Solved

Server 2012 - DNS issue - ID 4013

Posted on 2015-01-22
10
430 Views
Last Modified: 2015-01-26
We have a new Windows Server 2012 R2 that we added to a small Windows network that has Windows 2003 and 2008 servers and we made it a DNS server and a GC and everything seemed fine during the procedure.
We are however getting the following Event Warning below. The new server passes the DCDIAG tests and  repadmin /showrepl. It only appears after reboots. Any assistance offered solving it would be greatly appreciated.

Event ID 4013:

“The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.”
0
Comment
Question by:regsamp
  • 5
  • 5
10 Comments
 
LVL 25

Expert Comment

by:DrDave242
ID: 40565188
How many DCs are in the domain? If there are others (and this event implies that there are), make sure this server is using at least one of them for DNS in addition to itself.
0
 

Author Comment

by:regsamp
ID: 40565197
We have five DCS on the domain. The server is seeing one DNS server and the other DNS server it is suppose to be replacing. The DCDIAG TESTS I have run come back with passed results, repadmin /showrepl runs fine and the other DCs do not have any errors.

I only get this Event Warning when the 2012 is rebooted.
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 40565204
The server is seeing one DNS server and the other DNS server it is suppose to be replacing.
I'm not sure exactly what you mean by that. What servers is this DC using for DNS?

After a reboot, is that event logged only once, and does the DNS Server service on the DC start? If so, it's nothing to worry about, but if the DNS Server service takes quite a while to start, it indicates that the DC is having trouble contacting another DC to perform an initial sync of AD (which is required in order for the DNS Server to start).
0
 

Author Comment

by:regsamp
ID: 40565235
We have our Primary DNS server that is Windows 2008. Our secondary DNS server that we have had for years is a Windows Server 2003. We purchased a new server that has Windows 2012 R2 on it. We would eventually like to get rid of the Windows Server 2003 server as it is old and replace this new one. We were getting to go through the steps but we keep getting this warning after reboot.

The Windows 2012 R2 server has the Windows 2008 and Windows 2003 Server as it's DNS entries. The 2012 server has DNS installed but we have switched anything over yet.

Yes, after a reboot the event is only logged once. Yes the DNS Server service does appear to start as the test come back passed.  How can I verify if the DNS Server service is starting 100%?
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 40565300
Any time a service starts or stops, an event is logged in the System log (event ID 7036, source Service Control Manager). There will be quite a few of these after a reboot, since a lot of services are starting, but if you don't mind digging through them, you can find the one that corresponds to the DNS Server service starting and compare the timestamp on that event to the 4013 event to see how much time it's taking between the 4013 and the DNS service starting.

Have your AD-integrated DNS zones replicated to the new server?
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:regsamp
ID: 40565360
There are DNS Server Stops and Starts but they all appear to be the times I "rebooted" the server so it looks okay in that way.  I am not seeing any 4013 events under the System Logs. I only see them under the DNS log and it is only after I reboot each time.

How can I confirm the AD-integrated DNS zones replicated to the new server easily?
0
 
LVL 25

Accepted Solution

by:
DrDave242 earned 500 total points
ID: 40565379
Yeah, it sounds like it's one of those transient things that happens only during a reboot and isn't a sign of a real problem.

Use the DNS console to verify that the new server has copies of the same zones as your old DCs/DNS servers.
0
 

Author Comment

by:regsamp
ID: 40565414
That is what I was believing too. A transient issue only during reboot. The new server seems to have the copies of the zone information from what I can see in the DNS console.
0
 
LVL 25

Expert Comment

by:DrDave242
ID: 40565416
OK, sounds like everything's working correctly, then.
0
 

Author Comment

by:regsamp
ID: 40565427
I will just keep an eye on the logs and give it a little while but I think so too. Thank you for the help.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now