CRITICAL! Please help. Invalid Zone Error

[Guest]

Our main ADI zone in our DNS 'disappeared' from all 3 DCs. We were able to
add it back on to 2 of the DCs after a time but only as a secondary zone on 1
of the 3. An hour after this the two AD integrated zones disappeared and now
when we try to recreate the zone as Primary or ADI we get the error:

"The zone cannot be created. The zone type is invalid."

 

[Ace Fekay [MVP]]

In

Our main ADI zone in our DNS 'disappeared' from all 3 DCs. We were
able to add it back on to 2 of the DCs after a time but only as a
secondary zone on 1 of the 3. An hour after this the two AD
integrated zones disappeared and now when we try to recreate the zone
as Primary or ADI we get the error:

"The zone cannot be created. The zone type is invalid."

Is this a Windows 2000 AD infrastructure?

Sounds like you tried to create a zone, but it was already created, but you
may have tried to delete the zone on one of the DCs. If you delete an AD
Integrated zone on any one DC, you've essentially deleted the zone on ALL
DNS servers.

We'll need more info on your infrastructure to better assist and the exact
steps you did prior to the "disappearance".

If this is Windows 2003, it may be a conflict in AD zone replication scope
types.

--
Regards,
Ace

Please direct all replies ONLY to the Microsoft public newsgroups
so all can benefit.

This posting is provided "AS-IS" with no warranties or guarantees
and confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSE+I, MCT, MVP
Microsoft Windows MVP - Windows Server - Directory Services
Infinite Diversities in Infinite Combinations.
=================================

 

[Kevin D. Goodknecht Sr. [MVP]]

In

Our main ADI zone in our DNS 'disappeared' from all 3 DCs. We were
able to add it back on to 2 of the DCs after a time but only as a
secondary zone on 1 of the 3. An hour after this the two AD
integrated zones disappeared and now when we try to recreate the zone
as Primary or ADI we get the error:

"The zone cannot be created. The zone type is invalid."

This is why I advise people to only add AD integrated zones to one server
and let it replicate. On a set of replicating DCs you cannot mix AD
integrated zones on one DC with standard primary or Standard Secondary on
another DC in the same replication scope.

You will have to delete any esxisting AD zones from DNS and from
ADU&C>System>MicrosoftDNS contaner. Restart the DNS service on all DCs, if
the zone reappears as a secondary zone on any DC or a Primary on more than
one DC, delete the secondary and excess primary. you should start with one
Primary zone on one DC, point all DCs to it for DNS, change the zone to AD
integrated with dynamic updates allowed.

This zone will then replicate to all DCs, do not manually create a zone for
the same name on any other DNS server within the replication scope of this
zone. You can force a replication cycle or wait for the next replication
cycle.

 

[Guest]

OK sorry for the lack of info, pressure and freak out.

We ended up getting it resolved. Here's what happened in case anyone searches.

We had a DC (let's call it DC2) that got rebuilt last week. When we rebuilt
DC2 we configured it to create an ADI zone (that was already in existance on
DCs 1 & 3) and everything looked good. I was out of town last week but was
told that DC2 had exhibited weird anomolies, mainly that it had turned itself
into a secondary zone instead of an ADI zone. Thus leading up to the issue of
when you would try change it to an ADI zone you'd get the "The zone cannot be
changed. The zone type is invalid."

Well after a server reboot the zone, literally, disappeared from all 3 DCs.
Whenever we'd try to create it on any of the 3 we'd get the "The zone cannot
be created. The zone type is invalid." message.

We went into ADU&C/System/MicrosoftDNS and the domain.com zone was listed in
there even though it wasn't on the servers. We removed this zone in ADUC and
then were able to recreate the zone in ADI mode.

After all servers DNS zone properties were set back up we restarted the
netlogon service.

We suspect that the zone file was corrupt either before the rebuild of DC2
or got corrupted during one of the DCPROMOs (to first remove AD then add the
DC to the domain post re-build).

Hope this helps.

Les

 

[Ace Fekay [MVP]]

In

OK sorry for the lack of info, pressure and freak out.

We ended up getting it resolved. Here's what happened in case anyone
searches.

We had a DC (let's call it DC2) that got rebuilt last week. When we
rebuilt DC2 we configured it to create an ADI zone (that was already
in existance on DCs 1 & 3) and everything looked good. I was out of
town last week but was told that DC2 had exhibited weird anomolies,
mainly that it had turned itself into a secondary zone instead of an
ADI zone. Thus leading up to the issue of when you would try change
it to an ADI zone you'd get the "The zone cannot be changed. The zone
type is invalid."

Well after a server reboot the zone, literally, disappeared from all
3 DCs. Whenever we'd try to create it on any of the 3 we'd get the
"The zone cannot be created. The zone type is invalid." message.

We went into ADU&C/System/MicrosoftDNS and the domain.com zone was
listed in there even though it wasn't on the servers. We removed this
zone in ADUC and then were able to recreate the zone in ADI mode.

After all servers DNS zone properties were set back up we restarted
the netlogon service.

We suspect that the zone file was corrupt either before the rebuild
of DC2
or got corrupted during one of the DCPROMOs (to first remove AD then
add the DC to the domain post re-build).

Hope this helps.

Les

Thanks for posting back this info. Many other posters who find a way to fix
it usually never post back and leave us wondering if they are ok or if they
did, how did they do it.

One other tool I would like to mention for future issues (if it ever arises
again), is ADSI Edit. You can see the zone in that tool, including the
DomainDnsZones and ForestDnsZones app partitions.

Glad you got it fixed!
Cheers!

Ace