Event ID 4013: “The DNS server is waiting for Active Directory Domain Services (AD DS) to signal..."

We have an issue that only occurs after we rebooting our secondary DC and DNS server/DHCP server. It is a 2008r2 x64 server, DC and DNS/DHCP server. Our main DC is 2003.

Event ID 4013:

“The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.”

I found this solution:

  1. Log onto the First Domain Controller
  2. Open Regedit
  3. Navigate to HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
  4. Right-click Parameters, click New, and then click DWORD Value.
  5. Type “Allow Replication With Divergent and Corrupt Partner” and press enter.
  6. Open the entry and in the Value Data box type 0
  7. Reboot First DC wait for it to come back online and then repeat the above steps on the Second DC.

It doesn't really apply to us, since after about 15 seconds, it syncs up. My question is this, what would happen once we decommission or main DC and make our secondary DC our main DC? Since the warning does not occur after the reboot (like I said, it actually syncs up after about 15 seconds), should I even be concerned about it now?

Thanks!


Solution 1:

Since your DNS is almost certainly AD-integrated for you to be getting that error, it (DNS) will wait until AD DS has completed a synchronization. If you were to decommission the other server, as long as it was done properly, this DC would consider itself to be synchronized since it had no partners.

The registry fix you mentioned would get you around that check, but another option (assuming your other DC was gone) is to transfer all the FSMO roles to this DC. I have had to do this in a virtual lab before when restoring only a single secondary DC. By seizing all the FSMO roles, I was able to get DNS up and running.