DNS Error 4011 on Active Directory-Integrated DNS

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

Hello,

I have a Windows 2003 domain controller running an Active Directory-
Integrated DNS, and I've recently been getting the following error
message:

The DNS server was unable to add or write an update of domain name
dc02 in zone mydomain.com to the Active Directory. Check that the
Active Directory is functioning properly and add or update this domain
name using the DNS console. The extended error debug information
(which may be empty) is "00002098: SecErr: DSID-03150A45, problem 4003
(INSUFF_ACCESS_RIGHTS), data 0". The event data contains the error.

The Help and Support Center says to:

Check the permissions on the specified file:
1. In Windows Explorer, go to the Systemroot\System32\Dns folder.
2. Right-click the specified database file, and then click
Properties.
3. Click the Security tab, and then click Permissions.
4. Verify that you have the proper permissions to read, write, and run
the file.

I have three .dns files in this directory: cache.dns, 1.16.172.in-
addr.arpa.dns, and 3.16.172.in-addr.arpa.dns. I've never changed the
security settings on any of these files to start with, and I'm not
sure how or why they could have been altered. Since the error message
has started appearing, I've checked the security settings, and they
seem right to me:

DOMAIN\Administrators -- Full Control
Authenticated Users -- Read & Execute; Read
DOMAIN\Domain Admins -- Full Control
DOMAIN\Server Operators -- Modify; Read & Execute; Read; Write
SYSTEM -- Full Control

The DNS server seems to function properly, but I'd like to fix this
error to be sure that updates from other servers are being propagated
to this one. No similar errors are occurring on other servers. There
are no Active Directory errors in the Event Viewer and there are no
failed tests in DCDIAG. I'd really appreciate any suggestions about
solving this problem.
.

Relevant Pages

  • Re: DHCP Clients getting DNS lookup failures
    ... It sounds to me like you had a DNS issue but you fixed it, ... The DNS server has encountered a critical error from the Active ... Check that the Active Directory is functioning properly. ... Active Directory for this zone and is unable to load the zone without ...
    (microsoft.public.windows.server.sbs)
  • Re: event 4015 and 4004 on W2K2 DC
    ... How is DNS setup, Active directory integrated zones? ... Check that you have configured the forwarders tab on all DNS server properties in the DNS management console, pointing to your ISP's DNS server and of course all clients have to know the second DNS servers ip. ... Directory for this zone and is unable to load the zone without it. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Split-Brain DNS
    ... > What do I need to do to setup split-brain DNS for the company? ... > external DNS server I have setup on our DMZ, ... Deploying and Designing Active Directory [DNS Design, Migration, Cert Auth, ... Download details Windows Server 2003 Active Directory Branch Office Guide: ...
    (microsoft.public.windows.server.dns)
  • Re: DNS Error 4011 on Active Directory-Integrated DNS
    ... Integrated DNS, and I've recently been getting the following error ... Active Directory is functioning properly and add or update this ... DOMAIN\Administrators -- Full Control ... The DNS server seems to function properly, but I'd like to fix this ...
    (microsoft.public.windows.server.dns)
  • [LONG - PLS HELP] Issues on DNS
    ... Active Directory successfully replicated using the NetBIOS ... or fully qualified computer name of the source domain controller. ... DNS Server: ... The DNS server was unable to open zone mydomain.local in the Active ...
    (microsoft.public.windows.server.dns)