DNS Server Generates Event 4011 (252695)


The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
This article was previously published under Q252695

SYMPTOMS

In certain rare cases, you may find the following entries in the Event log on a Windows 2000-based Active Directory-integrated DNS server:
Event ID: 4011

The DNS server was unable to add or write an update of domain name _ldap in zone name.com to the Active Directory. Check that the Active Directory is functioning properly and add or update this domain name using the DNS console. The event data contains the error.

The DNS server was unable to add or write an update of domain name _gc in zone name.com to the Active Directory. Check that the Active Directory is functioning properly and add or update this domain name using the DNS console. The event data contains the error.

The DNS server was unable to add or write an update of domain name gc in zone name.com to the Active Directory. Check that the Active Directory is functioning properly and add or update this domain name using the DNS console. The event data contains the error.
Note that the zone name varies depending on the domain name that you are using.

Additionally, the Netlogon service may log the following error message:
Event ID: 5781

Dynamic registration or deregistration of one or more DNS records failed because no DNS servers are available.
Note that 5781 events may denote a number of different registrations and deregistration issues. Most of these may not be resolved with the workaround listed in this article. This workaround is for 4011 events.

CAUSE

When a Windows 2000-based Active Directory-integrated DNS server that hosts a global catalog boots, the registration of specific SRV records may not succeed.

The service startup order prevents certain SRV records from being registered because those services start before DNS is ready to receive registrations on a global catalog server.

RESOLUTION

To work around this behavior, specify a different Windows 2000-based Active Directory-integrated DNS server on the DNS tab in the Advanced TCP/IP Settings dialog box.

Or, try the following methods:
  • Move the global catalog or the DNS server to a different domain controller.

    NOTE: Before you move the Global Catalog functionality off of the server, ensure that the new FSMO owner does not hold the Infrastructure Master Role as well.
  • Do not integrate the DNS server that is hosting the global catalog with Active Directory.

MORE INFORMATION

The 4011 Event log entries appear only if all of the following conditions are met:
  • The Microsoft DNS server is integrated with Active Directory
  • Data that is stored in Active Directory is dynamically updated
  • The Microsoft DNS server hosts the global catalog
  • The DNS Resolver configuration points to the DNS server, which is installed on the same computer
Modification Type:MajorLast Reviewed:11/4/2003
Keywords:kbDNS kberrmsg kbprb KB252695
©2003 Microsoft Corporation. All rights reserved.