[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4109
  • Last Modified:

The DHCP service failed to see a directory server for authorization. DHCP Event ID 1059

Please help, I am the administrator of a network with 4 DC, one of them the master is holding the GC and is defined as the DHCP and DNS Server. I am constantly receiving DHCP Event ID 1059 and many other errors. The server is also very slow to boot. I have run DCDIAG, and many other utilties, no errors are reported. Anybody have an idea on what it going on. Does not make sense that the service does not find a directory server since it is the same computer that hold both roles.
I have spent many hours searching on the web and trying different solutions even deleting DHCP and recreating it. Still does not work.
Thanks for your help.
0
LanCAR
Asked:
LanCAR
  • 5
  • 5
  • 2
  • +3
2 Solutions
 
Mike ThomasConsultantCommented:
Boot times will be explained by that fact that it is probably configured to lok at istlef fro dns and it is running all the corse services and basically it can't find itself when it boots which is normal, 15 mins sond about right for the boot time?

Why not configure your other DC's as GC's and move dhcp to another server?

0
 
LanCARAuthor Commented:
So if I understand, you are telling me that the GC should not be the DHCP server as well and to move the DHCP server to another DC?
0
 
Mike ThomasConsultantCommented:
Not wuite, it can be and thats not an issue, but you said you had 4 dc's so i would make more GC's and move the dhcp server to another server just to spread things about a little.

I would tpically have my first and second dc's (role holders) just that but ad intergrated dns, then use my other dc's for other services such as GC's dhcp, even ris and wsus.
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
LanCARAuthor Commented:
I dont see how this could resolve the DHCP error that I am getting, I am pretty sure that the slow boot is due to this problem.
0
 
Mike ThomasConsultantCommented:
Slow boot times is because all those services you are running need to authenticate when they start and as that's the only server which is authenticating them you get stuck when you have to restart it, because they all go to maximum time out trying to authenticate and register.

If your design was a little different you would be able to down any 1 server and have it back up in 3 mins, but all your eggs are in 1 basket and you have another 3 dc's twiddeling their thumbs because they don't actually do anything.
0
 
LanCARAuthor Commented:
We shut down all servers nightly, If I spread the roles, what should be the boot order?
0
 
Mike ThomasConsultantCommented:
To get arround the issue you can point them to each other for primary dns, and then reboot 1 at a time ensuring that the server being looked at for dns is online so a looks at b and be looks at a Does thy make sense.
0
 
Mike ThomasConsultantCommented:
I must ask, why restart them every night anyway?
0
 
egryllsCommented:
It is a best practice to have at least 2 global catalogs in your environment, so you need to add another GC right away.  You have four domain controllers and it sounds like you have the others doing very little while this server is holding some major roles.  With that many domain controllers, you should be distributing the load better.  Add DNS to another server as well and make that server the primary and this the secondary.  

Lastly, if this doesnt alleviate the problem, I have found that making the offending service dependent upon other services before starting helps greatly.  In this case, I would make it depend upon DNS starting up.  How to do that is described here.  http://www.petri.co.il/delay_services_in_windows_2000_xp_2003.htm
0
 
KCTSCommented:
It does make sense to duplicate the DC, DNS and GC roles, and even DHCP )but make sure that you use non-overlapping scopes).
There is however in a single domain there is nothing to be gained by moving some FSMO roles to another DC.

DNS may well be the culprit, it normally is where slow booting is concerned. If your DHCP is not on the same server as DNS, then make sure that the DHCP server points to the DNS server as its prefered DNS server.

On a domain the DHCP server needs to contact the DC to check if its authorised to start, if the DC cannot be found, perhaps because it can locate it via DNS, then it will not start.

I have to say that pinting DCs to OTHER DCs for their DNS is a mistake. If all DCs have DNS then its far more efficient to have them point to THEMSELVES as the preferred DNS server and to another as the ALTERNATE DNS server.



0
 
ChiefITCommented:
You have multiple issues and need to run diagnostics to pinpoint these issues:

Run
1) DCdiag /v
2) DCdiag /test:dns
3) IPconfig /all   (then provide this to us)
4) and tell us if you are using Service pack 1 on the server.
5) also tell us if you have a multihomed server. Multihomed is defined as a computer with multiple nics, or two + IP addresses.
6) I also think you may be out of client access licenses.

You see, here's some conflicting information:::::

--slow networking or logons are often attributed to DNS. IPconfig /all will usually tell the story.

--DHCP is a broadcast protocol and you shouldn't need AD authorization to get a DHCP lease unless you configured a radius server OR created some sort of authentication prior to providing a DHCP lease. By default, everyone gets a lease on the same broadcast domain, (even workgroup computers). Also, a DHCP server could be filtered by MAC addresses. Without that MAC address listed within the DHCP server's database, there will be no lease to the client. So, we will have to figure out why DHCP is not providing a lease without authorization. That's not how the default config of a DHCP server works.

------------------------------------------------

My first guess, you have a multihomed server or you are running on Service pack 1.



0
 
KCTSCommented:
In a windows domain the DHCP server ALWAYS checks with AD to ensure its authorised to issue leases, if AD cannot be contacted for whatever reason, (DNS error, AD down etc), reason then the DHCP server will not respond to DHCP discover packets.
0
 
LanCARAuthor Commented:
The DHCP is on the same server as DNS. How can I make sure that the DHCP server points to the DNS Server as its prefered DNS server?
0
 
egryllsCommented:
LanCAR,  the DNS is done on the server itself on the NIC configuration.  Easiest way to do it to keep it through any potential IP changes is set it to 127.0.0.1 on the NIC(s) installed on the server under the TCP/IP properties and make it the first one in the list.
0
 
ChiefITCommented:
@KCTS:

Good point. I wasn't taking into consideration the Auth of the DHCP server.
0
 
LanCARAuthor Commented:
None of the solutions has resolved my problem
0
 
Havasu2Commented:
I think your fix is here http://support.microsoft.com/kb/193888

I've run into this in the past, and this fixed it.  It all comes down to everything starting at once and not being ready for each other .
0

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

  • 5
  • 5
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now