Solved

NEW DHCP server will not authorize

Posted on 2014-11-01
7
397 Views
Last Modified: 2014-11-11
New DHCP server on domain controller will not authorize

Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\tbilbrey>dcdiag

Directory Server Diagnosis

Performing initial setup:
   Trying to find home server...
   Home Server = scdc08
   * Identified AD Forest.
   Done gathering initial info.

Doing initial required tests

   Testing server: SantaClara\SCDC08
      Starting test: Connectivity
         ......................... SCDC08 passed test Connectivity

Doing primary tests

   Testing server: SantaClara\SCDC08
      Starting test: Advertising
         ......................... SCDC08 passed test Advertising
      Starting test: FrsEvent
         There are warning or error events within the last 24 hours after the SYSVOL has been shared.  Failing SYSVOL replication problems may cause Group
         Policy problems.
         ......................... SCDC08 passed test FrsEvent
      Starting test: DFSREvent
         ......................... SCDC08 passed test DFSREvent
      Starting test: SysVolCheck
         ......................... SCDC08 passed test SysVolCheck
      Starting test: KccEvent
         ......................... SCDC08 passed test KccEvent
      Starting test: KnowsOfRoleHolders
         ......................... SCDC08 passed test KnowsOfRoleHolders
      Starting test: MachineAccount
         ......................... SCDC08 passed test MachineAccount
      Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=ttmtech,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=ttmtech,DC=com
         ......................... SCDC08 failed test NCSecDesc
      Starting test: NetLogons
         [SCDC08] User credentials does not have permission to perform this operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
         ......................... SCDC08 failed test NetLogons
      Starting test: ObjectsReplicated
         ......................... SCDC08 passed test ObjectsReplicated
      Starting test: Replications
         [Replications Check,SCDC08] DsReplicaGetInfo(PENDING_OPS, NULL) failed, error 0x2105 "Replication access was denied."
         ......................... SCDC08 failed test Replications
      Starting test: RidManager
         ......................... SCDC08 passed test RidManager
      Starting test: Services
            Could not open NTDS Service on SCDC08, error 0x5 "Access is denied."
         ......................... SCDC08 failed test Services
      Starting test: SystemLog
         An error event occurred.  EventID: 0x00000457
            Time Generated: 11/01/2014   11:16:27
            Event String:
            Driver KONICA MINOLTA C360SeriesPCL required for printer !!cpwprintv!CPWHALLA0 is unknown. Contact the administrator to install the driver befo
re you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 11/01/2014   11:16:27
            Event String:
            Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 11/01/2014   11:16:31
            Event String:
            Driver WebEx Document Loader required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you
log in again.
         A warning event occurred.  EventID: 0x00000420
            Time Generated: 11/01/2014   11:20:25
            Event String:
            The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by
the DHCP service.   This is not a recommended security configuration.  Credentials for Dynamic DNS registrations may be configured using the command line "
netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.
         A warning event occurred.  EventID: 0x00002724
            Time Generated: 11/01/2014   11:20:29
            Event String:
            This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresse
s.
         An error event occurred.  EventID: 0x00000416
            Time Generated: 11/01/2014   11:20:29
            Event String:
            The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain ttmtech.com, has determined that it is not authorize
d to start.  It has stopped servicing clients.  The following are some possible reasons for this:
         An error event occurred.  EventID: 0xC0001B7A
            Time Generated: 11/01/2014   11:21:28
            Event String: The DSM SA Data Manager service terminated unexpectedly.  It has done this 1 time(s).
         A warning event occurred.  EventID: 0x80050004
            Time Generated: 11/01/2014   11:23:35
            Event String: Broadcom NetXtreme Gigabit Ethernet #2: The network link is down.  Check to make sure the network cable is properly connected.
         A warning event occurred.  EventID: 0x8000001D
            Time Generated: 11/01/2014   11:23:49
            Event String:
            The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified
. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using ce
rtutil.exe or enroll for a new KDC certificate.
         A warning event occurred.  EventID: 0x000003F6
            Time Generated: 11/01/2014   11:24:00
            Event String: Name resolution for the name _ldap._tcp.dc._msdcs.ttmtech.com timed out after none of the configured DNS servers responded.
         A warning event occurred.  EventID: 0x00000C18
            Time Generated: 11/01/2014   11:24:20
            Event String: The primary Domain Controller for this domain could not be located.
         A warning event occurred.  EventID: 0x00000420
            Time Generated: 11/01/2014   11:24:26
            Event String:
            The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by
the DHCP service.   This is not a recommended security configuration.  Credentials for Dynamic DNS registrations may be configured using the command line "
netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.
         A warning event occurred.  EventID: 0x00002724
            Time Generated: 11/01/2014   11:24:31
            Event String:
            This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresse
s.
         An error event occurred.  EventID: 0x00000416
            Time Generated: 11/01/2014   11:24:31
            Event String:
            The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain ttmtech.com, has determined that it is not authorize
d to start.  It has stopped servicing clients.  The following are some possible reasons for this:
         An error event occurred.  EventID: 0x0000106A
            Time Generated: 11/01/2014   11:24:46
            Event String:
            Unable to update the IP address on Isatap interface isatap.{6CDBE43D-FB0B-463D-BDBB-B641DEAA16C0}. Update Type: 1. Error Code: 0x490.
         A warning event occurred.  EventID: 0x000003F6
            Time Generated: 11/01/2014   11:24:53
            Event String: Name resolution for the name ttmtech.com timed out after none of the configured DNS servers responded.
         An error event occurred.  EventID: 0x0000090A
            Time Generated: 11/01/2014   11:25:04
            Event String: The initialization sequence of SAS components failed during system startup. SAS management and monitoring is not possible.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 11/01/2014   11:26:14
            Event String:
            Driver KONICA MINOLTA C360SeriesPCL required for printer !!cpwprintv!CPWHALLA0 is unknown. Contact the administrator to install the driver befo
re you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 11/01/2014   11:26:16
            Event String:
            Driver WebEx Document Loader required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you
log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 11/01/2014   11:26:17
            Event String:
            Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.
         A warning event occurred.  EventID: 0x000727AA
            Time Generated: 11/01/2014   11:27:00
            Event String: The WinRM service failed to create the following SPNs: WSMAN/scdc08.ttmtech.com; WSMAN/scdc08.
         A warning event occurred.  EventID: 0x00000420
            Time Generated: 11/01/2014   11:27:59
            Event String:
            The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by
the DHCP service.   This is not a recommended security configuration.  Credentials for Dynamic DNS registrations may be configured using the command line "
netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.
         A warning event occurred.  EventID: 0x00002724
            Time Generated: 11/01/2014   11:28:03
            Event String:
            This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresse
s.
         An error event occurred.  EventID: 0x00000416
            Time Generated: 11/01/2014   11:28:04
            Event String:
            The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain ttmtech.com, has determined that it is not authorize
d to start.  It has stopped servicing clients.  The following are some possible reasons for this:
         An error event occurred.  EventID: 0xC0001B58
            Time Generated: 11/01/2014   11:34:44
            Event String: The DHCP Server service failed to start due to the following error:
         A warning event occurred.  EventID: 0x00000420
            Time Generated: 11/01/2014   11:36:40
            Event String:
            The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by
the DHCP service.   This is not a recommended security configuration.  Credentials for Dynamic DNS registrations may be configured using the command line "
netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.
         A warning event occurred.  EventID: 0x00002724
            Time Generated: 11/01/2014   11:36:44
            Event String:
            This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresse
s.
         An error event occurred.  EventID: 0x00000416
            Time Generated: 11/01/2014   11:36:44
            Event String:
            The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain ttmtech.com, has determined that it is not authorize
d to start.  It has stopped servicing clients.  The following are some possible reasons for this:
         A warning event occurred.  EventID: 0x80050004
            Time Generated: 11/01/2014   11:42:53
            Event String: Broadcom NetXtreme Gigabit Ethernet #2: The network link is down.  Check to make sure the network cable is properly connected.
         A warning event occurred.  EventID: 0x8000001D
            Time Generated: 11/01/2014   11:43:10
            Event String:
            The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified
. Smart card logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using ce
rtutil.exe or enroll for a new KDC certificate.
         A warning event occurred.  EventID: 0x000003F6
            Time Generated: 11/01/2014   11:43:21
            Event String: Name resolution for the name _ldap._tcp.dc._msdcs.ttmtech.com timed out after none of the configured DNS servers responded.
         A warning event occurred.  EventID: 0x00000C18
            Time Generated: 11/01/2014   11:43:39
            Event String: The primary Domain Controller for this domain could not be located.
         An error event occurred.  EventID: 0x0000106A
            Time Generated: 11/01/2014   11:44:01
            Event String:
            Unable to update the IP address on Isatap interface isatap.{6CDBE43D-FB0B-463D-BDBB-B641DEAA16C0}. Update Type: 1. Error Code: 0x490.
         A warning event occurred.  EventID: 0x000003F6
            Time Generated: 11/01/2014   11:44:11
            Event String: Name resolution for the name ttmtech.com timed out after none of the configured DNS servers responded.
         An error event occurred.  EventID: 0x0000090A
            Time Generated: 11/01/2014   11:44:24
            Event String: The initialization sequence of SAS components failed during system startup. SAS management and monitoring is not possible.
         A warning event occurred.  EventID: 0x000727AA
            Time Generated: 11/01/2014   11:46:23
            Event String: The WinRM service failed to create the following SPNs: WSMAN/scdc08.ttmtech.com; WSMAN/scdc08.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 11/01/2014   11:53:24
            Event String:
            Driver KONICA MINOLTA C360SeriesPCL required for printer !!cpwprintv!CPWHALLA0 is unknown. Contact the administrator to install the driver befo
re you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 11/01/2014   11:53:27
            Event String:
            Driver Adobe PDF Converter required for printer Adobe PDF is unknown. Contact the administrator to install the driver before you log in again.
         An error event occurred.  EventID: 0x00000457
            Time Generated: 11/01/2014   11:53:30
            Event String:
            Driver WebEx Document Loader required for printer WebEx Document Loader is unknown. Contact the administrator to install the driver before you
log in again.
         A warning event occurred.  EventID: 0x00000420
            Time Generated: 11/01/2014   11:57:07
            Event String:
            The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by
the DHCP service.   This is not a recommended security configuration.  Credentials for Dynamic DNS registrations may be configured using the command line "
netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.
         A warning event occurred.  EventID: 0x00002724
            Time Generated: 11/01/2014   11:57:11
            Event String:
            This computer has at least one dynamically assigned IPv6 address.For reliable DHCPv6 server operation, you should use only static IPv6 addresse
s.
         An error event occurred.  EventID: 0x00000416
            Time Generated: 11/01/2014   11:57:11
            Event String:
            The DHCP/BINL service on the local machine, belonging to the Windows Administrative domain ttmtech.com, has determined that it is not authorize
d to start.  It has stopped servicing clients.  The following are some possible reasons for this:
         ......................... SCDC08 failed test SystemLog
      Starting test: VerifyReferences
         ......................... SCDC08 passed test VerifyReferences


