Solved

DHCP access denied.

Posted on 2004-10-11
14
2,008 Views
Last Modified: 2011-10-03
I recently installed a Win2K3 member server into a Win2K controlled domain.  I have a static IP set but am getting an annoying DHCP error similar to a previous thread: DHCP Client service, Access is denied. on the new member server.  I disabled the DHCP client service on the new server, and am not getting errors,but may one day want to allow the machine to use DHCP.  The previous thread had the following solution..

The solution was as follows:

 My problem was solved by granting the network services account full control to the
     hkey_local_machine\system\currentcontrolset\services\dhcp &
     hkey_local_machine\system\currentcontrolset\services\tpip registry keys on the updated server.
     ......

Although I realize this is a reg hack and doesn't really explain why the error occurs, I would like to get rid of the pesky errors in the event log when I enable DHCP client.

OK, so my question is -- to accomplish this, do I just need to add a new

string value: Object name
Value data: NT AUTHORITY\Network Service

to the registry under hklm\system\ccs\services\dhcp and tcpip?

I'm not quite sure if this is how to give the network services account full control.

TIA
0
Comment
Question by:blueoakmo
  • 6
  • 5
14 Comments
 
LVL 18

Expert Comment

by:crissand
ID: 12278634
The member server is joined to the domain?

Also, can you write here the eventid error from logs?
0
 

Author Comment

by:blueoakmo
ID: 12279178
Event ID 7023 in the System Log:

"The DHCP Client service terminated with the following error:
Access is denied.

But don't bother with Microsoft KB, it was no help.  This is a glitch I've discovered has happened to a few others, but no one seems to know exactly what caused the problem.

This is the interesting part -- the new server was initially setup to use DHCP and joined the domain fine the first time.  However, after a restart it can't join it that configuration - access to the DHCP server is denied.  I setup the system to have a static IP and it joins the domain fine and all is functioning well, including using GP on the domain, but throws off the error.

I'm really more interested in the registry info and if that is the best (only?) way to give the network services account control.
0
 
LVL 18

Expert Comment

by:crissand
ID: 12285808
I've seen that error when date and time on dc and the other machine was'n't synchronized. But there must be some warnings in errror log stating that.
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 
LVL 21

Expert Comment

by:marc_nivens
ID: 12307722
A little off topic but worth mentioning.... if the DHCP client service is shut off then dynamic DNS registration will fail.   I know it sounds wierd, but the DHCP client service is responsible for client side dynamic DNS registration.
0
 

Author Comment

by:blueoakmo
ID: 13028125
Gonna request a cleanup of this question.  Seems this has been encountered by others but no solution has been found.

THanks all.
0
 
LVL 18

Expert Comment

by:crissand
ID: 13034020
Is a dhcp server on the domain controller? The new dhcp server has been authorized in active directory. The w2k3 server has been joined to the domain? The addresses of the dc and w2k3 server are outside the dhcp pool?
0
 

Author Comment

by:blueoakmo
ID: 13037031
Yes to all.  The thing is, all of the other servers and workstations are working fine and when assigning a static address, connectivity is good.  It's only if I leave the DHCP Client service enabled and started that I get error messages or if I try to dynamically set the IP on this server.  
0
 
LVL 18

Expert Comment

by:crissand
ID: 13043412
You can't have two dhcp servers for with the same address pool.
0
 

Author Comment

by:blueoakmo
ID: 13045302
?????

Hmm, not sure how you got the impression that there were 2 dhcp servers?

There is one dhcp server located on the DC.  THe member server that is having the issue is having issues with the Dhcp client (acquiring an address dynamically).
0
 
LVL 18

Expert Comment

by:crissand
ID: 13045790
It seems the answer was to another question. :-)

Let's go back to this question... Error 7023 is a service manager error. It must be another error around.

Verify first if you have free addresses in the address pool.
0
 

Author Comment

by:blueoakmo
ID: 13053757
Actually, since I posted the original question, I believe I discovered that the problem may be related to group policy.  When I initially set up the server, it was set to use DHCP to obtain an address.  It would get an address, but after a period of time, access would be denied to the domain controller.  I haven't spent any time specifically on this, but think that maybe when GP refreshes, the security settings are denying the DHCP client service from working correctly.

This is a very oddball problem that I haven't run into before.  I found a few snippets around that indicated a few others ran into the same thing, but no solution was ever posted.  This may be because most people --including myself-- use static addresses for servers anyway and just disable the DHCP client on the nuisance machine.

The client at this location actually found the problem initially when installing Win2K server on the same machine and contacted Microsoft, to no avail.  We did a clean install on Win2K3 and found we had the same issue.

Very strange......
0
 
LVL 18

Accepted Solution

by:
crissand earned 250 total points
ID: 13064520
I use static addresses for member servers, but DHCP client it isn't stopped. The environment is the same: w2k domain controller and w2k3 member server. DHCP client depend on Ipsec driver, but Ipsec is configured to permit all. Verify the Dns suffix for this connection in nic's TCP/IP advanced properties.

Before that configuration I used to have one fixed addres on one nic and one dhcp address on the other with no problems at all.

The authorization problems can be related to date and time of the member server. I guess joining the domain worked flawlessly.

I don't remember any references in Group policy to dhcp in Windows 2000 environment.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Have you ever set up your wireless router at home or in the office to find that you little pop-up bubble in the bottom right-hand corner of Windows read "IP Conflict - One of more computers on the network have been assigned the following IP address"…
Greetings, Experts! First let me state that this website is top notch. I thoroughly enjoy the community that is shared here; those seeking help and those willing to sacrifice their time to help. It is fantastic. I am writing this article at th…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

786 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question