I set up Windows servers for a small computer company in our area. I have done this hundreds of times, but recently had a problem. I installed Windows 2000 Server, set up WINS, DNS and Active Directory. DNS gave me Event ID 4011 errors on boot up. After several hours of troubleshooting, I gave up and reformatted the hard drive and reinstalled 2000 server from scratch only to receive the same DNS errors again.
After looking at several troubleshooting articles I realized that I couldn't do what they
suggested. This was my only domain controller, so I couldn't move the GC to another server. So as a
last resort I changed the "allow dynamic updates" setting from YES to "only secure updates" and the
error went away and all seems to function well now. My question is this: why did this change stop
the error and what problems may arise from making that change? Clients are mixed bag of 98, NT,
2000 and XP. All static addresses, no DHCP being used.
1. Microsoft DNS server is integrated with Active Directory
2. Data stored in Active Directory is dynamically updated
3. Microsoft DNS server hosts the global catalog
4. DNS Resolver configuration points to the DNS server, which is installed on the same computer.
Also, if this server is multihomed (i.e., contains more than one network adapter), that may be a
problem. Microsoft recommends that a domain controller not be multihomed under Windows 2000
(although Service Pack 1 should fix that problem as per Knowledge Base article 263091.
This was first published in September 2004