous entries are nothing but informational notifications about
zone transfers. Nothing about them really seems to give me any direction
as far as that goes. I did turn on DNS logging but the problem is that the
error is so intermittant that the DNS log has always been wrapped by the
time I notice an error :-(

Nevertheless, you reply did get me thinking about my DNS implementation.
While it's working well (except for the one intermittent error), I can see
that there is going to be a better way to skin the cat

Best & Thanks!
Dave

Multihoming also includes a DC with multiple IPs. It's because of the
additional DNS entries it creates. It falls under the same category as
multiple NICs and/or installing RRAS on a DC. The part about using an ISP's
DNS is only in the beginning of the blog, it goes on regarding DNS and
registration issues. Sorry it was a long blog to read, but I tried to
address everything regarding this type of configuration.

I hope things work out with your solution.

Cheers!

Ace

Ace