DNS error event id 4011

I started receiving this error message on my DNS servers after a reboot a
couple of days ago. All my DNS serves are Domain Controllers in a 2003 AD
environment. As far as I can tell no immediate problems are occurring, but
the error is troubling. Replication is still happening and we can add items
(users/computers) to the domain without a hitch. Here is the error.

The DNS server was unable to add or write an update of domain name <domain
name> in zone <domain name>.local to the Active Directory. Check that the
Active Directory is functioning properly and add or update this domain name
using the DNS console. The extended error debug information (which may be
empty) is "00002083: AtrErr: DSID-031510B7, #1:
0: 00002083: DSID-031510B7, problem 1006 (ATT_OR_VALUE_EXISTS), data 0, Att
9017e (dnsRecord)". The event data contains the error.

There isn't too many items listed regarding this error, so I was wondering
what the culprit could be.

Hello Lord,

See here:
http://technet.microsoft.com/en-us/l.../cc774611.aspx

Is the DHCP client service started on the server, needed for DNS registration/refresh?

Are all servers listed correct in the DNS zones?

Please post an unedited ipconfig /all from a problem server.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> I started receiving this error message on my DNS servers after a
> reboot a couple of days ago. All my DNS serves are Domain Controllers
> in a 2003 AD environment. As far as I can tell no immediate problems
> are occurring, but the error is troubling. Replication is still
> happening and we can add items (users/computers) to the domain without
> a hitch. Here is the error.
>
> The DNS server was unable to add or write an update of domain name
> <domain
>
name>> in zone <domain name>.local to the Active Directory. Check that
name>> the
name>>
> Active Directory is functioning properly and add or update this domain
> name
> using the DNS console. The extended error debug information (which may
> be
> empty) is "00002083: AtrErr: DSID-031510B7, #1:
> 0: 00002083: DSID-031510B7, problem 1006 (ATT_OR_VALUE_EXISTS), data
> 0, Att
> 9017e (dnsRecord)". The event data contains the error.
> There isn't too many items listed regarding this error, so I was
> wondering what the culprit could be.
>

DHCP is not installed on this server. That service is taken care of by
another system.

I did notice something different that may or maynot matter. When I was
looking in the sites zone listed under my domain one of my sites had
something different that all the others do not. It had a SRV record for
three domain controllers not at that location (location I am meaning sites
from AD sites and services).

Here is the ipconfig /all from this server.

Windows IP Configuration

Host Name . . . . . . . . . . . . : <correct server name>
Primary Dns Suffix . . . . . . . : <correct domain name>
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : <correct domain name>

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Net
Physical Address. . . . . . . . . : <correct mac>
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : <correct IP>
Subnet Mask . . . . . . . . . . . : <correct subnet mask>
Default Gateway . . . . . . . . . : <correct Gateway>
DNS Servers . . . . . . . . . . . : <primary DNS>
<secondary DNS "which is this server>

C:\Documents and Settings\Administrator>


"Meinolf Weber [MVP-DS]" wrote:

> Hello Lord,
>
> See here:
> http://technet.microsoft.com/en-us/l.../cc774611.aspx
>
> Is the DHCP client service started on the server, needed for DNS registration/refresh?
>
> Are all servers listed correct in the DNS zones?
>
> Please post an unedited ipconfig /all from a problem server.
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and confers
> no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>
> > I started receiving this error message on my DNS servers after a
> > reboot a couple of days ago. All my DNS serves are Domain Controllers
> > in a 2003 AD environment. As far as I can tell no immediate problems
> > are occurring, but the error is troubling. Replication is still
> > happening and we can add items (users/computers) to the domain without
> > a hitch. Here is the error.
> >
> > The DNS server was unable to add or write an update of domain name
> > <domain
> >
> name>> in zone <domain name>.local to the Active Directory. Check that
> name>> the
> name>>
> > Active Directory is functioning properly and add or update this domain
> > name
> > using the DNS console. The extended error debug information (which may
> > be
> > empty) is "00002083: AtrErr: DSID-031510B7, #1:
> > 0: 00002083: DSID-031510B7, problem 1006 (ATT_OR_VALUE_EXISTS), data
> > 0, Att
> > 9017e (dnsRecord)". The event data contains the error.
> > There isn't too many items listed regarding this error, so I was
> > wondering what the culprit could be.
> >
>
>
>

"Lord Dark Helmet" <> wrote in message news:8806B3BD-EDE2-4C2A-BFD2-...
> DHCP is not installed on this server. That service is taken care of by
> another system.
>
> I did notice something different that may or maynot matter. When I was
> looking in the sites zone listed under my domain one of my sites had
> something different that all the others do not. It had a SRV record for
> three domain controllers not at that location (location I am meaning sites
> from AD sites and services).
>
> Here is the ipconfig /all from this server.
>
> Windows IP Configuration
>
> Host Name . . . . . . . . . . . . : <correct server name>
> Primary Dns Suffix . . . . . . . : <correct domain name>
> Node Type . . . . . . . . . . . . : Unknown
> IP Routing Enabled. . . . . . . . : No
> WINS Proxy Enabled. . . . . . . . : No
> DNS Suffix Search List. . . . . . : <correct domain name>
>
> Ethernet adapter Local Area Connection:
>
> Connection-specific DNS Suffix . :
> Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Net
> Physical Address. . . . . . . . . : <correct mac>
> DHCP Enabled. . . . . . . . . . . : No
> IP Address. . . . . . . . . . . . : <correct IP>
> Subnet Mask . . . . . . . . . . . : <correct subnet mask>
> Default Gateway . . . . . . . . . : <correct Gateway>
> DNS Servers . . . . . . . . . . . : <primary DNS>
> <secondary DNS "which is this server>
>


Hello "Lord Dark Helmet"

Sometimes it is difficult to support some issues without actually seeing a config. Since you've hidden most of the important stuff, such as the Primary DNS suffix, I will assume that that name matches the zone name in DNS, and that updates are allowed in the zone, as well as that the primary DNS is an internal (not an ISP or router) DNS server.

Actually, I would recommend to change that to, also assuming this is a DC, to itself as the first (you called the primary) address, and a partner DC in the same site, or different site, as as the second DNS entry. There are various thoughts on this, but this has been adopted as best practice by many engineers.

As for what Meinolf asked about the DHCP Client Service if it was disabled or not, he was not asking if the DHCP server service is installed, rather if the "DHCP CLient Service" is set to Automatic and is running (Started). This is actually an extremely important service for the machine, whether the machine is using a static IP configuration (as your server), or set to automatically get a DHCP IP configuraiton from a DHCP server (such as a client machine). The name of this service doesn't do justice for what it actually does, for actually it is a misnomer for the DNS Client Side Resolver and DNS DYnamic Update service on the machine, which is what it really does. If you disable it, it will not be able to register itself into DNS, nor be able to resolve names.

These are some of the questions we ask when there is a registration problem, hence why we usually ask for an unedited configuration. I know some are hesitant to provide such info, but if the server is in a private NAT subnet, there is usually a safe bet, but I can understand your concerns.

The main things that must match and be set for registration to occur properly are:

Primary DNS Suffix must match the zone name.
Zone name in DNS must be allowed to update.
Zone name must NOT be a single label name, such as DOMAIN instead of the required minimal format of 'domain.com' domain.internal, domain.darkhelmet', etc.
The DNS servers listed in ip config must only be internal DNS servers that host the AD DNS domain name.

I hope that helps to find out what is going on.

--
Ace

This posting is provided "AS-IS" with no warranties or guarantees and
confers no rights.

Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
Microsoft Certified Trainer


For urgent issues, you may want to contact Microsoft PSS directly. Please
check http://support.microsoft.com for regional support phone numbers.

"Efficiency is doing things right; effectiveness is doing the right things." - Peter F. Drucker
http://twitter.com/acefekay

Thank you for your reponse. I actually changed the first DNS recently to
another server based on some other posts I read. It was changed yesterday.
I can easily switch that back. The other DNS listed is an AD DNS and a DC as
well.

As far as the DHCP Client service goes, it appears to be running. I hadn't
turned it off so I don't know why it wouldn't be running.

Our zone name is hamiltonmrdd.local. I don't think that would be the
problem as we have had this domain up and running for 3 years now.

I didn't want to appear rude and I appreaciate your help, I have always been
under the guidence of not disclosing too much information on public forums.
I'll keep looking around and see if I can figure out what is causing the
errors.

"Ace Fekay [Microsoft Certified Trainer]" wrote:

> "Lord Dark Helmet" <> wrote in message news:8806B3BD-EDE2-4C2A-BFD2-...
> > DHCP is not installed on this server. That service is taken care of by
> > another system.
> >
> > I did notice something different that may or maynot matter. When I was
> > looking in the sites zone listed under my domain one of my sites had
> > something different that all the others do not. It had a SRV record for
> > three domain controllers not at that location (location I am meaning sites
> > from AD sites and services).
> >
> > Here is the ipconfig /all from this server.
> >
> > Windows IP Configuration
> >
> > Host Name . . . . . . . . . . . . : <correct server name>
> > Primary Dns Suffix . . . . . . . : <correct domain name>
> > Node Type . . . . . . . . . . . . : Unknown
> > IP Routing Enabled. . . . . . . . : No
> > WINS Proxy Enabled. . . . . . . . : No
> > DNS Suffix Search List. . . . . . : <correct domain name>
> >
> > Ethernet adapter Local Area Connection:
> >
> > Connection-specific DNS Suffix . :
> > Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Net
> > Physical Address. . . . . . . . . : <correct mac>
> > DHCP Enabled. . . . . . . . . . . : No
> > IP Address. . . . . . . . . . . . : <correct IP>
> > Subnet Mask . . . . . . . . . . . : <correct subnet mask>
> > Default Gateway . . . . . . . . . : <correct Gateway>
> > DNS Servers . . . . . . . . . . . : <primary DNS>
> > <secondary DNS "which is this server>
> >
>
>
> Hello "Lord Dark Helmet"
>
> Sometimes it is difficult to support some issues without actually seeing a config. Since you've hidden most of the important stuff, such as the Primary DNS suffix, I will assume that that name matches the zone name in DNS, and that updates are allowed in the zone, as well as that the primary DNS is an internal (not an ISP or router) DNS server.
>
> Actually, I would recommend to change that to, also assuming this is a DC, to itself as the first (you called the primary) address, and a partner DC in the same site, or different site, as as the second DNS entry. There are various thoughts on this, but this has been adopted as best practice by many engineers.
>
> As for what Meinolf asked about the DHCP Client Service if it was disabled or not, he was not asking if the DHCP server service is installed, rather if the "DHCP CLient Service" is set to Automatic and is running (Started). This is actually an extremely important service for the machine, whether the machine is using a static IP configuration (as your server), or set to automatically get a DHCP IP configuraiton from a DHCP server (such as a client machine). The name of this service doesn't do justice for what it actually does, for actually it is a misnomer for the DNS Client Side Resolver and DNS DYnamic Update service on the machine, which is what it really does. If you disable it, it will not be able to register itself into DNS, nor be able to resolve names.
>
> These are some of the questions we ask when there is a registration problem, hence why we usually ask for an unedited configuration. I know some are hesitant to provide such info, but if the server is in a private NAT subnet, there is usually a safe bet, but I can understand your concerns.
>
> The main things that must match and be set for registration to occur properly are:
>
> Primary DNS Suffix must match the zone name.
> Zone name in DNS must be allowed to update.
> Zone name must NOT be a single label name, such as DOMAIN instead of the required minimal format of 'domain.com' domain.internal, domain.darkhelmet', etc.
> The DNS servers listed in ip config must only be internal DNS servers that host the AD DNS domain name.
>
> I hope that helps to find out what is going on.
>
> --
> Ace
>
> This posting is provided "AS-IS" with no warranties or guarantees and
> confers no rights.
>
> Ace Fekay, MCSE 2003 & 2000, MCSA 2003 & 2000, MCSA Messaging, MCT
> Microsoft Certified Trainer
>
>
> For urgent issues, you may want to contact Microsoft PSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> "Efficiency is doing things right; effectiveness is doing the right things." - Peter F. Drucker
> http://twitter.com/acefekay
>
>
>
>
>
>
>

"Lord Dark Helmet" <> wrote in message news:EA46BAE9-5F14-4D7F-9BC0-...
> Thank you for your reponse. I actually changed the first DNS recently to
> another server based on some other posts I read. It was changed yesterday.
> I can easily switch that back. The other DNS listed is an AD DNS and a DC as
> well.
>
> As far as the DHCP Client service goes, it appears to be running. I hadn't
> turned it off so I don't know why it wouldn't be running.
>
> Our zone name is hamiltonmrdd.local. I don't think that would be the
> problem as we have had this domain up and running for 3 years now.
>
> I didn't want to appear rude and I appreaciate your help, I have always been
> under the guidence of not disclosing too much information on public forums.
> I'll keep looking around and see if I can figure out what is causing the
> errors.
>

You are welcome, and no, you weren't rude, you were just being cautious, and can understand.

See if this helps:
http://eventid.net/display.asp?event...ce=DNS&phase=1

It basically says something is stopping it from registering. Do you remember any changes made, additions, installations, etc, that may have occured since it started?

Ace

Nothing recent. The last thing we did was add a new site about 2 months ago.
This problem started on the 10th. That night, the DNS server rebooted
because of some updates that were installed. One of the DC's failed to
reboot properly. It was stuck on post. I powered it down and rebooted that
DC and it came back clean. Replication started back up and all seemed well.
I had noticed the DNS errors but I had attributed them to the fact one of my
DC's didn't come up right. It wasn't until this Monday that I noticed the
errors were still happening. That was when I made the change on the DNS
server to change the primary dns address to another dns server. By the way,
that DC that failed to reboot properly is not a DNS DC. Just your plain run
of the mill DC. All my DC's are 2003 servers and I had read that post which
mentions 2000 servers. I wasn't sure that pertained to 2003 servers.

"Ace Fekay [Microsoft Certified Trainer]" wrote:

> "Lord Dark Helmet" <> wrote in message news:EA46BAE9-5F14-4D7F-9BC0-...
> > Thank you for your reponse. I actually changed the first DNS recently to
> > another server based on some other posts I read. It was changed yesterday.
> > I can easily switch that back. The other DNS listed is an AD DNS and a DC as
> > well.
> >
> > As far as the DHCP Client service goes, it appears to be running. I hadn't
> > turned it off so I don't know why it wouldn't be running.
> >
> > Our zone name is hamiltonmrdd.local. I don't think that would be the
> > problem as we have had this domain up and running for 3 years now.
> >
> > I didn't want to appear rude and I appreaciate your help, I have always been
> > under the guidence of not disclosing too much information on public forums.
> > I'll keep looking around and see if I can figure out what is causing the
> > errors.
> >
>
> You are welcome, and no, you weren't rude, you were just being cautious, and can understand.
>
> See if this helps:
> http://eventid.net/display.asp?event...ce=DNS&phase=1
>
> It basically says something is stopping it from registering. Do you remember any changes made, additions, installations, etc, that may have occured since it started?
>
> Ace
>
>
>
>
>

"Lord Dark Helmet" <> wrote in message news:78CEB6B0-E6A8-4FE1-ACA8-...
> Nothing recent. The last thing we did was add a new site about 2 months ago.
> This problem started on the 10th. That night, the DNS server rebooted
> because of some updates that were installed. One of the DC's failed to
> reboot properly. It was stuck on post. I powered it down and rebooted that
> DC and it came back clean. Replication started back up and all seemed well.
> I had noticed the DNS errors but I had attributed them to the fact one of my
> DC's didn't come up right. It wasn't until this Monday that I noticed the
> errors were still happening. That was when I made the change on the DNS
> server to change the primary dns address to another dns server. By the way,
> that DC that failed to reboot properly is not a DNS DC. Just your plain run
> of the mill DC. All my DC's are 2003 servers and I had read that post which
> mentions 2000 servers. I wasn't sure that pertained to 2003 servers.
>

2000 and 2003 are very similar in funtionality, disregarding updates/hotfixes. I would actually install DNS, but if it is using the other DC as the only DNS, then let's leave it that way for the moment. And you are saying there are no other event log errors?


Ace

There is nothing new in the application, system, directory service or File
replication. It is only in DNS server log that anything is showing up. I've
checked my other DNS servers and they are all reporting the same issue.
Usually 5 to 6 errors a day.

"Ace Fekay [Microsoft Certified Trainer]" wrote:

> "Lord Dark Helmet" <> wrote in message news:78CEB6B0-E6A8-4FE1-ACA8-...
> > Nothing recent. The last thing we did was add a new site about 2 months ago.
> > This problem started on the 10th. That night, the DNS server rebooted
> > because of some updates that were installed. One of the DC's failed to
> > reboot properly. It was stuck on post. I powered it down and rebooted that
> > DC and it came back clean. Replication started back up and all seemed well.
> > I had noticed the DNS errors but I had attributed them to the fact one of my
> > DC's didn't come up right. It wasn't until this Monday that I noticed the
> > errors were still happening. That was when I made the change on the DNS
> > server to change the primary dns address to another dns server. By the way,
> > that DC that failed to reboot properly is not a DNS DC. Just your plain run
> > of the mill DC. All my DC's are 2003 servers and I had read that post which
> > mentions 2000 servers. I wasn't sure that pertained to 2003 servers.
> >
>
> 2000 and 2003 are very similar in funtionality, disregarding updates/hotfixes. I would actually install DNS, but if it is using the other DC as the only DNS, then let's leave it that way for the moment. And you are saying there are no other event log errors?
>
>
> Ace
>
>
>

"Lord Dark Helmet" <> wrote in message newsEDB16D3-E221-4BB1-84FF-...
> There is nothing new in the application, system, directory service or File
> replication. It is only in DNS server log that anything is showing up. I've
> checked my other DNS servers and they are all reporting the same issue.
> Usually 5 to 6 errors a day.
>

This is getting difficult to nail down. Usually registration just works, unless multihoming a DC, Primary DNS suffix doesn't match the zone, using ISP's DNS, or even a reg entry to stop registration, or any other reg entry that may have been applied for some other reason. Let me think on this ...

Ace