Solved

2008 R2 DHCP server no longer authorized

Posted on 2013-12-01
22
4,194 Views
Last Modified: 2013-12-01
Today I noticed that one of our DHCP servers was no longer Authorized.  

Here is what is in Event Viewer.

The DHCP service failed to see a directory server for authorization.What would cause this?

How do I fix this?
0
Comment
Question by:jrsitman
  • 13
  • 8
22 Comments
 
LVL 18

Expert Comment

by:Peter Hutchison
ID: 39688284
Make sure that the DNS entries are correct and they can lookup Directory servers.
Make sure no firewall is enabled that may block access to Directory services.
Make sure the the DHCP server is joined to the domain and computer account is available and enabled.
0
 

Author Comment

by:jrsitman
ID: 39688331
DNS entries are ok.  I can ping the other servers in the Domain.
There is no firewall
DHCP server is a DC and I can access it with no problem.
0
 

Author Comment

by:jrsitman
ID: 39688355
When I tried to authorize the server I got "The specified servers are already present in the directory service"
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39688510
Try below.
1.Start Active Directory Sites and Services on PDC
2.Click Services, and then click Net Services. If you cannot see Services, click to select Show Services Node on the View menu.
3.In the right pane, right-click the name of the DHCP servers that you cannot add to Active Directory, and then click Delete.
4.When the Are you sure you want to delete this object? message appears, click Yes.
5.Force replication of Active Directory to the other sites
6.Start Adsiedit.msc with Configuration partition.
7.Expand to CN=Configuration, CN=Services, and then click CN=NetServices.
8.Right-click CN=Your_DHCP_Root, and then click Properties.
9.In the Select a property to view list, click DHCPServers.
10.In the Values list, click the name of the new DHCP server, click Remove, and then click OK.
11.Click CN=NetServices, right-click the entry for the new DHCP server, and then click Delete.
13.Force replication of Active Directory to the other sites
14 Run ipconfig /flushdns and dnscmd /clearcache on PDC
14.Restart the DHCP Server.
15.Authorize the DHCP servers again.
Note - You must be member of Enterprise admins group in order to authorize the server

Reference articles
http://support.microsoft.com/kb/306925 - written for 2000 server, but applicable to later versions also
http://bloke.org/windows/active-directory-dhcp-authorisation-issues/

Mahesh
0
 

Author Comment

by:jrsitman
ID: 39688539
I'm stuck at #7.  See attached
adsiedit.png
0
 

Author Comment

by:jrsitman
ID: 39688564
OK, I've made it to #10.  In the Values list the problem server is not listed.  See attachment.
adsi2.png
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39688565
You have opened wrong partition
Close this connection and Open configuration partition through adsiedit.msc

Mahesh
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39688573
In the step 8, go to properties of cn=dhcproot and check if it works
0
 

Author Comment

by:jrsitman
ID: 39688575
I'm confused.  It shows "Configuration[SPCALA185.LASPCA.LOCAL].  See attached.
adsi3.png
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39688579
Are you started adsiedit.msc on PDC server ?
What is the name of PDC server ?
What is the name of DHCP server having problem ?

Mahesh
0
 

Author Comment

by:jrsitman
ID: 39688635
yes I'm on PDC.  PDC and DHCP server are the same.  I also have a second DHCP server with a different Address pool.
0
The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

 
LVL 35

Expert Comment

by:Mahesh
ID: 39688643
Ok
In the step 8, go to properties of cn=dhcproot
In the Select a property to view list, click DHCPServers
In the Values list, click the name of the new DHCP server (PDC), click Remove, and then click OK.
Force replication of Active Directory to the other sites
Run ipconfig /flushdns and dnscmd /clearcache on PDC
Reboot the DHCP Server (PDC)
Authorize the DHCP servers again.
Note - You must be member of Enterprise admins group in order to authorize the server
0
 

Author Comment

by:jrsitman
ID: 39688660
These is no "Select a property to view"    See attached.

Can you send a screen shot?
adsi4.png
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39688676
In properties of cn=dhcproot,
are you able to find "DHCPServers" if yes go to its properties

Mahesh
0
 

Author Comment

by:jrsitman
ID: 39688709
yes and the only servers listed there are two that were removed years ago.
0
 

Author Comment

by:jrsitman
ID: 39688712
I deleted the old DHCP servers and ran the command lines.
0
 
LVL 35

Expert Comment

by:Mahesh
ID: 39688716
Can you please force AD replication, restart DHCP service and then try to authorize the same
Login on server with account having enterprise and domain admins right

let me know the results please

Mahesh
0
 

Author Comment

by:jrsitman
ID: 39688726
I'm still getting this.  However, the server is rebooting now.
dhcp1.png
0
 
LVL 35

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39688757
If after reboot still its not working try to follow instructions in below article
http://djadwinsvr.blogspot.in/2013/04/managing-dhcp-servers-active-directory.html#!/2013/04/managing-dhcp-servers-active-directory.html

still you do not get success, then note down all DHCP scope information including Scope options, server options, exclusions, reservations and uninstall DHCP server role from server, remove any entries of problematic dhcp server from adsiedit.msc if found as my earlier comment,
reboot the server, install DHCP server role and reconfigure the dhcp scopes.
try to authorize DHCP server at this time should work

Mahesh
0
 

Author Comment

by:jrsitman
ID: 39688922
I followed the steps in your last post/article.  Unfortunately I didn't know it was going to remove all the settings.  My fault.  I think I can recreate the scope.  However, The server is hung up.  I'll be there Tuesday and post them.

Thanks for hanging in to help.
0
 

Author Comment

by:jrsitman
ID: 39689059
I was able to force a reboot on the problem DHCP server.  The link to the article you sent fixed it.  Also I thought all my DHCP setting were gone, but they weren't.

Thanks for all the help.
0
 

Author Closing Comment

by:jrsitman
ID: 39689061
The article in this post fixed the problem.

Thanks
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Suggested Solutions

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now