Sign In Create an Account
Recent Search Results
No Search results are currently available to display.

Your last search results will be displayed here for the duration of your browser session.

Log ReportPrint
Template General
Log Name DNS Server
Type Error
Source DNS
Entry ID 4016
Average Threat Rating
Add Your Encounter Hide Encounters without Resolutions
Posts: 41

Revision 2
Threat Rating:

Contains Resolution:
The symptoms that we encountered with this error were Authentication failures and AD Communication Errors.  This was most likely because DNS was failing to resolve the domain name.  We have two DNS servers, one on each domain controller. We initially thought the secondary DNS Server was the problem DC because of the High CPU. But after failing to  make a connection to the primary via Active Directory Users and Computers we determined it was not the secondary.  The Event Logs on the primary contained the 4016 event Ids. We believe clients at some point were beginning to fail over to the second DNS server in there DNS Server list putting heavy load on the secondary server.

We resolved the issue by restarting the DNS service.  The service did not successfully stop and we had to Kill the DNS.exe process.  The service then started successfully and proper DNS and AD functionality returned.

Follow-up notes: It was later determined that the root cause was a large number of user and computer accounts (200+) all at once being added to a security group causing the Infrastruture Master to be overworked.  The Directory Services log included the following events:
ID - 2094,
Source - NTDS Replication,
Description - Performance warning: replication was delayed while applying changes to the follwoing object...

ID - 1792
Source - NTDS Database
Description - A transaction lasts 39 minutes and 41 seconds, much longer thabn expected.

Peer Reviews (0)

No reviews have been post for this Encounter

Post a Peer Review: