Dns server ошибка 4013

  • Remove From My Forums

  • Вопрос

  • Доброго дня, коллеги.

    Так и не нашел, однозначного ответа, как решить проблему с этой ошибкой.

    Предупреждение : 4013
    «DNS-сервер ожидает от доменных служб Active Directory (AD DS) сигнала о том, что первичная синхронизация каталога завершена. Службу DNS-сервера невозможно запустить до завершения первичной синхронизации, так как критические данные DNS могут быть еще не реплицированными
    на этот контроллер домена. Если журнал событий AD DS показывает, что имеются проблемы с разрешением DNS-имен в адреса, рассмотрите возможность добавления IP-адреса другого DNS-сервера для этого домена в список DNS-серверов в свойствах протокола IP этого компьютера.
    Такое событие будет записываться в журнал каждые две минуты, пока служба AD DS не сообщит об успешном завершении первичной синхронизации.»

    Вообще, использую 2 DNS сервера и проблем не испытываю. Один ссылается на второй и наоборот.

    Но вот сегодня, выключили свет на 2 часа. Естественно, все сервера пришлось потушить.

    Когда появился свет, в первую очередь включил контроллер домена. И тут началось. 2 часа не могла иницализироваться служба ДНС и сыпала в лог эту ошибку.

    • Изменено

      21 ноября 2012 г. 5:49

Ответы

  • Если сейчас DNS работает и с репликацией проблем нет, то в чём тогда вопрос? Почему долго шла начальная синхронизация AD? Ответ: потому что в сети не было работоспособных DNS. Если у Вас все DNS только на контроллерах домена — то ситуация нормальная для
    подобной структуры. Выход: делать в сети третий DNS, который будет вторичным DNS для зон AD и будет хранить эти зоны не в AD, а в файлах. Альтернативный выход: никогда не выключать ВСЕ контроллеры домена.

    Сергей Панченко

    • Помечено в качестве ответа
      Vinokurov Yuriy
      26 ноября 2012 г. 13:03

  • К сожалению, это — нормальное поведение: AD на хозяевах ролей FSMO в многосерверной конфигурации при недоступности остальных КД стартует долго из-за требования начальной синхронизации (http://support.microsoft.com/kb/305476).
    А начальная синхронизация оказывается невозможной из-за недоступости DNS.

    Начальную синхронизацию можно отключить в реестре ( http://support.microsoft.com/kb/2001093 ), но это помжет привести к повреждению AD в случае, если в сеть будет возвращен контроллер домена,
    бывший хозяином роли FSMO, которые у него были принудительно захвачены (seize).

    Насколько я понимаю (не проверял), помочь с разрешением ситуации может наличие КД, не являющегося хозяином ни одной роли FSMO, и являющийся сервером DNS — у него не должно быть таких задержек с запуском.

    Слава России!

    • Изменено
      M.V.V. _
      21 ноября 2012 г. 9:29
    • Помечено в качестве ответа
      Vinokurov Yuriy
      26 ноября 2012 г. 13:03

Источник

Are you stuck with DNS Event ID 4013? We can help you.

At Bobcares, we offer solutions for every query, big and small, as a part of our Server Management Service.

Let’s take a look at how our Support Team resolve this error.

How to resolve DNS Event ID 4013?

Usually, the following DNS Event ID 4013 is log in the DNS event log of domain controllers that are hosting the DNS server role after Windows starts:

Event Type: Warning
Event Source: DNS
Event Category: None
Event ID: 4013
Date: Date
Time: Time
User: N/A
Computer: ComputerName
Description:
The DNS server was unable to open the Active Directory. This DNS server is configured to use directory service information and can not operate without access to the directory. The DNS server will wait for the directory to start. If the DNS server is started but the appropriate event has not been logged, then the DNS server is still waiting for the directory to start.

For more information, see Help and Support Center at https://go.microsoft.com/fwlink/events.asp.
Data:
0000: <%status code%>

Mostly, issue occurs due to below conditions:

  • slow Windows startup
  • the logging of DNS event 4013 on DNS servers that are configure to host AD-integrat zones, which implicitly reside on computers acting as domain controllers.

