Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 4016 Source: DNS

The DNS server timed out attempting an Active Directory service operation on ---.  Check Active Directory to see that it is functioning properly. The event data contains the error.
0000: 55 00 00 00
T735747 suggests that the administrator should try and recreate the DNS zone after making sure that Active Directory works fine.
Analyzing several instances of this problem, the common denominator is the lack of availability of AD. Several services that depend on it may record events related to the fact that Active Directory cannot be contacted or the requests for it timed out. For example, one can see events from Exchange, from DNS, from workstations trying to access AD and so on). The first step in troubleshooting this would be to make sure that AD was available at the time the event was recorded (maybe it wasn't, so the event should not be a surprise). Once that has been cleared out, if the problem persists, then DNS should be checked, maybe the various configured zones have to be recreated.

* * *

On a support forum, one user found out that this problem showed up when users were performing large file transfers. He was able to replicate the problem on demand but copying a very large file.

A common "Data" recorded with this event is:
0000: 55 00 00 00
This translates to Error code 0x55 or "The local device name is already in use" - it may or may not be of much help.
From a newsgroup post: "I had the same problem. I have 2 servers running DNS; both are Win2k w/SP4, one primary and one secondary. They were working fine, until one day when the CPU usage on both servers plunged to 100% and stayed there. If I stopped the DNS service on either server, the CPU usage dropped to about 4% on both servers. I rebooted both systems with no help; once they come up they run fine for 2 or 3 minutes then the CPU hit 100% again. I stopped replication between my 2 servers and the CPU usage dropped to normal. I had a feeling that it was a replication issue with the reverse lookup zones. As the primary server was the first server to plunge to 100% CPU usage when this started I figured to start there. I deleted all of the reverse lookup zones and then replicated them from the secondary server one by one. After rebuilding them, the CPU usage reached normal levels on both servers".
Microsoft suggests that this is a caching problem, without providing additional information.
Several newsgroup posts suggest that this is an indication of a problem with the Active Directory and that netdiag should be run to diagnose the problem. A Microsoft engineer suggested the following:
- Stopping the dns service
- Delete your zone(s)
- Delete your system32\dns folder and your netlogon.dns file
- Uninstall dns and reinstall it

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.