   Running partition tests on : DomainDnsZones
      Starting test: CheckSDRefDom
         ......................... DomainDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... DomainDnsZones passed test CrossRefValidation

   Running partition tests on : ForestDnsZones
      Starting test: CheckSDRefDom
         ......................... ForestDnsZones passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ForestDnsZones passed test CrossRefValidation

   Running partition tests on : Schema
      Starting test: CheckSDRefDom
         ......................... Schema passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Schema passed test CrossRefValidation

   Running partition tests on : Configuration
      Starting test: CheckSDRefDom
         ......................... Configuration passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... Configuration passed test CrossRefValidation

   Running partition tests on : ttmtech
      Starting test: CheckSDRefDom
         ......................... ttmtech passed test CheckSDRefDom
      Starting test: CrossRefValidation
         ......................... ttmtech passed test CrossRefValidation

   Running enterprise tests on : ttmtech.com
      Starting test: LocatorCheck
         ......................... ttmtech.com passed test LocatorCheck
      Starting test: Intersite
         ......................... ttmtech.com passed test Intersite

C:\Users\tbilbrey>
0
Comment
Question by:tbartim
7 Comments
 
LVL 13

Expert Comment

by:Michael Machie
ID: 40417477
It looks to me like the account you are using to perform these tasks does not have the proper authoritative rights on that particular Domain. I would suggest that you log into the Server with the Domain Admin account and retry your process.

See below:
""
 Starting test: NCSecDesc
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=DomainDnsZones,DC=ttmtech,DC=com
         Error NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS doesn't have
            Replicating Directory Changes In Filtered Set
         access rights for the naming context:
         DC=ForestDnsZones,DC=ttmtech,DC=com
         ......................... SCDC08 failed test NCSecDesc
      Starting test: NetLogons
         [SCDC08] User credentials does not have permission to perform this operation.
         The account used for this test must have network logon privileges
         for this machine's domain.
         ......................... SCDC08 failed test NetLogons
""
0
 
LVL 19

Expert Comment

by:compdigit44
ID: 40418312
Also in order to authorize a Windows DHCP server in AD your account must be a member of the enterprise admins groups. Once this task is complete your account can be removed from this group
0
 

Author Comment

by:tbartim
ID: 40418332
As you can I am both an Domain admin and Enterprise  admin
My-Account-groups.docx
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 13

Expert Comment

by:Michael Machie
ID: 40418377
Make sure your DNS settings in your NIC point to your domain controller.
0
 
LVL 34

Expert Comment

by:Seth Simmons
ID: 40418590
run dcdiag from an elevated command prompt (run as administrator); the current working directory defaults to \windows\system32 if elevated, not your own

then see how many errors appear

ignore the NCSecDesc warning; it indicates that adprep /rodcprep was not executed, which is ok if you don't need an RODC

also, why can't you authorize the server?
netsh dhcp add server <servername FQDN> <ip address>
0
 

Accepted Solution

by:
tbartim earned 0 total points
ID: 40426954
Thanks problem ended being an incorrect subnet mask
0
 

Author Closing Comment

by:tbartim
ID: 40434611
Thanks for this comment

ignore the NCSecDesc warning; it indicates that adprep /rodcprep was not executed, which is ok if you don't need an RODC
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Join & Write a Comment

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now