Event 4015 AD issue DNS/DHCP

Home Forums Microsoft Networking and Management Services DNS Event 4015 AD issue DNS/DHCP

Viewing 1 post (of 1 total)
  • Author
    Posts
  • Avatar
    Blood
    Member
    #167499

    Hi

    I’ve just posted this on Microsoft’s forums but am posting here as well in case anyone has had this issue and has resolved it.

    We have a 2008 functional level active drirectory running on two domain controllers – 2008 Standard and 2012 R2 Standard. DNS is active directory integrated and is installed on both DC’s. DHCP was installed on the 2008 DC, but was migrated over to the 2012 DC a few weeks ago as per the instructions here: http://www.brycematheson.io/how-to-migrate-dhcp-from-windows-server-2008-to-2012-2016/

    We have a mix of static IP’s and dynamic IP’s. DHCP lease length is set to 8 hours.

    After the migration I disabled the DHCP service on the 2008 server. A few hiccups occurred with mismatched DNS A and PTR records during thre next few days. After I cleaned those up I removed the DHCP role from the 2008 server.

    About a week ago I noticed that while domain joined computers’ DNS records were fine, guest devices running Android and Apple OS, all of which were being assigned dynamic addresses had two PTR records – one current and one stale.

    I deleted the stale records and did some research. I changed the DHCP IPv4 Advanced Properties so that conflict detection attempts was changed from 0 to 1, and created a dedicated AD account named DHCProtocol to use for DNS dynamic update registration credentials and set its password to never expire.

    I was looking at the DNS logs yesterday and noticed many 4015 events. Note that these events only occurr on the 2012 server which hosts the DHCP role:

    Log Name: DNS Server
    Source: Microsoft-Windows-DNS-Server-Service
    Date: 12/04/2018 13:14:04
    Event ID: 4015
    Task Category: None
    Level: Error
    Keywords: (131072)
    User: HTLINCSDHCProtocol
    Computer: Atlas.htlincs.local
    Description:
    The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The extended error debug information (which may be empty) is “0000051B: AtrErr: DSID-030F22B2, #1:
    0: 0000051B: DSID-030F22B2, problem 1005 (CONSTRAINT_ATT_TYPE), data 0, Att 20119 (nTSecurityDescriptor)”. The event data contains the error.

    There are other accounts listed with 4051, but these are machine-name$ accounts. The majority of the entries reference the user as DHCProtocol.

    More research led to this article: https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-c03366032. I restarted all our servers to install the lastest round of Windows Updates and hoped the restart might resolve the issue but the 4015 events continued to be logged.

    I set the diagnostic logging for Directory Access to 5 as per the hpe.com article. The next 4015 error (shown above) coincided with the following from the Directory Access log:

    Log Name: Directory Service
    Source: Microsoft-Windows-ActiveDirectory_DomainService
    Date: 12/04/2018 13:14:04
    Event ID: 1175
    Task Category: Directory Access
    Level: Information
    Keywords: Classic
    User: SYSTEM
    Computer: Atlas.htlincs.local
    Description:
    Internal event: A privileged operation (rights required = 0x) on object DC=152,DC=0.168.192.in-addr.arpa,cn=MicrosoftDNS,DC=ForestDnsZones,DC=htlincs,DC=local failed because a non-security related error occurred.

    Immediately followed by:

    Log Name: Directory Service
    Source: Microsoft-Windows-ActiveDirectory_DomainService
    Date: 12/04/2018 13:14:04
    Event ID: 1174
    Task Category: Directory Access
    Level: Information
    Keywords: Classic
    User: HTLINCSDHCProtocol
    Computer: Atlas.htlincs.local
    Description:
    Internal event: A privileged operation (rights required = 0x) was successfully performed on object DC=152,DC=0.168.192.in-addr.arpa,cn=MicrosoftDNS,DC=ForestDnsZones,DC=htlincs,DC=local.

    Having got this far, I am not sure how to proceed. Can anyone help me with this, or to understand what is happening please?

    Thanks.

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.