Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 7550
  • Last Modified:

Server 2012 - DNS issue - ID 4013

2012 server, DNS error:

ID 4013
 
The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.

I believe from my research that this might be caused by this: it appears the old server name (left over from migration?) is called out in the DNS forward lookup and I think that is the issue.  Can I just delete all the references to the old server without issue?

Thank you
0
Joemt
Asked:
Joemt
  • 15
  • 9
  • 5
  • +2
1 Solution
 
Lionel MMSmall Business IT ConsultantCommented:
Is that server still active? If not then you can because if you no longer have it working it will never reach it. Worst case you remove the DNS server role and then add it back. How many active servers do you have?
0
 
SteveCommented:
If you have old DCs listed in AD/DNS you do need to get them salefy removed.

Try this for info
http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Even with a dodgy server listed it should be able to replicate dns from another dc so its a bit odd its failing.
How many DCs do you have?
0
 
JoemtAuthor Commented:
I apologize for the delay here .....client is a school...I have made arrangements to get access to the school to try the above. I should know next week.....I have visited this question to see if any other suggestions steadily. I will report back thank you.
0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 
SteveCommented:
any luck?
0
 
JoemtAuthor Commented:
Have not been out to the site yet. I hope to have access to the server this week.
0
 
JoemtAuthor Commented:
Ok I might have done something stupid.......Ther are two sections under the DNS

1. PSDsvr2012        and  2. psdsvr2012.potomac.local See pic.

The old server name "psdsvr" was listed under both....I deleted it from under #2 which splashing "psdsvr" under #1

please see the pics i need some help on getting this sorted out.

I'm on site right now
Properties.jpg
Old-current.jpg
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
In your FLZ potomac.local you need to create an A record for

psdsvr2012.potomac.local

That will fix the first image that does not show an IP address.

Do that _first_ do not touch the _msdcs situation until your Properties shows the correct IP for your 2012 DC/DNS.

Philip
0
 
Erik BjersPrincipal Systems AdministratorCommented:
When you changed the server name did you rebuild, build a new one, or just rename the old one after upgrading?

If you renamed the old one did you follow these steps
http://technet.microsoft.com/en-us/library/cc782761(v=ws.10).aspx
If not you may want to try that now as it will create the required entries for the new name.

From what I see the problem is you do not have a name server record for your new name, only an alias pointing to the old name which no longer exists.

eb
0
 
JoemtAuthor Commented:
The old server (2003) was shut off and removed from the network after the migration to the new Dell server (2012). There is only one server.

 I'm sorry I did not do the initial installation so I am not sure what steps were or were not followed.

How do I create the name server record?  

Thank you
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
In the Potomac.Local Forward Lookup Zone right click and New A (AAAA) Record:

NewServerName
IP of new server

Apply and OK

Philip
0
 
JoemtAuthor Commented:
Ok under Potomac/local (both PSDSRV2012 & PSDSRV2012.Potomac.local) When I try to create the "A" host - it tells me is already exist. I found the a host in the list.

See pic hope it sheds some light. PS I'm on site right now.
Potomac.local-properties.jpg
Ahost-record.jpg
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
That looks right and your properties are now showing the IP address for the server

Please post an IPCONFIG /ALL from the 2012 DC.

Philip
0
 
JoemtAuthor Commented:
I did not add the A host...it was there. here is the ipconfig /all
ipconfig-all.jpg
nslookup.jpg
1
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
What are the IPs for the NIC DNS 0 and 1? The 66's?

DNS 0 for IPv4 on the NIC should be: 10.0.5.6

Nothing else.

The server is not even asking itself for internal resolution. It is going out to those 66 IPs. Ooops.

Philip
0
 
JoemtAuthor Commented:
Ok I fixed the DNS on the Nic and the odd ::1.

nslookup still comes back with default server unknown.....but the ip called out is correct
New-ipconfig-all.jpg
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Look in the Reverse Lookup Zone for your Subnet. Is it there? If yes, then you need to add an A record for the DC's IP to fix that.

If not, create an AD integrated, Secure Updates Only, RLZ for your subnet.

