DNS service won't start after DCPromo

Posted on 2005-04-08
Last Modified: 2012-05-05
I have a standalone Win2K3 server that is used for running terminal services. For security and administration purposes, I thought it would be a good idea to install Active Directory since it wasn't done upon installation 12 moniths ago. I followed the instructions available here:

Here are the settings I used:
Servername: companyfs1
Suffix: company.local

I created the forward lookup zone, tested it to see if the server registered, rebooted just to be sure, tested it again, then ran dcpromo. It ran fine all the way through, rebooted, and then sat on the dreaded "preparing network connections" for 10 minutes before allowing me to log on. I ran through the AD installation checklist and discovered that the DNS Server service was stuck on "starting". I can kill the process then try to start it again, but when I start it manually, the progress indicator gets to about halfway then virtually stops. I then get the error "1053: the service did not respond to the start or control request in a timely fashion" and the service status remains stuck on "starting". After several reboots and an uninstall and reinstall DNS without luck, I'm out of ideas. It doesn't seem anyone has documented this exact problem before.

What's more, is that the server can ping itself - and resolve it's own name. Ping companyfs1 comes back with a reply from and gives the FQDN of How is this possible? I know it's only querying itself, but I thought that would still use DNS.

Anyway, I'm convinced I did nothing wrong throughout the process so surely it's not terminal. Is there any workaround or will I be forced to demote the server and remove AD? Oh - and I hope the existing user accounts are intact.
Question by:PJNG1

    Author Comment

    After 2 hours of messing about and getting nowhere, the service just suddenly started out of the blue. I have no idea why, but it happened. I then went through and recreated the DNS forward lookup zone, which is working nicely, but when I try to connect to AD sites and services, it says the server is not operational. I can browse the domain and the server is listed, but it won't connect to it. I'm too scared to restart the damn thing. Anything I can do to kick it in without a boot?
    LVL 35

    Expert Comment

    by:Nick Sui
    DNS Service is started problem here...but what about DC SRVs for domain controller in the respective zone. All AD Tools access active directory domain name by sending a query to DNS server for DC SRVs. If DC SRVs are not registered in DNS the AD Tools will show this message "Naming information not found" or "Server is not operational". Try the following: -

    1. Dcdiag /fix
    2. Netdiag /fix
    3. Restart Netlogon service
    4. Ipconfig /registerdns.

    Let me know.

    Author Comment


    Before I start, thought I'd mention I'm now running this server on a standalone hub with no net access and no workstations so many of the lookup tests don't work. Here are the results of the suggested actions:

    1. dcdiag returns with an LDAP response error - companyfs1 could not be contacted. Check if it's a DC.
    2. netdiag returns many interesting things - including:

      Domain membership test . . . . . . : Failed
        [WARNING] Ths system volume has not been completely replicated to the local machine. This machine is not working properly as a DC.

      DC discovery test. . . . . . . . . : Failed
            [FATAL] Cannot find DC in domain 'COMPANY'. [ERROR_NO_SUCH_DOMAIN]

       DC list test . . . . . . . . . . . : Failed
            'COMPANY': Cannot find DC to get DC list from [test skipped].

    All other error messages seems to be due to the fact that there are no workstations or gateway available.
    I think it's really trying to tell me that it doesn't think the server is a DC, but when I run dcpromo, it immediately says that the computer is already an AD DC.

    I've since done a restart, which kills the dns service again, but I can now fairly consistently start it by killing the process and starting it manually - it still comes up with a "timely fashion" error, but starts after about 3 minutes.

    Author Comment

    Oh - to answer your question - the DC SRVs are all registered in DNS and the SYSVOL directory is intact.

    Author Comment

    Update: the SYSVOL and NETLOGON shares had not been created. I created them manually, but that didn't make a difference.

    Every tool I run reports that the DC for the domain can not be contacted.
    LVL 35

    Accepted Solution

    Follow all the steps carefully to rebuild the Sysvol share and then run Ntdsutil.exe to clear unused domain data from Directory.;en-us;315457

    Metadata Cleanup: -
    How To Remove Orphaned Domains from Active Directory

    How do I remove a nonexistent domain from Active Directory?

    BTW: - What is your domain name? Did you give the NetBIOS name and not FQDN while promoting it to a domain controller?

    Let me know.

    Author Comment


    Thanks for the replies. Due to the lack of time I had to get the server running, I spent as long as I could troubleshooting, but mid-afternoon Sunday, I decided I had just enough time to rebuild it to have to fully working by Monday morning. Turns out the system disk was on it's way out, so I'm not sure any more fiddling would have worked.

    Have some points anyway.
    LVL 35

    Expert Comment

    by:Nick Sui
    Sorry. I couldn't be of some help.

    Hope next time i will try my level best.


    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
    Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
    In this sixth video of the Xpdf series, we discuss and demonstrate the PDFtoPNG utility, which converts a multi-page PDF file to separate color, grayscale, or monochrome PNG files, creating one PNG file for each page in the PDF. It does this via a c…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    22 Experts available now in Live!

    Get 1:1 Help Now