After a long time I was actually doing some hands-on and damn the first problem that I encounter is a Microsoft  Windows 2008 Server R2 design constraint for DNS Service.

Issue:

When you try to install Active Directory (AD) with integrated DNS on a high-end server (64 Cores, 500 GB+ RAM etc.). After installing the AD and when you reboot the server the DNS service doesn’t start automatically. You keep on getting the following errors when you try to start the service manually it just wont START

Note: Active Directory works like a charm. However, the DNS service doesn’t start and we all know AD without DNS is like a big Disaster!

System Event Log: (Event id 7023)

Log Name:      System
Source:        Service Control Manager
Event ID:      7023
Level:         Error
Description:
The DNS Server service terminated with the following error:
A thread could not be created for the service.

DNS Server Log: (Event id 3 and 708)

Log Name:      DNS Server
Source:        Microsoft-Windows-DNS-Server-Service
Event ID:      3
Level:         Information
Description:
The DNS server has shut down.

Log Name:      DNS Server
Source:        Microsoft-Windows-DNS-Server-Service
Event ID:      708
Level:         Information
Description:
The DNS server did not detect any zones of either primary or secondary type during initialization. It will not be authoritative for any zones, and it will run as a caching-only server until a zone is loaded manually or by Active Directory replication. For more information, see the online Help.

Resolution:

After a lot of troubleshooting and researching on the web finally I figure out that its is a design constraint with DNS. The service doesn’t work on servers that have more than 32 cores on it. Being a lab environment my thoughts were to install the AD, DNS, SQL 2008, SCVMM and Hyper-V on the same host. But all my plans are shattered now!!

I know Microsoft Support will argue why do you have to install all the server roles onto the physical host? My answer would be being a lab environment and the only available server why not? (I am going to create a lot of VM’s on the host) Secondly to get maximum performance of the services. Last to avoid domain controller issues inside the VM and having the physical host joined to the same domain running inside a VM.

Statement from the Microsoft Support:

This is a by-design problem in DNS.exe in this scenario with a very large amount of CPU resources available. Inside the DNS Server service, there is a thread count limitation (maximal 120 threads). However, it does not limit processors (or cores).

On 64 cores server, DNS Dynamic update routines will create 64 Update threads, and UDP I/O and dispatch routine will create 64 UDP Listen threads. Besides that, the following threads will also be created for DNS operation,

“Recursion Timeout” thread
“Secondary Control” thread
“DsLoad_Thread” thread
“Timeout_Thread” thread

Therefore, the thread limitation will be reached: 64 *2 + 4 = 132 > 120, and ERROR_SERVICE_NO_THREAD error would occur.

On 32 cores server, the DNS service would be running fine as it only creates 32 * 2 + 4 = 68 threads.

This is a by-design behavior and it will not be fixed until Windows 8. Currently, the only solution is to use less than 32 cores.

If you like this post leave your comments

Best Regards,
Aresh

Source