Ask the Expert

DNS server generates Event 4011 errors

I set up Windows servers for a small computer company in our area. I have done this hundreds of times, but recently had a problem. I installed Windows 2000 Server, set up WINS, DNS and Active Directory. DNS gave me Event ID 4011 errors on boot up. After several hours of troubleshooting, I gave up and reformatted the hard drive and reinstalled 2000 server from scratch only to receive the same DNS errors again.

After looking at several troubleshooting articles I realized that I couldn't do what they suggested. This was my only domain controller, so I couldn't move the GC to another server. So as a last resort I changed the "allow dynamic updates" setting from YES to "only secure updates" and the error went away and all seems to function well now. My question is this: why did this change stop the error and what problems may arise from making that change? Clients are mixed bag of 98, NT, 2000 and XP. All static addresses, no DHCP being used.
The

    Requires Free Membership to View

reason for this is because Active Directory, which is present on the server you're using, requires fully-qualified domain names to work correctly with DNS. Using the "only secure updates" method insures that the FQDN information is passed along from DNS to AD. Microsoft Knowledge Base article 252695 discusses this problem and lists four conditions that are usually met to cause it:

1. Microsoft DNS server is integrated with Active Directory
2. Data stored in Active Directory is dynamically updated
3. Microsoft DNS server hosts the global catalog
4. DNS Resolver configuration points to the DNS server, which is installed on the same computer.

Also, if this server is multihomed (i.e., contains more than one network adapter), that may be a problem. Microsoft recommends that a domain controller not be multihomed under Windows 2000 (although Service Pack 1 should fix that problem as per Knowledge Base article 263091.

This was first published in September 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: