Solved

DHCP access denied.

Posted on 2004-10-11
14
2,025 Views
Last Modified: 2011-10-03
I recently installed a Win2K3 member server into a Win2K controlled domain.  I have a static IP set but am getting an annoying DHCP error similar to a previous thread: DHCP Client service, Access is denied. on the new member server.  I disabled the DHCP client service on the new server, and am not getting errors,but may one day want to allow the machine to use DHCP.  The previous thread had the following solution..

The solution was as follows:

 My problem was solved by granting the network services account full control to the
     hkey_local_machine\system\currentcontrolset\services\dhcp &
     hkey_local_machine\system\currentcontrolset\services\tpip registry keys on the updated server.
     ......

Although I realize this is a reg hack and doesn't really explain why the error occurs, I would like to get rid of the pesky errors in the event log when I enable DHCP client.

OK, so my question is -- to accomplish this, do I just need to add a new

string value: Object name
Value data: NT AUTHORITY\Network Service

to the registry under hklm\system\ccs\services\dhcp and tcpip?

I'm not quite sure if this is how to give the network services account full control.

TIA
0
Comment
Question by:blueoakmo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
14 Comments
 
LVL 18

Expert Comment

by:crissand
ID: 12278634
The member server is joined to the domain?

Also, can you write here the eventid error from logs?
0
 

Author Comment

by:blueoakmo
ID: 12279178
Event ID 7023 in the System Log:

"The DHCP Client service terminated with the following error:
Access is denied.

But don't bother with Microsoft KB, it was no help.  This is a glitch I've discovered has happened to a few others, but no one seems to know exactly what caused the problem.

This is the interesting part -- the new server was initially setup to use DHCP and joined the domain fine the first time.  However, after a restart it can't join it that configuration - access to the DHCP server is denied.  I setup the system to have a static IP and it joins the domain fine and all is functioning well, including using GP on the domain, but throws off the error.

I'm really more interested in the registry info and if that is the best (only?) way to give the network services account control.
0
 
LVL 18

Expert Comment

by:crissand
ID: 12285808
I've seen that error when date and time on dc and the other machine was'n't synchronized. But there must be some warnings in errror log stating that.
0
Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

 
LVL 21

Expert Comment

by:marc_nivens
ID: 12307722
A little off topic but worth mentioning.... if the DHCP client service is shut off then dynamic DNS registration will fail.   I know it sounds wierd, but the DHCP client service is responsible for client side dynamic DNS registration.
0
 

Author Comment

by:blueoakmo
ID: 13028125
Gonna request a cleanup of this question.  Seems this has been encountered by others but no solution has been found.

THanks all.
0
 
LVL 18

Expert Comment

by:crissand
ID: 13034020
Is a dhcp server on the domain controller? The new dhcp server has been authorized in active directory. The w2k3 server has been joined to the domain? The addresses of the dc and w2k3 server are outside the dhcp pool?
0
 

Author Comment

by:blueoakmo
ID: 13037031
Yes to all.  The thing is, all of the other servers and workstations are working fine and when assigning a static address, connectivity is good.  It's only if I leave the DHCP Client service enabled and started that I get error messages or if I try to dynamically set the IP on this server.  
0
 
LVL 18

Expert Comment

by:crissand
ID: 13043412
You can't have two dhcp servers for with the same address pool.
0
 

Author Comment

by:blueoakmo
ID: 13045302
?????

Hmm, not sure how you got the impression that there were 2 dhcp servers?

There is one dhcp server located on the DC.  THe member server that is having the issue is having issues with the Dhcp client (acquiring an address dynamically).
0
 
LVL 18

Expert Comment

by:crissand
ID: 13045790
It seems the answer was to another question. :-)

Let's go back to this question... Error 7023 is a service manager error. It must be another error around.

Verify first if you have free addresses in the address pool.
0
 

Author Comment

by:blueoakmo
ID: 13053757
Actually, since I posted the original question, I believe I discovered that the problem may be related to group policy.  When I initially set up the server, it was set to use DHCP to obtain an address.  It would get an address, but after a period of time, access would be denied to the domain controller.  I haven't spent any time specifically on this, but think that maybe when GP refreshes, the security settings are denying the DHCP client service from working correctly.

This is a very oddball problem that I haven't run into before.  I found a few snippets around that indicated a few others ran into the same thing, but no solution was ever posted.  This may be because most people --including myself-- use static addresses for servers anyway and just disable the DHCP client on the nuisance machine.

The client at this location actually found the problem initially when installing Win2K server on the same machine and contacted Microsoft, to no avail.  We did a clean install on Win2K3 and found we had the same issue.

Very strange......
0
 
LVL 18

Accepted Solution

by:
crissand earned 250 total points
ID: 13064520
I use static addresses for member servers, but DHCP client it isn't stopped. The environment is the same: w2k domain controller and w2k3 member server. DHCP client depend on Ipsec driver, but Ipsec is configured to permit all. Verify the Dns suffix for this connection in nic's TCP/IP advanced properties.

Before that configuration I used to have one fixed addres on one nic and one dhcp address on the other with no problems at all.

The authorization problems can be related to date and time of the member server. I guess joining the domain worked flawlessly.

I don't remember any references in Group policy to dhcp in Windows 2000 environment.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question