A rejected error occurs when a DNS host (A) or alias (CNAME) record is manually added in DNS Manager

Problem phenomenon:

AD The domain controller operating system is WIN2008R2, and a rejected error occurs when a DNS host (A) or alias (CNAME) record is manually added in DNS Manager. However, after you join the client to the domain, you can see the DNS host (A) record for the corresponding client in DNS Manager.

In the system log, you can find the error log with ID 4015:

Event Type: Error

Event Source: DNS

Event Type: None

Event id:4015

Date: 2016/4/1

Event: 1:06:53

User: N/A

Computer: HIS_SERVER.biph.ac.cn

Describe:

DNS the server encountered a critical error from Active Directory. Check to see if Active directory is working correctly. Extended Error Debug information (possibly empty) is "0000051b:atrerr:dsid-030f1f8d, #1:0: 0000051b:dsid-030f1f8d, Problem 1005 (Constraint_att_type), D ATA 0, Att 20119 (ntSecurityDescriptor) ". The event data contains this error.

For more information, see the Help and Support Center in http://go.microsoft.com/fwlink/events.asp.

Data:

0000:1300 00 00

Workaround:

There is less analysis of this problem on the Internet, especially the Chinese information. The answer to this question in most English-language materials is as follows:

1.Open gpmc,select "Default Domain Controller Policy" and choose Edit.

2.Under computerconfiguration, expand Windows settings\security Settings\Local Policies\User rightsassignment

3.Locate "Manage Auditing and security log" and add Administrators

4.Restart the DNSServer Service

5.Then eitherwait At least 5 minutes, or Open a CMD prompt, run Gpupdate/force, or justrestart the server

6.Try to createthe Record again

However, after testing, the above method is invalid.

After consulting Han Ligang, use the following methods to successfully solve this problem:

Open DNS Manager, connect to the AD domain control server, click Mail on the domain name, and select Properties. Open the General tab and you can see that the current DNS type is Active Directory integrated zone. Click the "Change" button in the following dialog box in the "Storage zone in Active Directory (only available when the DNS server is a domain controller)" Check the "OK" button to return to "DNS Manager" two times.

650) this.width=650; "src=" Http://s2.51cto.com/wyfs02/M01/7E/83/wKiom1cDIBjjEv6qAAHrQm_j8NA681.png "title=" Untitled. png "alt=" Wkiom1cdibjjev6qaahrqm_j8na681.png "/>

At this point, when you manually add a DNS host (A) or alias (CNAME) record in DNS Manager, you will see that the operation succeeds.

After that, the "Storage zone in Active Directory (only available when the DNS server is a domain controller)" In the dialog box above is checked and OK.

This article from "Han Li just" blog, reproduced please contact the author!

A rejected error occurs when a DNS host (A) or alias (CNAME) record is manually added in DNS Manager