Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

2008 R2 DHCP server no longer authorized

Posted on 2013-12-01
22
Medium Priority
?
5,197 Views
Last Modified: 2013-12-01
Today I noticed that one of our DHCP servers was no longer Authorized.  

Here is what is in Event Viewer.

The DHCP service failed to see a directory server for authorization.What would cause this?

How do I fix this?
0
Comment
Question by:J.R. Sitman
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 13
  • 8
22 Comments
 
LVL 20

Expert Comment

by:Peter Hutchison
ID: 39688284
Make sure that the DNS entries are correct and they can lookup Directory servers.
Make sure no firewall is enabled that may block access to Directory services.
Make sure the the DHCP server is joined to the domain and computer account is available and enabled.
0
 

Author Comment

by:J.R. Sitman
ID: 39688331
DNS entries are ok.  I can ping the other servers in the Domain.
There is no firewall
DHCP server is a DC and I can access it with no problem.
0
 

Author Comment

by:J.R. Sitman
ID: 39688355
When I tried to authorize the server I got "The specified servers are already present in the directory service"
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 38

Expert Comment

by:Mahesh
ID: 39688510
Try below.
1.Start Active Directory Sites and Services on PDC
2.Click Services, and then click Net Services. If you cannot see Services, click to select Show Services Node on the View menu.
3.In the right pane, right-click the name of the DHCP servers that you cannot add to Active Directory, and then click Delete.
4.When the Are you sure you want to delete this object? message appears, click Yes.
5.Force replication of Active Directory to the other sites
6.Start Adsiedit.msc with Configuration partition.
7.Expand to CN=Configuration, CN=Services, and then click CN=NetServices.
8.Right-click CN=Your_DHCP_Root, and then click Properties.
9.In the Select a property to view list, click DHCPServers.
10.In the Values list, click the name of the new DHCP server, click Remove, and then click OK.
11.Click CN=NetServices, right-click the entry for the new DHCP server, and then click Delete.
13.Force replication of Active Directory to the other sites
14 Run ipconfig /flushdns and dnscmd /clearcache on PDC
14.Restart the DHCP Server.
15.Authorize the DHCP servers again.
Note - You must be member of Enterprise admins group in order to authorize the server

Reference articles
http://support.microsoft.com/kb/306925 - written for 2000 server, but applicable to later versions also
http://bloke.org/windows/active-directory-dhcp-authorisation-issues/

Mahesh
0
 

Author Comment

by:J.R. Sitman
ID: 39688539
I'm stuck at #7.  See attached
adsiedit.png
0
 

Author Comment

by:J.R. Sitman
ID: 39688564
OK, I've made it to #10.  In the Values list the problem server is not listed.  See attachment.
adsi2.png
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39688565
You have opened wrong partition
Close this connection and Open configuration partition through adsiedit.msc

Mahesh
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39688573
In the step 8, go to properties of cn=dhcproot and check if it works
0
 

Author Comment

by:J.R. Sitman
ID: 39688575
I'm confused.  It shows "Configuration[SPCALA185.LASPCA.LOCAL].  See attached.
adsi3.png
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39688579
Are you started adsiedit.msc on PDC server ?
What is the name of PDC server ?
What is the name of DHCP server having problem ?

Mahesh
0
 

Author Comment

by:J.R. Sitman
ID: 39688635
yes I'm on PDC.  PDC and DHCP server are the same.  I also have a second DHCP server with a different Address pool.
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39688643
Ok
In the step 8, go to properties of cn=dhcproot
In the Select a property to view list, click DHCPServers
In the Values list, click the name of the new DHCP server (PDC), click Remove, and then click OK.
Force replication of Active Directory to the other sites
Run ipconfig /flushdns and dnscmd /clearcache on PDC
Reboot the DHCP Server (PDC)
Authorize the DHCP servers again.
Note - You must be member of Enterprise admins group in order to authorize the server
0
 

Author Comment

by:J.R. Sitman
ID: 39688660
These is no "Select a property to view"    See attached.

Can you send a screen shot?
adsi4.png
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39688676
In properties of cn=dhcproot,
are you able to find "DHCPServers" if yes go to its properties

Mahesh
0
 

Author Comment

by:J.R. Sitman
ID: 39688709
yes and the only servers listed there are two that were removed years ago.
0
 

Author Comment

by:J.R. Sitman
ID: 39688712
I deleted the old DHCP servers and ran the command lines.
0
 
LVL 38

Expert Comment

by:Mahesh
ID: 39688716
Can you please force AD replication, restart DHCP service and then try to authorize the same
Login on server with account having enterprise and domain admins right

let me know the results please

Mahesh
0
 

Author Comment

by:J.R. Sitman
ID: 39688726
I'm still getting this.  However, the server is rebooting now.
dhcp1.png
0
 
LVL 38

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 39688757
If after reboot still its not working try to follow instructions in below article
http://djadwinsvr.blogspot.in/2013/04/managing-dhcp-servers-active-directory.html#!/2013/04/managing-dhcp-servers-active-directory.html

still you do not get success, then note down all DHCP scope information including Scope options, server options, exclusions, reservations and uninstall DHCP server role from server, remove any entries of problematic dhcp server from adsiedit.msc if found as my earlier comment,
reboot the server, install DHCP server role and reconfigure the dhcp scopes.
try to authorize DHCP server at this time should work

Mahesh
0
 

Author Comment

by:J.R. Sitman
ID: 39688922
I followed the steps in your last post/article.  Unfortunately I didn't know it was going to remove all the settings.  My fault.  I think I can recreate the scope.  However, The server is hung up.  I'll be there Tuesday and post them.

Thanks for hanging in to help.
0
 

Author Comment

by:J.R. Sitman
ID: 39689059
I was able to force a reboot on the problem DHCP server.  The link to the article you sent fixed it.  Also I thought all my DHCP setting were gone, but they weren't.

Thanks for all the help.
0
 

Author Closing Comment

by:J.R. Sitman
ID: 39689061
The article in this post fixed the problem.

Thanks
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

597 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question