Symptoms
One of the DNS servers in your environment starts showing an issue that the zones aren’t loaded on the DNS console. And Event IDs 4000 and 4007 are logged in the DNS event logs:
Event ID 4000:
The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.
Event ID 4007:
The DNS server was unable to open zone <zone> in the Active Directory from the application directory partition <partition name>. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.
Also when you try to open the DNS console you get a pop-up giving Access Denied.
You notice that the DNS Server service is up and running.
When you try to perform any operation on the AD-integrated zones using DNSCMD, you receive the Access Denied error message.
Cause
• This issue happens when that particular DC/DNS server has lost its Secure channel with itself or PDC.
• This issue can also happen in a single DC environment where that DC/DNS server holds all the FSMO roles and is pointing to itself as Primary DNS server.
Resolution
Step 1 :- Kindly stop KDC (Kerberos Key Distribution Center) Service
Step 2 :- Run command prompt with elevated priviledges (as Administrator) and enter following command
netdom resetpwd /server:DC.domain.local /userd:Domain\domain_admin /passwordd:*
Step 3 :- It will prompt for the password of the Domain Admin account that you used, enter that.
Step 4 :- Once the command executes, reboot the server.
Thanks and Regards
Kiran Sawant
kiransawant 