We help IT Professionals succeed at work.

DNS Server Error Active Directory ID 4013

I have a Hyper-V VM with Server 2016 and added the role for AD.
I added my first user and tried to connect but that the AD Domain Controller could not be contacted.
... an error occurred when DNS was queried for the service location..... DNS name does not exist. BTW my domain name is AGHSRV.LOCAL    
Not sure if using local is good or not??

So in my VM under the DNS section is error id 4013 ,  The DNS server is waiting for Active Directory Domain Services to signal that the initial synchronization of the directory has been completed.

I'm not sure if this error is playing into it or not.
Comment
Watch Question

Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
Is your DNS service running? Can you restart the service?

Can you open the DNS console and check DNS settings? Check your DNS records for your DNS servers in a console and check DNS settings on the NIC.
Shabarinath RamadasanInfrastructure Architect
CERTIFIED EXPERT

Commented:

Looks like DNS is not started or AD is yet to complete its initial sync.


https://support.microsoft.com/en-za/help/2001093/troubleshoot-dns-event-id-4013-the-dns-server-was-unable-to-load-ad-in


Cheers !

Shaba

Ian PattisonHead of IT
CERTIFIED EXPERT

Commented:
Has your client got the correct DNS settings either in the Static, or DHCP-assigned IP Address?  Is this DNS Server running, and using NSLOOKUP, can you query that DNS server and resolve the address of the DC?

Author

Commented:
I’m not at the Server but I’ll check these things before I respond
Hypercat (Deb)President
CERTIFIED EXPERT

Commented:

Make sure the server is pointing to itself in the NIC config for primary DNS server. If there's another DNS server there, you can put that one in as the secondary.

Author

Commented:
Ok... so I noticed that the DNS of the NIC (HyperV Switch) on the VM running Server 2016 with AD was 127.0.0.1,
So I changed it to the IP of the NIC.

The rebooted the VM.
Still saw the 4013 Warning

BUT
Then went to the test laptop and put that DNS of the server NIC in the in the IPV4 properties for the NIC and  joining the domain worked.

Why the warning? How long does that initial sync take and how do I know if it has synced?

So
Hypercat (Deb)President
CERTIFIED EXPERT

Commented:

OK - I need a clarification on the message.  Does it occur on a continuing basis while the server is running? Or does it occur only when you reboot.  That error is normal if it occurs only when you reboot, especially on a stand-alone DC (no other DCs on the network).  It's part of the process that the AD services don't start up first, so when you reboot, you'll see that error but it's transient and doesn't affect the availability of AD services after the reboot is finished and all services are started.

Author

Commented:
If I click on DNS in the left in Server Manager, the error 4013 doesn't continue to appear.
It's looking like it happens on startup...
Hypercat (Deb)President
CERTIFIED EXPERT

Commented:

In that case, you're fine - nothing to worry about. DNS is just complaining because the AD services aren't started yet, but it resolves itself later in the startup process. You'll continue to see this event any time you restart the server, but if you see it at any other time, then you need to investigate because it indicates that there's a problem with Active Directory on this server.

Ian PattisonHead of IT
CERTIFIED EXPERT

Commented:
So it seems that your DC is healthy and the original reason you couldn’t join the domain was your client wasn’t pointing to the DNS server on your 2016 DC.

Have you set up DHCP, and if so, have you set the scope options to set the dns server correctly, or are you using static IPs for all your clients at the moment?

Author

Commented:
I haven't setup DHCP and would prefer not to do static IP's
How do I set it up for DHCP?
Ian PattisonHead of IT
CERTIFIED EXPERT

Commented:
Are you in a test environment separate from your live environment?

How did the laptop get an IP address previously?

If there are no other DHCP servers in your environment, you need to install the DHCP role on your server, and then go through the process to authorise it, and then set up a scope.

If you are wanting internet access, you should find your router IP address etc., as you will need to set up an IP scope that can access the router.

You also need to ensure that your dhcp scope excludes your router address, server address and any other static addresses in use.

