When you restart your server, after running Dcpromo, the new domain controller records the following in the System event log:
Event Type: Error
Event Source: Service Control Manager
Event Category: None
Event ID: 7022
Description: The Net Logon service hung on starting.
Two possible reasons for this behavior are:
- The DNS records for this domain controller were deleted before you restarted the server.
- A timing issue:
NetLogon starts to register the DNS records that require DNS Secure Dynamic Update, by inspecting the contents of the %SystemRoot%\System32\Config\Netlogon.dns file.
NetLogon requests a ticket from the local KDC (Kerberos Distribution Center) service.
The KDC service is NOT fully started, so NetLogon waits for the ticket.
The Service Control Manager, monitoring the start of the NetLogon service, times out and logs the 7022 event.
The KDC service completes its' startup and issues the ticket to NetLogon.
NetLogon begins the DNS Secure Dynamic Update.
To determine if there are any problems, run the NetDiag and DcDiag utilities. If these utilities do not disclose any problem with DNS registration, you may safely ignore this error.
If you prefer to be proactive, you can try to use tip 0069 to delay the start of NetLogon, by making it depend on a service, which depends on a service, etc., which depends on the KDC service.