Solved

DHCP access denied.

Posted on 2004-10-11
14
2,011 Views
Last Modified: 2011-10-03
I recently installed a Win2K3 member server into a Win2K controlled domain.  I have a static IP set but am getting an annoying DHCP error similar to a previous thread: DHCP Client service, Access is denied. on the new member server.  I disabled the DHCP client service on the new server, and am not getting errors,but may one day want to allow the machine to use DHCP.  The previous thread had the following solution..

The solution was as follows:

 My problem was solved by granting the network services account full control to the
     hkey_local_machine\system\currentcontrolset\services\dhcp &
     hkey_local_machine\system\currentcontrolset\services\tpip registry keys on the updated server.
     ......

Although I realize this is a reg hack and doesn't really explain why the error occurs, I would like to get rid of the pesky errors in the event log when I enable DHCP client.

OK, so my question is -- to accomplish this, do I just need to add a new

string value: Object name
Value data: NT AUTHORITY\Network Service

to the registry under hklm\system\ccs\services\dhcp and tcpip?

I'm not quite sure if this is how to give the network services account full control.

TIA
0
Comment
Question by:blueoakmo
  • 6
  • 5
14 Comments
 
LVL 18

Expert Comment

by:crissand
ID: 12278634
The member server is joined to the domain?

Also, can you write here the eventid error from logs?
0
 

Author Comment

by:blueoakmo
ID: 12279178
Event ID 7023 in the System Log:

"The DHCP Client service terminated with the following error:
Access is denied.

But don't bother with Microsoft KB, it was no help.  This is a glitch I've discovered has happened to a few others, but no one seems to know exactly what caused the problem.

This is the interesting part -- the new server was initially setup to use DHCP and joined the domain fine the first time.  However, after a restart it can't join it that configuration - access to the DHCP server is denied.  I setup the system to have a static IP and it joins the domain fine and all is functioning well, including using GP on the domain, but throws off the error.

I'm really more interested in the registry info and if that is the best (only?) way to give the network services account control.
0
 
LVL 18

Expert Comment

by:crissand
ID: 12285808
I've seen that error when date and time on dc and the other machine was'n't synchronized. But there must be some warnings in errror log stating that.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 21

Expert Comment

by:marc_nivens
ID: 12307722
A little off topic but worth mentioning.... if the DHCP client service is shut off then dynamic DNS registration will fail.   I know it sounds wierd, but the DHCP client service is responsible for client side dynamic DNS registration.
0
 

Author Comment

by:blueoakmo
ID: 13028125
Gonna request a cleanup of this question.  Seems this has been encountered by others but no solution has been found.

THanks all.
0
 
LVL 18

Expert Comment

by:crissand
ID: 13034020
Is a dhcp server on the domain controller? The new dhcp server has been authorized in active directory. The w2k3 server has been joined to the domain? The addresses of the dc and w2k3 server are outside the dhcp pool?
0
 

Author Comment

by:blueoakmo
ID: 13037031
Yes to all.  The thing is, all of the other servers and workstations are working fine and when assigning a static address, connectivity is good.  It's only if I leave the DHCP Client service enabled and started that I get error messages or if I try to dynamically set the IP on this server.  
0
 
LVL 18

Expert Comment

by:crissand
ID: 13043412
You can't have two dhcp servers for with the same address pool.
0
 

Author Comment

by:blueoakmo
ID: 13045302
?????

Hmm, not sure how you got the impression that there were 2 dhcp servers?

There is one dhcp server located on the DC.  THe member server that is having the issue is having issues with the Dhcp client (acquiring an address dynamically).
0
 
LVL 18

Expert Comment

by:crissand
ID: 13045790
It seems the answer was to another question. :-)

Let's go back to this question... Error 7023 is a service manager error. It must be another error around.

Verify first if you have free addresses in the address pool.
0
 

Author Comment

by:blueoakmo
ID: 13053757
Actually, since I posted the original question, I believe I discovered that the problem may be related to group policy.  When I initially set up the server, it was set to use DHCP to obtain an address.  It would get an address, but after a period of time, access would be denied to the domain controller.  I haven't spent any time specifically on this, but think that maybe when GP refreshes, the security settings are denying the DHCP client service from working correctly.

This is a very oddball problem that I haven't run into before.  I found a few snippets around that indicated a few others ran into the same thing, but no solution was ever posted.  This may be because most people --including myself-- use static addresses for servers anyway and just disable the DHCP client on the nuisance machine.

The client at this location actually found the problem initially when installing Win2K server on the same machine and contacted Microsoft, to no avail.  We did a clean install on Win2K3 and found we had the same issue.

Very strange......
0
 
LVL 18

Accepted Solution

by:
crissand earned 250 total points
ID: 13064520
I use static addresses for member servers, but DHCP client it isn't stopped. The environment is the same: w2k domain controller and w2k3 member server. DHCP client depend on Ipsec driver, but Ipsec is configured to permit all. Verify the Dns suffix for this connection in nic's TCP/IP advanced properties.

Before that configuration I used to have one fixed addres on one nic and one dhcp address on the other with no problems at all.

The authorization problems can be related to date and time of the member server. I guess joining the domain worked flawlessly.

I don't remember any references in Group policy to dhcp in Windows 2000 environment.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Resolve DNS query failed errors for Exchange
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

789 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question