I set up Windows servers for a small computer company in our area. I have done this hundreds of times, but recently had a problem. I installed Windows 2000 Server, set up WINS, DNS and Active Directory. DNS gave me Event ID 4011 errors on boot up. After several hours of troubleshooting, I gave up and reformatted the hard drive and reinstalled 2000 server from scratch only to receive the same DNS errors again.
After looking at several troubleshooting articles I realized that I couldn't do what they suggested. This was my only domain controller, so I couldn't move the GC to another server. So as a last resort I changed the "allow dynamic updates" setting from YES to "only secure updates" and the error went away and all seems to function well now. My question is this: why did this change stop the error and what problems may arise from making that change? Clients are mixed bag of 98, NT, 2000 and XP. All static addresses, no DHCP being used.
The reason for this is because Active Directory, which is present on the server you're using, requires fully-qualified domain names to work correctly with DNS. Using the "only secure updates" method insures that the FQDN information is passed along from DNS to AD. Microsoft Knowledge Base article 252695 discusses this problem and lists four conditions that are usually met to cause it:
1. Microsoft DNS server is integrated with Active Directory
2. Data stored in Active Directory is dynamically updated
3. Microsoft DNS server hosts the global catalog
4. DNS Resolver configuration points to the DNS server, which is installed on the same computer.
Also, if this server is multihomed (i.e., contains more than one network adapter), that may be a problem. Microsoft recommends that a domain controller not be multihomed under Windows 2000 (although Service Pack 1 should fix that problem as per Knowledge Base article 263091.