Fixing DNS Event ID: 4000 and 4007 “The DNS server was unable to open Active Directory” errors and Exchange ECP / The LDAP Server is unavailable

0
44
Dns 4000 1 E1523607683634 1

Recently we had “Patch Monday” – unusual since we usually patch on Fridays (in case something goes wrong we have weekend ahead), but this one time was good opportunity since there was some infrastructure work and we had planed downtime and we took the opportunity to patch.

Unfortunately something went very wrong. First after rebooting one of the Exchange servers I got following error:

Exchange ECP / The LDAP Server is unavailable

“Topology Provider couldn’t find the Microsoft Exchange Active Directory”

In logs event id 2142 MSExchangeADTopology was logged with error “Topology discovery failed”

At first I thought it was a bad patch, but soon after that still unpatched Exchange
reported errors.

Errors obviously point to AD. I looked at domain controller since it also was updated. Immediately after logging onto DC I was greeted with unpleasant surprise.

After opening DNS console “Access Denied” message appeared.

DNS was unreachable.

On DC following events were logged:

Microsoft-Windows-DNS-Server-Service Event ID 4000

The description for Event ID ( 4000 ) in Source ( Microsoft-Windows-DNS-Server-Service ) cannot be found. Either the component that raises this event is not installed on your local computer, or the installation is corrupted. You can install or repair the component on the local computer, or contact the component manufacturer for a newer version.

If the event was saved from another computer or forwarded from a remote computer, you might have to include display information with the events when saving them or when setting up the forwarding s

Microsoft-Windows-DNS-Server-Service Event ID 4007

The description for Event ID ( 4007 ) in Source ( Microsoft-Windows-DNS-Server-Service ) cannot be found. Either the component that raises this event is not installed on your local computer, or the installation is corrupted. You can install or repair the component on the local computer, or contact the component manufacturer for a newer version.

If the event was saved from another computer or forwarded from a remote computer, you might have to include display information with the events when saving them or when setting up the forwarding


According to Microsoft / https://support.microsoft.com/en-us/help/2751452/dns-zones-do-not-load–event-4000–4007 this happens in two cases:

This happens when that particular DC/DNS server has lost its Secure channel with itself or PDC.
This can also happen in a single DC environment where that DC/DNS server holds all the FSMO roles and is pointing to itself as Primary DNS server.

I’m still not sure why this happened in my case, but here are steps that resolved this problem for me

Stop KDC (Kerberos Key Distribution Center) Service in Service Console on DC that doesn’t work.


Run command prompt with elevated priviledges (as Administrator) and enter following command

netdom resetpwd /server:DC.domain.local /userd:Domain\domain_admin /passwordd:*

(change dc.domain.local with fqdn of your DC, and DOMAIN\domain_admin with your domain and admin account)


You will be prompted for the password. Enter domain admin password that you use for that account.

Once command is executed restart the server.

DNS zones after that worked for me and Exchange Servers were fine.

Previous articleDNS zones do not load, event 4000, 4007
Next articleUPDATE GUIDE FOR FIRMWARE IMM2 AND UEFI IN SERVER SYSTEM X3650 M5 / M4 / M3 / M2
Phuong Nguyen
Hi, Nguyen Van Phuong is the owner of the website viettechgroup.vn. I 've been working in the IT sector since 2008. With nearly 12 years experience in the fields of design development, Governance, operating system enterprise network infrastructure.. I'm now a senior Infrastructure Administrator for the Enterprise network. Achivements: IT Project management IT management System and Network IT Security and data protection. Plan and bugged for Infrastructure and Security Deployment system Server (HP, IBM, Lenovo, Dell..), Network (Cisco, Juniper, Enterasys,..), PABX system, Firewall (Cisco ASA 5525-x, Juniper SSG520,..) Network system administration and maintenance: +Management all network configure IT system: AD, DNS, DHCP, Cores switch, Access switch, Router, Firewall, etc. Design & implement IT system, project management and manage IT operation, I also have extensive experience of ERP System base SQL , HRM, etc. Vendor/external system integrator management: support other department in terms of technical specifications for cost optimize, business process efficiency, procurement spend compliance. Virtualization System Deployment on Microsoft Windows Server 2016 (Hyper-V) and VMware ( Vmware vSphere 5.5, 6.5,6.7 vCenter) Backup and restore management on Symantec backup products (Veritas Backup 16, 20, 20.1, 20.2 ), Veeam Backup & Replication 9.0, 9.5U1, 9.5U2 U3, U4

LEAVE A REPLY

Please enter your comment!
Please enter your name here