When you log on to an Active Directory integrated DNS domain controller, you experience the following:
1. The logon is very slow.
2. When you use the DNS snap-in, the domain name is NOT displayed under Forward Lookup Zone.
3. If you restart the server, only administrators can access it.
4. Your DNS event log contains:
Event ID 4000
Description: The DNS server was unable to open Active Directory. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.
Event ID 4013
Description: The DNS server was unable to open the Active Directory. This DNS server is configured to use directory service information and cannot operate without access to the directory. The DNS server will wait for the directory to start. If the DNS server is started but the appropriate event has not been logged, then the DNS server is still waiting for the directory to start.
This problem is the results of the following:
1. The Security log is full and events cannot be over-written.
2. The Shut down system immediately if unable to log security audits Group Policy is enabled.
3. Security auditing is enabled.
To workaround this issue:
1. Make sure that CrashOnAuditFail is a REG_DWORD data type and that it is set to 0.
2. Disable the Group Policy settings at Computer Configuration\Windows Settings\Security Settings\Security Options\Shut down your system immediately if unable to log security audits, on either the domain or the domain controllers OU:
3. Disable security auditing or archive and clear the log.