We came across an issue recently when we were creating a test environment, basically we were taking a copy of our DC’s VHD’s and then attaching the copies to VM’s in out Test Lab.
We attached both VHD’s and then Reassigned the IP’s to fit in with our Test Lab IP addressing scheme.
After doing this and starting the VM’s both DC’s were able to communicate via ping however AD was not functioning correctly as DNS on both servers was not functioning correctly. I checked the Event Logs on both servers and they were both giving the same alert.
Event ID 4013
“The DNS server is waiting for Active Directory Domain Services (AD DS) to signal that the initial synchronization of the directory has been completed. The DNS server service cannot start until the initial synchronization is complete because critical DNS data might not yet be replicated onto this domain controller. If events in the AD DS event log indicate that there is a problem with DNS name resolution, consider adding the IP address of another DNS server for this domain to the DNS server list in the Internet Protocol properties of this computer. This event will be logged every two minutes until AD DS has signaled that the initial synchronization has successfully completed.”
To resolve this issue i had to do the below to allow the initial synchronization.
- Log onto the First Domain Controller
- Open Regedit
- Navigate to HKLMSYSTEMCurrentControlSetServicesNTDSParameters
- Right-click Parameters, click New, and then click DWORD Value.
- Type “Allow Replication With Divergent and Corrupt Partner” and press enter.
- Open the entry and in the Value Data box type 0
- Reboot First DC wait for it to come back online and then repeat the above steps on the Second DC.
Now AD should be fully functional again, when this is the case please be sure to change the “Allow Replication With Divergent and Corrupt Partner” back to 0.