Some Microsoft and external content have recommend setting the registry value Repl Perform Initial Synchronizations to 0 to bypass initial synchronization requirements in Active Directory.

The specific registry subkey and the values for that setting are as follows:

HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesNTDSParameters
Value name: Repl Perform Initial Synchronizations
Value type: REG_DWORD
Value data: 0

This configuration change isn’t recommend for use in production environments, or in any environment on an ongoing basis.

The use of Repl Perform Initial Synchronizations should use only in critical situations to resolve temporary and specific problems.

How to resolve it?

Today, let us see the steps followed by our Support Techs to resolve it.

The default setting should restore after such problems are resolve.

Other feasible options include:

  • Firstly, remove references to stale domain controllers.
  • Then, make offline or non-functioning domain controllers operational.
  • Domain controllers hosting AD-integrate DNS zones shouldn’t point to a single domain controller and especially only to themselves as prefer DNS for name resolution.
  • DNS name registration and name resolution for domain controllers is a relatively lightweight operation that’s highly cache by DNS clients and servers.
  • Configuring domain controllers to point to a single DNS server’s IP address, including the 127.0.0.1 loopback address, represents a single point of failure.

This setting is tolerable in a forest with only one domain controller, but not in forests with multiple domain controllers.

Hub-site domain controllers should point to DNS servers in the same site as them for prefer and alternate DNS server and then finally to itself as another alternate DNS server.

Branch site domain controllers should configure the prefer DNS server IP address to point to a hub-site DNS server, the alternate DNS server IP address to point to an in-site DNS server or one in the closest available site, and finally to itself using the 127.0.0.1 loopback address or current static IP address.

Dynamic domain controller SRV and host A and AAAA record registrations may not make it off-box if the registering domain controller in a branch site is unable to outbound replicate.

Member computers and servers should continue to point to site-optimal DNS servers as prefer DNS. And they may point to off-site DNS servers for additional fault tolerance.

Your ultimate goal is to prevent everything from causing a denial of service while balancing costs, risks, and network utilization, such as:
    • replication latency and replication failures
    • hardware failures, software failures
    • operational practices
    • short and long-term power outages
    • fire, theft, flood, and earthquakes
    • terrorist events
    • Are available at Windows startup.
    • Host, forward, or delegate the _msdcs. and primary DNS suffix zones for current and potential source domain controllers.
    • Can resolve the current CNAME GUID records (for example, dded5a29-fc25-4fd8-aa98-7f472fc6f09b._msdcs.contoso.com) and host records of current and potential source domain controllers.
    • Then, make sure that destination domain controllers can resolve source domain controllers using DNS (for example, avoid fallback).

      Domain controllers should point to DNS servers that:
  • Optimize domain controllers for name resolution fallback.The inability to configure DNS properly so that domain controllers could resolve the domain controller CNAME GUID records to host records in DNS was common.
  • To ensure end-to-end replication of Active Directory partitions, Windows Server 2003 SP1 and later domain controllers were modify to perform name resolution fallback:
    • from domain controller CNAME GUID to fully qualify hostname.
    • Then, fully qualified hostname to NetBIOS computer name.

    The NTDS replication Event IDs 2087 and 2088 in the Directory Service event logs indicate that:

    • a destination domain controller couldn’t resolve the domain controller CNAME GUID record to a host record.
    • Then, name resolution fallback is occurring.

    WINS, HOST files, and LMHOST files can all configure.

  • Change the startup value for the DNS server service to manual if booting into a known bad configuration.If booting a domain controller in a known bad configuration that’s discussed in this article, follow these steps:
    1. Firstly, set the DNS Server service startup value to manual.
    2. Reboot, wait for the domain controller to advertise.
    3. Finally, restart the DNS Server service.

    If the service startup value for DNS Server service is set to manual, Active Directory doesn’t wait for the DNS Server service to start.

[Looking for a solution to another query? We are just a click away.]

Conclusion

In brief, our skilled Support Engineers at Bobcares demonstrate how to resolve DNS Event ID 4013

Источник

We have an issue that only occurs after we rebooting our secondary DC and DNS server/DHCP server. It is a 2008r2 x64 server, DC and DNS/DHCP server. Our main DC is 2003.

