Server 2012 R2 (before the 2nd DC is added)
There are an amazing number of web pages that attempt to address Event ID 4013 including these on serverfault: link1, link2, link3 (though this last post is for multiple DC's). This last link even recommends to hack the registry to turn off this check but Microsoft strongly recommends against that for a production network in this link. Even though that last link is for Server 2003 I assume and think this recommendation still applies.
I'm getting this error after having just created the first DNS server on the domain and I'm trying to resolve the important errors before moving on. Having studied this Event ID much I'd like to ask about the last line of the General comments which says:
"This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed."
Doesn't this really mean if the error doesn't show up 2 minutes later the problem is resolved, so I can really ignore this error if it only occurs when this server has to be rebooted/restarted such as after a UPS commanded shutdown, etc.? Or are there scenarios where I really need to keep searching for the issue?
Best Answer
Yes you may safely ignore it, unless it keeps happening repeatedly long after the domain controller/DNS server has rebooted.
The warning should only occur when you reboot the domain controller or otherwise restart AD and DNS.
The reason this happens is simple - DNS hosts Active Directory-integrated zones, and therefore cannot finish initializing until Active Directory is up and running and healthy. But since you just rebooted, Active Directory is not finished starting yet. But Active Directory can't finish starting without access to a DNS server. So you see, AD and DNS are waiting on each other. (But eventually, a timeout occurs, a warning event is logged, and AD and DNS will eventually both start normally.)
The correct way to avoid this issue is to have more than one domain controller, and have each domain controller point to the other as its primary DNS resolver.
But if you're unwilling to add another domain controller to your environment, then you can safely just live with the warning events.