DNS_ERROR_ZONE_LOCKED

Command failed: DNS_ERROR_ZONE_LOCKED 9607 (00002587)

The above error occurs when trying to reload a zone using dnscmd.
This means the dns zone didn't allow dynamic updates.

1. To enable Dynamic updates using dnscmd , follow the instructions cite at Allow Dynamic Updates
2. To enable dynamic updates using dns manager snapin, follow the instructions at Enable Scure and nonsecure updates on a zone

Failed to reload the zone

The Failed to reload the zone zone is locked for zone trasfer or update error occures when trying to update a zone on which dynamic updates is disable.
To enable dynamic updates on a zone, follow the instruction at Enable Updates on a zone.

AgeAllRecords Fails with DNS_ERROR_INVALID_ZONE_OPERATION

The dnscmd /AgeAllRecords command Fails with DNS_ERROR_INVALID _ZONE_OPERATION due to the following reasons.


1. Check the dns zone for which Aging/Scavenging feature is enabled as shown below (Assume the dns zone is "myrootdns.com")
















2. Check the Aging/Scavenging feature is enabled on root dns zone as shown below(Assume root dns server name is "dnsserver".

Connect to DNS server error

If you are unable to connect to dns server using DNSManager wizard. Then check the
following.
Assume your DNS server name is dnsserver.child.mydns.

1. First check, the dnsserver.child.mydns is pingable.
i.e run the command ping dnsserver.child.mydns on command prompt.
2. If ping fails then try pinging just the machine name without dns suffixes.
ping dnsserver
3. if step 2 fails, then check DNS server settings have DNS server pointing to DNS Server IP.



4. Check the DNS server has proper IP. i.e no 0.0.0.0 or auto ip 169.254.*.* ips

Unable to login with domain user account

If you see the error "domain is not available"
The following are possible reasons for not being able to login with domain users account.

1. Check the domain dns server is pingable.
For example, if the domain DNS server of a domain "mydns" is "mydnsserver".
Check the command ping mydnsserver.mydns.

2. If the above steps fails then set, then check the DNS server settings in TCPIP Properties.

3. Check DNS suffix is properly used. Set the DNS suffix with domain name.

Unable to login after removing domain controller

while removing domain controller (DC) using command dcpromo, it asks for password to be used to login into administrator user account. Use that password to login into administrator user account after removing domain controller.

Unable to add additional domain controller

The following are the possible reasons for the failures in adding additional domain controller.

1. Check the Domain Name for which the additional DC required is pingable from a host which going to become additional DC. i.e if domain name is mydnstest.com then the command ping mydnstest.com should succeed.
2. Check TcpIp settings. i.e set the dns server ip for additional dc is the ip of primary dns server.
3. Check the netbios name of the additional DC is pingable.
4. Check the primary dns server contains Type A record of additional domain controller.