none
DNS service quits after start with no error message. Event 4013 generated every couple of hours, Directory Replacation appears to be fine.

    Question

  • I've been racking my brains on this one. DNS service on a Domain controller will not run. I've double and triple checked AD syncing, and repadmin shows replication successful for each directory with two replication partners.  The server in question is  2008R2.  I've tried uninstall the DNS service and reinstalling, but it doesn't make a difference.  This issue has been going on several months and only recently discovered during a disaster recovery that made this the only DNS server up during the event.

    Every time i start the service, the an event 2 is generated stating the service has been started, but when you check the service, it is off.  The server itself is setup to use another DNS server for client request, so it is not a dns query issue. Before i try uninstall AD and reinstalling, is their a way to "trick" DNS in starting? It feels like the AD isn't setting the "initial sync" flag correctly, so DNS never recognizes the "initial sync" for AD finished.

    Anyone got any ideas?

    Saturday, March 4, 2017 11:34 PM

All replies

  • Are you sure DNS role is installed? You could run this one to check. Otherwise check the system event log for error details.

    https://gallery.technet.microsoft.com/scriptcenter/2592d8e7-f830-4d64-bce8-fb4f79ddc66c

     This one may also help.

    https://support.microsoft.com/en-us/help/2001093/troubleshoot-dns-event-id-4013-the-dns-server-was-unable-to-load-ad-integrated-dns-zones

     If no joy you can run;

    Dcdiag /v /c /d /e /s:DCName >c:\dcdiag.log

    (please replace DCName with your Domain Controller name)

    also run;

    ipconfig /all > C:\dc1.txt

    ipconfig /all > C:\dc2.txt

    then put files up on OneDrive and share a link.

     

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.



    Saturday, March 4, 2017 11:54 PM
  • Hi Cranky old man,

    1. As Dave suggested, please run dcdiag in the cmd to check the health of the DC;

    2. Please check the DNS zone type, check if it is AD-integrated;

    3. Please restart netlogon services, it may help re-register SRV records;

    Best Regards,

    Anne


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 6, 2017 7:18 AM
    Moderator
  • Thanks for the reply Dave, I have already read and applied the solutions listed in your second article, but to no avail.  The DNS service is definitely installed, as i can manually start it in the services management console, and DNS server events are logged. 

    Here's the link to the events generated by the DNS server:  DNS Events

    Here's the link to the dcdiag:  DCDiag

    Here's the link to the ipconfig results:  Troubled DC Good DC

    FYI, the troubled DC is Oslo.  It is the only DC in a secondary site, i have three other DCs with no errors in the primary site.


    Monday, March 6, 2017 6:48 PM
  • HI Anne, I've replied to Dave with the results for DCdiag.  DNS is definitely integrated with AD and a restart of netlogon didn't make a difference.  You can see in the event log, DNS is definetly complaining it is not getting the ok from AD on passing a full sync even though as far as i can see, AD is running properly.  Below is the details of AD_DomainServices event 1394:

    • All problems preventing updates to the Active Directory Domain Services database have been cleared. New updates to the Active Directory Domain Services database are succeeding. The Net Logon service has restarted.
    Monday, March 6, 2017 6:54 PM
  • I'd check that these ports are open between the two networks.

    https://technet.microsoft.com/en-us/library/dd772723%28v=ws.10%29.aspx?f=255&MSPPError=-2147217396

     

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Monday, March 6, 2017 7:28 PM
  • To one up you, I"ve thought about network connectivity, pathways, and ports already, but with the results for repadmin showing replications are successful, it rules out any network issues and I think any AD sync issues.

    Repadmin: running command /showrepl against full DC localhost
    NewYork-Site\OSLO
    DSA Options: IS_GC
    Site Options: (none)
    DSA object GUID: f46e0d5b-d809-4aa8-b5ae-9517ba8d8797
    DSA invocationID: 641c3440-e974-4fac-8536-f6535df6e596
    ==== INBOUND NEIGHBORS ======================================
    DC=nexus,DC=jhn
        Hollywood-Site\WASHINGTONDC via RPC
            DSA object GUID: e4940fa0-2f7d-41e9-a1ce-a361a05b06d3
            Last attempt @ 2017-03-06 15:37:26 was successful.
        Hollywood-Site\BEIJING via RPC
            DSA object GUID: 84b11ef7-f556-436c-b7f9-01ec5ced4fb1
            Last attempt @ 2017-03-06 15:37:27 was successful.
    CN=Configuration,DC=nexus,DC=jhn
        Hollywood-Site\WASHINGTONDC via RPC
            DSA object GUID: e4940fa0-2f7d-41e9-a1ce-a361a05b06d3
            Last attempt @ 2017-03-06 15:37:26 was successful.
        Hollywood-Site\BEIJING via RPC
            DSA object GUID: 84b11ef7-f556-436c-b7f9-01ec5ced4fb1
            Last attempt @ 2017-03-06 15:37:27 was successful.
    CN=Schema,CN=Configuration,DC=nexus,DC=jhn
        Hollywood-Site\WASHINGTONDC via RPC
            DSA object GUID: e4940fa0-2f7d-41e9-a1ce-a361a05b06d3
            Last attempt @ 2017-03-06 15:37:27 was successful.
        Hollywood-Site\BEIJING via RPC
            DSA object GUID: 84b11ef7-f556-436c-b7f9-01ec5ced4fb1
            Last attempt @ 2017-03-06 15:37:27 was successful.
    DC=ForestDnsZones,DC=nexus,DC=jhn
        Hollywood-Site\WASHINGTONDC via RPC
            DSA object GUID: e4940fa0-2f7d-41e9-a1ce-a361a05b06d3
            Last attempt @ 2017-03-06 15:37:28 was successful.
        Hollywood-Site\BEIJING via RPC
            DSA object GUID: 84b11ef7-f556-436c-b7f9-01ec5ced4fb1
            Last attempt @ 2017-03-06 15:37:28 was successful.

    Monday, March 6, 2017 8:54 PM
  • Nothing jumping right out. It may be simpler / more expeditious to build a new DC.

     

     



    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows Server] Datacenter Management

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees, and confers no rights.

    Monday, March 6, 2017 9:38 PM