Philip
0
 
SteveCommented:
don't bother. its just the loopback address that's the cause of the 'unknown' stuff.
you can create a reverse lookup zone for loopback but it's not worth the hassle.

just remove the ::1 (ipv6 loopback) and use the 10.0.5.6 address as this should already have a reverse dns record.

have you removed the old server's name/IP from the nameservers list?
0
 
JoemtAuthor Commented:
Yes I removed the old server name from the Names list on all zones. I also ensured the ip address was resolved for the actual server name in the Names list that is valid.

I had to create a alias for the old server (in Potomac.local) for the workstations to remote update an AV program.  The other existing alias I see is to tie _msdcs.potomac.local to psdsrv2012 (server name).

A problem I see still: under Potomac.local there are a host records (workstation names) with duplicate ip addresses on different workstation names.

Is there a way to determine if the DNS setting are correct in the AD?
Dup-ip-addreses.jpg
Old-server-name-alias.jpg
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Verify in DHCP by comparing the lease.

Set Scavenging and enable on AD Zones in DNS (right click server name and Set Scavenging).

In DHCP right click on IPv4 and Properties. Under DNS Tab enable Name Protection. Under advanced set a username and password that will allow DHCP to update DNS when a client's IP is renewed or issued.

That should help keep the IPs and DNS A records straight.

Philip
0
 
JoemtAuthor Commented:
I have 2 choices on the Scavenging - 1. Aging/scavenging for all zones  2. scavenging stale resource records.

The DHCP is provided by a sonic wall device.  (anything to do here).

AS for your third paragraph......does that still apply with the sonic wall providing DHCP and I'm assuming you meant at the server if it applied.
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
With DHCP off the server you are totally reliant on the client pinging DNS with an updated IP.

DHCP belongs on the server as it is closely integrated with DNS as per my earlier post.

Set Ageing/Scavenging for all zones and include AD Integrated.

Philip
0
 
JoemtAuthor Commented:
I will move the DHCP to the server.  I did set the scavenging.  This is server 2012 and I did not see a setting with in the scavenging specifically for the AD.  I will look into this further.  thank you for all your help.
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
When you enable Scavenging there is a check mark below as shown here:
AD-integrated Zones Option
Put a tick in "Apply these settings to the existing AD-integrated zones".

Philip
0
 
JoemtAuthor Commented:
I moved the DHCP server to the server (added the role and configured). I also set the scavenging settings (3 days).

Since all the DNS changes, The server cannot ping the workstations. The workstations can ping the server.  This is causing me grief because my AV console on the server cannot find the workstations. I use the console to push out AV upgrades.

Any idea what is causing the server to not be able to ping the workstation?
0
 
Lionel MMSmall Business IT ConsultantCommented:
cannot ping using pc names or ip addresses?
0
 
JoemtAuthor Commented:
I did not try names..............ip address no response.  I could stop by and try that tonight.
0
 
Philip ElderTechnical Architect - HA/Compute/StorageCommented:
Reboot the machines so that they pick up the IPs from the server. They should then update DNS with the correct IP.

Philip
0
 
JoemtAuthor Commented:
I can ping the printer. I can also ping the workstations IF I shut off the WS (XP Pro) firewall.
Turn on the WS firewall and no ping from server to WS.

Why would the workstation FW stop the domain server from pinging?
0
 
SteveCommented:
Why would the workstation FW stop the domain server from pinging?

many firewall settings block ping traffic because it's generally bad in an insecure environment. if the firewall is on and configured to defaults you wont get a ping response.

if you're happy your internal network is secure enough you can disable the firewall completely on WS. alternatively, amend the firewall settings to allow Ping (ICMP) traffic.
0
 
JoemtAuthor Commented:
Is this a server 2012 default setting?  I have always been able to ping workstations from the server as far as I can remember (will be checking after this).   To change 85 workstations so I can push an AV upgrade is not great.  I could ping those workstations prior to the changes to the DNS. That is why I thought there had to be something missing still.
0
 
SteveCommented:
This is a separate question really, as we've already dealt with your original query.

In answer to your additional Q, the defaults for Client firewalls are quite basic and are only normally amended en-masse if your Group Policies add exceptions and settings to the clients.

SBS usually includes many GPOs like this by default, but the full version of server is pretty much a blank canvas.

In general, many companies feel the firewall can be disabled while on your company network as it is usually causes more problems than it resolves. This should be assessed on a case-by-case basis though.
0
 
JoemtAuthor Commented:
Thank you for all the help.    This is a great asset to It personnel.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 15
  • 9
  • 5
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now