Here’s a decent guide:
https://computingforgeeks.com/how-to-install-and-configure-dhcp-server-on-windows-server/

Author

Commented:
Cool
Yes this is test environment I’m going to take live. The laptop(s) weren’t doing anything before. The are to help work thru all issues before going live

I’ll add the role and check your link

Author

Commented:
I have added the DHCP Role, but now getting these errors:

Error 10200   This computer has at least one dynamically assigned IPv6 address. For reliable DHCPv6 server operation , you should only use static IPv6 address.


Error 1059 The DHCP service failed to see a directory server for authorization

Error 1046 The DHCP/BINL service on the local machine, belonging to Windows Administrative domain AGHSRV.local has determined that it it not authorized to start. It has stopped serving clients. The following are some possible reasons:

This machine is part of a directory service enterprise and is not authorized in the same domain
Hypercat (Deb)President
CERTIFIED EXPERT

Commented:

Did you authorize the DHCP server and set up a scope?  Usually the error 1049 and 1046 are caused by having the DHCP service role installed but not configured.  


The 10200 error is normal if you're not actively using IPv6 and haven't configured it with a static IP address.  If you're not using it, there's no reason to configure it and you can just ignore the error.

Author

Commented:
I saw it showed to authorize (yes did it),
Setting up scope now, but how long should the lease time be?

Author

Commented:
I took the default lease time of 8 days.
restarted the VM...

Still seeing error 1059
Hypercat (Deb)President
CERTIFIED EXPERT

Commented:

Yes default lease time is fine especially in a test environment.  Try restarting the DHCP server service.  Sometimes you need to do that after authorization.

Author

Commented:
Restarted service didn't see errors
BUT
restarted  the VM and then checked DNS for errors..
Same thing Error 1059. DHCP service failed to seem directory server for authorization
Hypercat (Deb)President
CERTIFIED EXPERT

Commented:

When you look at it in the DHCP console, does it show as authorized (green checkmark on IPv4 and IPv6)?  Does the error reoccur on a regular basis or show only during restart?

Author

Commented:
Yes both are green.

If I look under DHCP Events, I see the error after startup but after that I don't see it repeating.

Would it show under DHCP events in a repeating fashion?

Author

Commented:
Don't know if this will help but...

before I setup DHCP on the VM server

On my test laptop, In the ipv4 laptop settings, I could put under dns, the ip address of VM and the laptop would connect
Now it doesn't...

So on the laptop I set the ipv4 back to receive ip and dns automatically by default.
Still doesn't connect to the server

If I open a command prompt on the laptop
an ifconfig shows NO gateway

One more thing...
I have my ethernet connection coming off of one of the four ports on the back of my wifi router..... not sure if this playing havoc
Hypercat (Deb)President
CERTIFIED EXPERT

Commented:

What scope did you create in DHCP?  If you can please open the DHCP management console and expand the view so that you can see the scope address pool, and then the scope and, if you set any, server options. Take screen captures and attach them to your message; something like this:


System Administrator
CERTIFIED EXPERT
Distinguished Expert 2018
Commented:
How to configure DHCP. Open a DHCP console:
1. Is the DHCP server authorized? If not, DHCP -> right-click the server name -> Authorize
2. Have you created the Scope? If not, create one.
3. Have you configured Server Options?
DHCP -> IPv4 -> Server Options -> Configure Options -> Add:
006 DNS Servers = DNS server IP adresses, use all if possible
015 DNS Domain name = FQDN

4. Have you configured Scope Options?
DHCP -> IPv4 -> YourScope -> Scope Options -> Configure Options -> Add:
003 Router = default gateway IP address
006 DNS Servers = DNS server IP adresses, use all if possible
015 DNS Domain name = FQDN

5. DHCP -> right-click the IPv4 -> DNS tab -> make sure that "Allways dynamically update DNS records" and "Discard A and PTR records..." options are checked.

6. Have you pointed the router to the new DHCP server? If not, add the IP helper-address on the main router.
This is important. People usually forget this.

Author

Commented:
Thanks to all!
Hello ThereSystem Administrator
CERTIFIED EXPERT
Distinguished Expert 2018

Commented:
You are very welcome.

So misconfigured DHCP was the issue here?

Author

Commented:
Actually the first big problem was because of connecting to an ethernet port off of our wireless.
I called our firewall company and had them setup the third port on the hardware firewall(unused) to get the whole dhcp able to be used.