Event ID 4013:

“The DNS server is waiting for Active Directory Domain
Services (AD DS) to signal that the initial synchronization of the
directory has been completed. The DNS server service cannot start
until the initial synchronization is complete because critical DNS
data might not yet be replicated onto this domain controller. If
events in the AD DS event log indicate that there is a problem with
DNS name resolution, consider adding the IP address of another DNS
server for this domain to the DNS server list in the Internet Protocol
properties of this computer. This event will be logged every two
minutes until AD DS has signaled that the initial synchronization has
successfully completed.”

I found this solution:

  1. Log onto the First Domain Controller
  2. Open Regedit
  3. Navigate to HKLMSYSTEMCurrentControlSetServicesNTDSParameters
  4. Right-click Parameters, click New, and then click DWORD Value.
  5. Type “Allow Replication With Divergent and Corrupt Partner” and press enter.
  6. Open the entry and in the Value Data box type 0
  7. Reboot First DC wait for it to come back online and then repeat the above steps on the Second DC.

It doesn’t really apply to us, since after about 15 seconds, it syncs up. My question is this, what would happen once we decommission or main DC and make our secondary DC our main DC? Since the warning does not occur after the reboot (like I said, it actually syncs up after about 15 seconds), should I even be concerned about it now?

Thanks!

asked Jul 11, 2012 at 22:06

George's user avatar

GeorgeGeorge

5004 gold badges18 silver badges40 bronze badges

3

Since your DNS is almost certainly AD-integrated for you to be getting that error, it (DNS) will wait until AD DS has completed a synchronization. If you were to decommission the other server, as long as it was done properly, this DC would consider itself to be synchronized since it had no partners.

The registry fix you mentioned would get you around that check, but another option (assuming your other DC was gone) is to transfer all the FSMO roles to this DC. I have had to do this in a virtual lab before when restoring only a single secondary DC. By seizing all the FSMO roles, I was able to get DNS up and running.

answered Jul 12, 2012 at 17:16

Paul Kroon's user avatar

Paul KroonPaul Kroon

2,23016 silver badges20 bronze badges

Источник
  • Remove From My Forums

  • Question

  • Hello everybody I have a problem and ask the help of the forum to try to resolveAfter starting the process of installing Windows Server 2008 R2 Interprise.In a new server, new domain, server, completely separate from the old domain (which currently runs)After running all updates to Windows Server starts with the following:I made the following settings on the NIC:IP: 192.168.0.1Mask: 255.255.255.0preferred dns: 192.168.0.1IPV4IPV6 — disabledI ran dcpromo, and then install the domain, installed dns.Configure DNS so that when I run nslookup correctly points to the server ip.
    I configured a reverse zone as well.The problem occurs whenever I restart the server every 10 minutes or occurs with below error in event viewer:Event ID: 4013The DNS server is waiting for the signal from the Active Directory Domain Services (AD DS) that the initial synchronization of the directory has been completed.
    The DNS Server service can not be started until the initial synchronization is complete because critical DNS data might not yet have been replicated in the domain controller.If the events of event log indicates that AD DS is a problem with a DNS name resolution, consider adding the IP address of another DNS server in this domain name to the list of DNS server in IP properties of this computer.
    Stephen Fry: event will be included in the log every two minutes until the AD DS signals that the initial synchronization was completed successfullyIf you can give me a line thank you.

    MCP

Answers

  • Hi Daniel,

    It’s not required to have two DCs, but highly recommended. I can’t see how adding a DC fixed this problem.

    I assumed prior to adding the new DC that you removed the ::1 and 127.0.0.1 address and only configured  192.168.0.1 as the only DNS address?

    Ace

    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP — Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    • Marked as answer by

      Monday, October 25, 2010 5:44 PM

Источник

Sys-Admin Forum

Loading

Источник

Понравилась статья? Поделить с друзьями:
  • Dns client events код ошибки 1014
  • Dns adguard com ошибка подключения к интернету
  • Dna probe started ошибка
  • Dmss ошибка подключения камеры
  • Dmp как узнать ошибку