Rogue DHCP Server Prevention

I am a network engineer for a company as a contractor and have recently been given a new account.  This account has a problem with a rogue DHCP server.  Another DHCP server comes online with an address of 192.168.0.1 and starts handing out phony DHCP leases to all the unsuspecting clients in my active directory.  Now my DC has DHCP setup on it as well, and when it sees this phony DHCP server it says there's another DHCP server on the network and stops the DHCP server service.  This seems to happen every other week for a few hours, then it goes away.  What would be the best solution to finding this rogue device and stopping it from assigning DHCP leases?  And is there a way to configure AD to not shut down the server when it sees the192 server?
FirefistusAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
FirefistusConnect With a Mentor Author Commented:
I actually configured my layer 3 switch to block DHCP on all ports except my real DHCP server.  I will see if that takes care of the issue.  Since it only happens on certain days I am going to try to find out who comes into the building that specific day and see if there's a PC or Mac setup to run DHCP.
0
 
ChiefITCommented:
The above advice is what I would have provided:

However, 192.168.0.1 is usually a router.

For microsoft DHCP servers,  you MUST manuall authorize them to be a DHCP server. Usually rogue DHCP servers are MASS STORAGE devices, (nas servers) or ROUTERS. These devices come default as providing DHCP often.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.