Event logging of DNS not working

[Paul D B]

Hi all,

I have two DC's which are both running DNS. One is a W2K server, the
other one a W2003-SP1 server.
Active Directory integrated.
Since a few months, there are no more entries in the DNS event logs of
neither server, except for 1 entry each time I restart the service
(event 2 - DNS server started).
On the W2K server, I don't see any option to enable/disable the logging.
But on the W2003 server, the DNS management console is slightly
different. There you can go into each DNS servers' properties and
there is a tab "Event logging". I see there that it is set to "No
events" to be logged. If I change it to another setting, e.g. "Errors
and Warnings" and I push Apply or OK, then nothing changes. The change
does not seem to be really executed. If I go into the properties of the
server back again, the Event Logging is again set to "No Events".

This seems like a bug in W2003 to me. I would like to work around it.
Is there another way (maybe a registry change) to set the DNS event
logging back on again?


TIA

 

[Kevin D. Goodknecht Sr. [MVP]]

Hi all,

I have two DC's which are both running DNS. One is a W2K server, the
other one a W2003-SP1 server.
Active Directory integrated.
Since a few months, there are no more entries in the DNS event logs of
neither server, except for 1 entry each time I restart the service
(event 2 - DNS server started).
On the W2K server, I don't see any option to enable/disable the
logging. But on the W2003 server, the DNS management console is
slightly different. There you can go into each DNS servers'
properties and there is a tab "Event logging". I see there that it
is set to "No events" to be logged. If I change it to another
setting, e.g. "Errors and Warnings" and I push Apply or OK, then
nothing changes. The change does not seem to be really executed. If
I go into the properties of the server back again, the Event Logging
is again set to "No Events".

This seems like a bug in W2003 to me. I would like to work around it.
Is there another way (maybe a registry change) to set the DNS event
logging back on again?

Why would you think it is a bug?
My DNS servers go for days or weeks without logging anything.
What do you think it should be logging that it isn't?

 

[Paul D B]

Why would you think it is a bug?
My DNS servers go for days or weeks without logging anything.
What do you think it should be logging that it isn't?

Because :
a) the servers were logging a few months ago (only basic logging but
nevertheless)
b) it is impossible to change the logging level of my servers through
the DNS properties. Do you find this normal behaviour?

Paul

 

[Ace Fekay [MVP]]

In

Because :
a) the servers were logging a few months ago (only basic logging but
nevertheless)
b) it is impossible to change the logging level of my servers through
the DNS properties. Do you find this normal behaviour?

Paul

I have my Win2003 DNS set to log "All Events". But the only ones I see are
when I restart the system telling me the DNS service has started. Unless
there are errors, you will not see anything. I think that's a good thing.

Also, be careful in which console you are administering which server. If you
are trying to administer a Win2000 DNS server from the Win2003 DNS server
console, even though the option is there, it's not compatible. Administer
each from their respective operating system. This holds true as well for
administering AD, Exchange, and a host of other products that are similar,
yet different under the hood.

--
Regards,
Ace

If this post is viewed at a non-Microsoft community website, and you were to
respond to it through that community's website, I may not see your reply.
Therefore, please direct all replies ONLY to the Microsoft public newsgroup
this thread originated in so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================

 

[Paul D B]

In

I have my Win2003 DNS set to log "All Events". But the only ones I
see are when I restart the system telling me the DNS service has
started. Unless there are errors, you will not see anything. I think
that's a good thing.

Also, be careful in which console you are administering which server.
If you are trying to administer a Win2000 DNS server from the Win2003
DNS server console, even though the option is there, it's not
compatible. Administer each from their respective operating system.
This holds true as well for administering AD, Exchange, and a host of
other products that are similar, yet different under the hood.

What's the use then of having an AD? Central management of your servers
is one of the key benefits.
I have a W2000 DC (which is the schema master) and a W2003 DC.
I believed that the AD schema was identical on both DC (through
replication).

What you say makes sense to me in one way: don't administer a W2003
server from a W2000 server. But the other way around, why not? If I
install adminpak then I can even administer them from my XP workstation.

 

[Ace Fekay [MVP]]

In

OK then I'll take your word for it <g>

Cool!

What's the use then of having an AD? Central management of your
servers is one of the key benefits.

In any upgrade scenario, there will be differences with the newer product.
In a mixed environment, until you fully move over to Win2003, you will need
to adminster different feature sets with their respective administration
consoles.

I have a W2000 DC (which is the schema master) and a W2003 DC.
I believed that the AD schema was identical on both DC (through
replication).

Yes, the adprep that you performed prior to adding the Win2003 to the domain
will have upgraded the Schema to Win2003. However, there are other parts
that are differentl such as the way replication works in Win2003. But in
Win2000 mode, Win2003 will follow Win2000's replication rules.

Also, keep in mind, you MUST make the Domain Name Master and the Schema
Master Win2003 in a mixed environment. Otherwise, some issues *may* occur
(such as AD Integrated replication scope issues, among other things). Matter
of fact, the server holding those roles should have been the one upgraded
first. If adding a new Win2003 DC, those roles should be moved over to it.

What you say makes sense to me in one way: don't administer a W2003
server from a W2000 server. But the other way around, why not? If I
install adminpak then I can even administer them from my XP
workstation.

A Win2003 admin pack won't run on Win2000, and will run on XP with at least
SP1 on it. Yes, you can administer Win2003 ADUC from the Win2000 ADUC. But
some of the Schema changes and attributes available under a user property
may not be available under Win2000's ADUC. I guess it's one way of making
sure you don't do anything wrong until you get rid of all the Win2000
servers.



Ace

 

[Paul D B]

Yes, the adprep that you performed prior to adding the Win2003 to the
domain will have upgraded the Schema to Win2003. However, there are
other parts that are differentl such as the way replication works in
Win2003. But in Win2000 mode, Win2003 will follow Win2000's
replication rules.
Also, keep in mind, you MUST make the Domain Name Master and the
Schema Master Win2003 in a mixed environment. Otherwise, some issues
*may* occur (such as AD Integrated replication scope issues, among
other things). Matter of fact, the server holding those roles should
have been the one upgraded first. If adding a new Win2003 DC, those
roles should be moved over to it.

Hi Ace,

No issues here so far, but I will consider making the W2003 DC the
Schema Master.
It is not a lot of work...

Thanks

 

[Ace Fekay [MVP]]

In

Hi Ace,

No issues here so far, but I will consider making the W2003 DC the
Schema Master.
It is not a lot of work...

Thanks

Hi Paul,

Actually, I would do more than consider it. If there is a Win2003 DC in a
mixed 2000/2003 domain, the Win2003 server must take on the Schema Master
and the Domain Name Master, and preferably all the roles actually, including
the GC. I would move everything over.

If you have more than one domain in your forest, then the Infrastructure
Master role cannot be on the GC.

Ace

 

[harnisda]

> Why would you think it is a bug?
> My DNS servers go for days or weeks without logging anything.
> What do you think it should be logging that it isn't?

When my DNS service starts, or I increment the SOA serial number, there is an entry written to the logfile stating that my "dns server successfully completed transfer of version xx of zone .... to the DNS server at 10.x.x.x". I know that these zone transfers are happening at other times, it would be nice if there was a setting to log this activity for informational purposes.