Alright I'll give you the run down on this one. I have six sites consisting of six DCs all Windows 2008. All Sites have VPNs to Head Office and all sites have VPN to secondary site. AD Sites and Services is setup to reflect this for replication.
Now the issue I have, which by the way came out of no where as it was working before without any issues until they were physically moved and placed into production, is this. When my primary DC is pointed to itself for DNS and is rebooted the server will take an extremely long time to load back up usually 10-15minutes. Then DNS is broken none of the AD components will work. IE Sites and Services, Users and Computers etc.
I get the following eventlog error for AD Domain Services on the server in question. This error occurs 5 times once for every DC.
Active Directory Domain Services could not resolve the following DNS host name of the source domain controller to an IP address. This error prevents additions, deletions and changes in Active Directory Domain Services from replicating between one or more domain controllers in the forest. Security groups, group policy, users and computers and their passwords will be inconsistent between domain controllers until this error is resolved, potentially affecting logon authentication and access to network resources.
Source domain controller:
Failing DNS host name:
NOTE: By default, only up to 10 DNS failures are shown for any given 12 hour period, even if more than 10 failures occur. To log all individual failure events, set the following diagnostics registry value to 1:
22 DS RPC Client
1) If the source domain controller is no longer functioning or its operating system has been reinstalled with a different computer name or NTDSDSA object GUID, remove the source domain controller's metadata with ntdsutil.exe, using the steps outlined in MSKB article 216498.
2) Confirm that the source domain controller is running Active Directory Domain Services and is accessible on the network by typing "net view \\<source DC name>" or "ping <source DC name>".
3) Verify that the source domain controller is using a valid DNS server for DNS services, and that the source domain controller's host record and CNAME record are correctly registered, using the DNS Enhanced version of DCDIAG.EXE available on http://www.microsoft.com/dns
4) Verify that this destination domain controller is using a valid DNS server for DNS services, by running the DNS Enhanced version of DCDIAG.EXE command on the console of the destination domain controller, as follows:
5) For further analysis of DNS error failures see KB 824449:
11001 No such host is known.
Now on the DNS side of things I will get the following error message repeating every two minutes......seems like the chicken and the egg.
The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.
Now as soon as I add another DC DNS Server IP to the NIC everything comes up fine without any issues with a reboot. No errors or anything. I am bit worried as this is the primary DC and has all roles for AD residing on it.