2008 R2 DHCP server no longer authorized
Today I noticed that one of our DHCP servers was no longer Authorized.
Here is what is in Event Viewer.
The DHCP service failed to see a directory server for authorization.What would cause this?
How do I fix this?
Here is what is in Event Viewer.
The DHCP service failed to see a directory server for authorization.What would cause this?
How do I fix this?
ASKER
DNS entries are ok. I can ping the other servers in the Domain.
There is no firewall
DHCP server is a DC and I can access it with no problem.
There is no firewall
DHCP server is a DC and I can access it with no problem.
ASKER
When I tried to authorize the server I got "The specified servers are already present in the directory service"
Try below.
1.Start Active Directory Sites and Services on PDC
2.Click Services, and then click Net Services. If you cannot see Services, click to select Show Services Node on the View menu.
3.In the right pane, right-click the name of the DHCP servers that you cannot add to Active Directory, and then click Delete.
4.When the Are you sure you want to delete this object? message appears, click Yes.
5.Force replication of Active Directory to the other sites
6.Start Adsiedit.msc with Configuration partition.
7.Expand to CN=Configuration, CN=Services, and then click CN=NetServices.
8.Right-click CN=Your_DHCP_Root, and then click Properties.
9.In the Select a property to view list, click DHCPServers.
10.In the Values list, click the name of the new DHCP server, click Remove, and then click OK.
11.Click CN=NetServices, right-click the entry for the new DHCP server, and then click Delete.
13.Force replication of Active Directory to the other sites
14 Run ipconfig /flushdns and dnscmd /clearcache on PDC
14.Restart the DHCP Server.
15.Authorize the DHCP servers again.
Note - You must be member of Enterprise admins group in order to authorize the server
Reference articles
http://support.microsoft.com/kb/306925 - written for 2000 server, but applicable to later versions also
http://bloke.org/windows/active-directory-dhcp-authorisation-issues/
Mahesh
1.Start Active Directory Sites and Services on PDC
2.Click Services, and then click Net Services. If you cannot see Services, click to select Show Services Node on the View menu.
3.In the right pane, right-click the name of the DHCP servers that you cannot add to Active Directory, and then click Delete.
4.When the Are you sure you want to delete this object? message appears, click Yes.
5.Force replication of Active Directory to the other sites
6.Start Adsiedit.msc with Configuration partition.
7.Expand to CN=Configuration, CN=Services, and then click CN=NetServices.
8.Right-click CN=Your_DHCP_Root, and then click Properties.
9.In the Select a property to view list, click DHCPServers.
10.In the Values list, click the name of the new DHCP server, click Remove, and then click OK.
11.Click CN=NetServices, right-click the entry for the new DHCP server, and then click Delete.
13.Force replication of Active Directory to the other sites
14 Run ipconfig /flushdns and dnscmd /clearcache on PDC
14.Restart the DHCP Server.
15.Authorize the DHCP servers again.
Note - You must be member of Enterprise admins group in order to authorize the server
Reference articles
http://support.microsoft.com/kb/306925 - written for 2000 server, but applicable to later versions also
http://bloke.org/windows/active-directory-dhcp-authorisation-issues/
Mahesh
ASKER
I'm stuck at #7. See attached
adsiedit.png
adsiedit.png
ASKER
OK, I've made it to #10. In the Values list the problem server is not listed. See attachment.
adsi2.png
adsi2.png
You have opened wrong partition
Close this connection and Open configuration partition through adsiedit.msc
Mahesh
Close this connection and Open configuration partition through adsiedit.msc
Mahesh
In the step 8, go to properties of cn=dhcproot and check if it works
ASKER
Are you started adsiedit.msc on PDC server ?
What is the name of PDC server ?
What is the name of DHCP server having problem ?
Mahesh
What is the name of PDC server ?
What is the name of DHCP server having problem ?
Mahesh
ASKER
yes I'm on PDC. PDC and DHCP server are the same. I also have a second DHCP server with a different Address pool.
Ok
In the step 8, go to properties of cn=dhcproot
In the Select a property to view list, click DHCPServers
In the Values list, click the name of the new DHCP server (PDC), click Remove, and then click OK.
Force replication of Active Directory to the other sites
Run ipconfig /flushdns and dnscmd /clearcache on PDC
Reboot the DHCP Server (PDC)
Authorize the DHCP servers again.
Note - You must be member of Enterprise admins group in order to authorize the server
In the step 8, go to properties of cn=dhcproot
In the Select a property to view list, click DHCPServers
In the Values list, click the name of the new DHCP server (PDC), click Remove, and then click OK.
Force replication of Active Directory to the other sites
Run ipconfig /flushdns and dnscmd /clearcache on PDC
Reboot the DHCP Server (PDC)
Authorize the DHCP servers again.
Note - You must be member of Enterprise admins group in order to authorize the server
ASKER
In properties of cn=dhcproot,
are you able to find "DHCPServers" if yes go to its properties
Mahesh
are you able to find "DHCPServers" if yes go to its properties
Mahesh
ASKER
yes and the only servers listed there are two that were removed years ago.
ASKER
I deleted the old DHCP servers and ran the command lines.
Can you please force AD replication, restart DHCP service and then try to authorize the same
Login on server with account having enterprise and domain admins right
let me know the results please
Mahesh
Login on server with account having enterprise and domain admins right
let me know the results please
Mahesh
ASKER
I'm still getting this. However, the server is rebooting now.
dhcp1.png
dhcp1.png
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I followed the steps in your last post/article. Unfortunately I didn't know it was going to remove all the settings. My fault. I think I can recreate the scope. However, The server is hung up. I'll be there Tuesday and post them.
Thanks for hanging in to help.
Thanks for hanging in to help.
ASKER
I was able to force a reboot on the problem DHCP server. The link to the article you sent fixed it. Also I thought all my DHCP setting were gone, but they weren't.
Thanks for all the help.
Thanks for all the help.
ASKER
The article in this post fixed the problem.
Thanks
Thanks
Make sure no firewall is enabled that may block access to Directory services.
Make sure the the DHCP server is joined to the domain and computer account is available and enabled.