I have this exact issue Event ID 4013: “The DNS server is waiting for Active Directory Domain Services (AD DS) to signal…"
Two DC's and two DNS servers except my problems are a little more involved. So if I reboot my domain I cannot logon to my domain or access resources until BOTH DC's are fully booted and AD is able to perform initial synchronization.
This is annoying, but my problem is extended because on Server 2008 my network profile changes to "unidentified" since DNS isn't loaded and this "unidentified" profile turns on a firewall which blocks DC/DNS traffic. My network is completely inaccessible until I either reboot one of the DC/DNS servers AGAIN or disable the firewall on the profiles.
Sure, I could fix this by disabling the firewall on that profile, but is there really no other way around this problem? It seems like a huge design oversight.
Best Answer
You need to configure the domain controllers such that the primary DNS resolver on DC1 is DC2, and the primary DNS resolver on DC2 is DC1, then set 127.0.0.1 as the secondary DNS resolver on both DC1 and DC2, and finally, do not reboot them at the same time. Stagger reboots.
Here is an excerpt from the Microsoft Best Practices Analyzer article regarding this matter:
Yes I know that Microsoft has done some work to alleviate the replication "island" problem, yet, this remains as the best practices advice from Microsoft to this day.