Solved

2008 R2 DHCP server no longer authorized

Posted on 2013-12-01
22
4,408 Views
Last Modified: 2013-12-01
Today I noticed that one of our DHCP servers was no longer Authorized.  

Here is what is in Event Viewer.

The DHCP service failed to see a directory server for authorization.What would cause this?

How do I fix this?
0
Comment
Question by:J.R. Sitman
  • 13
  • 8
22 Comments
 
LVL 19

Expert Comment

by:Peter Hutchison
ID: 39688284
Make sure that the DNS entries are correct and they can lookup Directory servers.
Make sure no firewall is enabled that may block access to Directory services.
Make sure the the DHCP server is joined to the domain and computer account is available and enabled.
0
 

Author Comment

by:J.R. Sitman
ID: 39688331
DNS entries are ok.  I can ping the other servers in the Domain.
There is no firewall
DHCP server is a DC and I can access it with no problem.
0
 

Author Comment

by:J.R. Sitman
ID: 39688355
When I tried to authorize the server I got "The specified servers are already present in the directory service"
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 36

Expert Comment

by:Mahesh
ID: 39688510
Try below.
1.Start Active Directory Sites and Services on PDC
2.Click Services, and then click Net Services. If you cannot see Services, click to select Show Services Node on the View menu.
3.In the right pane, right-click the name of the DHCP servers that you cannot add to Active Directory, and then click Delete.
4.When the Are you sure you want to delete this object? message appears, click Yes.
5.Force replication of Active Directory to the other sites
6.Start Adsiedit.msc with Configuration partition.
7.Expand to CN=Configuration, CN=Services, and then click CN=NetServices.
8.Right-click CN=Your_DHCP_Root, and then click Properties.
9.In the Select a property to view list, click DHCPServers.
10.In the Values list, click the name of the new DHCP server, click Remove, and then click OK.
11.Click CN=NetServices, right-click the entry for the new DHCP server, and then click Delete.
13.Force replication of Active Directory to the other sites
14 Run ipconfig /flushdns and dnscmd /clearcache on PDC
14.Restart the DHCP Server.
15.Authorize the DHCP servers again.
Note - You must be member of Enterprise admins group in order to authorize the server

Reference articles
http://support.microsoft.com/kb/306925 - written for 2000 server, but applicable to later versions also
http://bloke.org/windows/active-directory-dhcp-authorisation-issues/

Mahesh
0
 

Author Comment

by:J.R. Sitman
ID: 39688539
I'm stuck at #7.  See attached
adsiedit.png
0
 

Author Comment

by:J.R. Sitman
ID: 39688564
OK, I've made it to #10.  In the Values list the problem server is not listed.  See attachment.
adsi2.png
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39688565
You have opened wrong partition
Close this connection and Open configuration partition through adsiedit.msc

Mahesh
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39688573
In the step 8, go to properties of cn=dhcproot and check if it works
0
 

Author Comment

by:J.R. Sitman
ID: 39688575
I'm confused.  It shows "Configuration[SPCALA185.LASPCA.LOCAL].  See attached.
adsi3.png
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39688579
Are you started adsiedit.msc on PDC server ?
What is the name of PDC server ?
What is the name of DHCP server having problem ?

Mahesh
0
 

Author Comment

by:J.R. Sitman
ID: 39688635
yes I'm on PDC.  PDC and DHCP server are the same.  I also have a second DHCP server with a different Address pool.
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39688643
Ok
In the step 8, go to properties of cn=dhcproot
In the Select a property to view list, click DHCPServers
In the Values list, click the name of the new DHCP server (PDC), click Remove, and then click OK.
Force replication of Active Directory to the other sites
Run ipconfig /flushdns and dnscmd /clearcache on PDC
Reboot the DHCP Server (PDC)
Authorize the DHCP servers again.
Note - You must be member of Enterprise admins group in order to authorize the server
0
 

Author Comment

by:J.R. Sitman
ID: 39688660
These is no "Select a property to view"    See attached.

Can you send a screen shot?
adsi4.png
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39688676
In properties of cn=dhcproot,
are you able to find "DHCPServers" if yes go to its properties

Mahesh
0
 

Author Comment

by:J.R. Sitman
ID: 39688709
yes and the only servers listed there are two that were removed years ago.
0
 

Author Comment

by:J.R. Sitman
ID: 39688712
I deleted the old DHCP servers and ran the command lines.
0
 
LVL 36

Expert Comment

by:Mahesh
ID: 39688716
Can you please force AD replication, restart DHCP service and then try to authorize the same
Login on server with account having enterprise and domain admins right

let me know the results please

Mahesh
0
 

Author Comment

by:J.R. Sitman
ID: 39688726
I'm still getting this.  However, the server is rebooting now.
dhcp1.png
0
 
LVL 36

Accepted Solution

by:
Mahesh earned 500 total points
ID: 39688757
If after reboot still its not working try to follow instructions in below article
http://djadwinsvr.blogspot.in/2013/04/managing-dhcp-servers-active-directory.html#!/2013/04/managing-dhcp-servers-active-directory.html

still you do not get success, then note down all DHCP scope information including Scope options, server options, exclusions, reservations and uninstall DHCP server role from server, remove any entries of problematic dhcp server from adsiedit.msc if found as my earlier comment,
reboot the server, install DHCP server role and reconfigure the dhcp scopes.
try to authorize DHCP server at this time should work

Mahesh
0
 

Author Comment

by:J.R. Sitman
ID: 39688922
I followed the steps in your last post/article.  Unfortunately I didn't know it was going to remove all the settings.  My fault.  I think I can recreate the scope.  However, The server is hung up.  I'll be there Tuesday and post them.

Thanks for hanging in to help.
0
 

Author Comment

by:J.R. Sitman
ID: 39689059
I was able to force a reboot on the problem DHCP server.  The link to the article you sent fixed it.  Also I thought all my DHCP setting were gone, but they weren't.

Thanks for all the help.
0
 

Author Closing Comment

by:J.R. Sitman
ID: 39689061
The article in this post fixed the problem.

Thanks
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Synchronize a new Active Directory domain with an existing Office 365 tenant
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question