DHCP access denied.

I recently installed a Win2K3 member server into a Win2K controlled domain.  I have a static IP set but am getting an annoying DHCP error similar to a previous thread: DHCP Client service, Access is denied. on the new member server.  I disabled the DHCP client service on the new server, and am not getting errors,but may one day want to allow the machine to use DHCP.  The previous thread had the following solution..

The solution was as follows:

 My problem was solved by granting the network services account full control to the
     hkey_local_machine\system\currentcontrolset\services\dhcp &
     hkey_local_machine\system\currentcontrolset\services\tpip registry keys on the updated server.

Although I realize this is a reg hack and doesn't really explain why the error occurs, I would like to get rid of the pesky errors in the event log when I enable DHCP client.

OK, so my question is -- to accomplish this, do I just need to add a new

string value: Object name
Value data: NT AUTHORITY\Network Service

to the registry under hklm\system\ccs\services\dhcp and tcpip?

I'm not quite sure if this is how to give the network services account full control.

Who is Participating?

Improve company productivity with a Business Account.Sign Up

crissandConnect With a Mentor Commented:
I use static addresses for member servers, but DHCP client it isn't stopped. The environment is the same: w2k domain controller and w2k3 member server. DHCP client depend on Ipsec driver, but Ipsec is configured to permit all. Verify the Dns suffix for this connection in nic's TCP/IP advanced properties.

Before that configuration I used to have one fixed addres on one nic and one dhcp address on the other with no problems at all.

The authorization problems can be related to date and time of the member server. I guess joining the domain worked flawlessly.

I don't remember any references in Group policy to dhcp in Windows 2000 environment.
The member server is joined to the domain?

Also, can you write here the eventid error from logs?
blueoakmoAuthor Commented:
Event ID 7023 in the System Log:

"The DHCP Client service terminated with the following error:
Access is denied.

But don't bother with Microsoft KB, it was no help.  This is a glitch I've discovered has happened to a few others, but no one seems to know exactly what caused the problem.

This is the interesting part -- the new server was initially setup to use DHCP and joined the domain fine the first time.  However, after a restart it can't join it that configuration - access to the DHCP server is denied.  I setup the system to have a static IP and it joins the domain fine and all is functioning well, including using GP on the domain, but throws off the error.

I'm really more interested in the registry info and if that is the best (only?) way to give the network services account control.
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

I've seen that error when date and time on dc and the other machine was'n't synchronized. But there must be some warnings in errror log stating that.
A little off topic but worth mentioning.... if the DHCP client service is shut off then dynamic DNS registration will fail.   I know it sounds wierd, but the DHCP client service is responsible for client side dynamic DNS registration.
blueoakmoAuthor Commented:
Gonna request a cleanup of this question.  Seems this has been encountered by others but no solution has been found.

THanks all.
Is a dhcp server on the domain controller? The new dhcp server has been authorized in active directory. The w2k3 server has been joined to the domain? The addresses of the dc and w2k3 server are outside the dhcp pool?
blueoakmoAuthor Commented:
Yes to all.  The thing is, all of the other servers and workstations are working fine and when assigning a static address, connectivity is good.  It's only if I leave the DHCP Client service enabled and started that I get error messages or if I try to dynamically set the IP on this server.  
You can't have two dhcp servers for with the same address pool.
blueoakmoAuthor Commented:

Hmm, not sure how you got the impression that there were 2 dhcp servers?

There is one dhcp server located on the DC.  THe member server that is having the issue is having issues with the Dhcp client (acquiring an address dynamically).
It seems the answer was to another question. :-)

Let's go back to this question... Error 7023 is a service manager error. It must be another error around.

Verify first if you have free addresses in the address pool.
blueoakmoAuthor Commented:
Actually, since I posted the original question, I believe I discovered that the problem may be related to group policy.  When I initially set up the server, it was set to use DHCP to obtain an address.  It would get an address, but after a period of time, access would be denied to the domain controller.  I haven't spent any time specifically on this, but think that maybe when GP refreshes, the security settings are denying the DHCP client service from working correctly.

This is a very oddball problem that I haven't run into before.  I found a few snippets around that indicated a few others ran into the same thing, but no solution was ever posted.  This may be because most people --including myself-- use static addresses for servers anyway and just disable the DHCP client on the nuisance machine.

The client at this location actually found the problem initially when installing Win2K server on the same machine and contacted Microsoft, to no avail.  We did a clean install on Win2K3 and found we had the same issue.

Very strange......
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.