DHCP server won't authorize

By unreal76 ·
We upgraded from a Windows 2000 server to a 2003 server in a child domain over a year ago, but left the DHCP service running on the 2000 server. Recently we tried to move all remaining services to the new server. The original DHCP server was unauthorized but when we attempted to authorize the new server we get an "access is denied" message. The same message appears when we try to authorize the old server. The local administrator account has been added to the enterprise administrators group but still no success.

If I log on locally as the enterprise administrator for the whole domain, the "authorize server" option doesn't even appear.

I have logged onto the root server and attempted to authorize the new server. When I do this I get a message that the operation was performed successfully, however when I log back onto the new child domain server the DHCP remains unauthorized.

I thought this was a permissions problem but now I'm wondering if there's a problem with the communication/relationship between the root server and the server for the child domain.

Any ideas would be greatly appreciated.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Authorizing and de-authorizing Windows 2000/2003 DHCP servers

by Peconet Tietokoneet In reply to DHCP server won't authori ...

After a new DHCP server is authorized, the original DHCP server becomes unauthorized and cannot be authorized again in Windows 2000 Server

When you try to authorize a new Dynamic Host Configuration Protocol (DHCP) server, the new DHCP server may not be authorized. This behavior occurs on a network that has existing DHCP servers that are authorized in Active Directory.

Later, the new DHCP server may be authorized, but the existing DHCP servers may be unauthorized.

When you try to authorize the original DHCP servers again, you may receive one of the following error messages:
Error message 1
>> The specified servers are already present in the Directory Service <<

Error message 2
>> DHCP Server not authorized:
Event I 1051
Source: DHCPServer
The DHCP/BINL service has determined that it is not authorized to service clients on this network for the Windows domain: Your_Domain_Name.Domain_Root <<

This behavior may occur if the IP address of the original DHCP server has changed.
To resolve this behavior, turn on the Unauthorize option for the original DHCP...

To resolve this behavior, turn on the Unauthorize option for the original DHCP server in Active Directory, and then authorize the DHCP server again. This action will assign the new IP address to the DHCP server. It will also permit DHCP to distribute leases.

To turn on the Unauthorize option for the original DHCP server in Active Directory and then to authorize the DHCP server again, follow these steps:
1.Click Start, point to Programs, point to Administrative Tools, and then click DHCP.
2.Click the name of the original DHCP server.
3.On the Action menu, click Unauthorize.
4.When the Are you sure you want to do this? message appears, click Yes.
5.On the Action menu, click Authorize.
Alternatively, you can use the Active Directory Service Interfaces (ADSI) Edit snap-in (Adsiedit.msc) to authorize the DHCP servers. ADSI Edit is available in Microsoft Windows 2000 Support Tools. For more information about how to install Windows 2000 Support Tools, click the following article number to view the article in the Microsoft Knowledge Base:
301423? ( ) How to install the Windows 2000 Support Tools to a Windows 2000 Server-based computer
Warning If you use the ADSI Edit snap-in, and you incorrectly modify the attributes of Active Directory objects, you can cause serious problems. These problems may require you to reinstall Microsoft Windows 2000 Server, Microsoft Exchange 2000 Server, or both. Microsoft cannot guarantee that problems that occur if you incorrectly modify attributes of Active Directory objects can be solved. Modify these attributes at your own risk. To use ADSI Edit to authorize the DHCP servers, follow these steps:
1.Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.
2.Click Services, and then click Net Services. If you cannot see Services, click to select Show Services Node on the View menu.
3.In the right pane, right-click the name of the DHCP servers that you cannot add to Active Directory, and then click Delete.
4.When the Are you sure you want to delete this object? message appears, click Yes.
5.Force replication of Active Directory to the other sites, or wait for the replication cycle to be completed.
6.Click Start, click Run, type Adsiedit.msc in the Open box, and then click OK.
7.Expand Configuration, expand CN=Configuration, expand CN=Services, and then click CN=NetServices.
8.Right-click CN=Your_DHCP_Root, and then click Properties.
9.In the Select a property to view list, click DHCPServers.
10.In the Values list, click the name of the new DHCP server, click Remove, and then click OK.
11.Click CN=NetServices, right-click the entry for the new DHCP server, and then click Delete.
12.Verify that all Domain Name System (DNS) information is correct. To do this, follow these steps:
1.Verify that the Microsoft Management Console (MMC) for the DHCP server has the correct fully qualified domain name (FQDN).
2.At a command prompt, type netdiag /fix, and then press ENTER.
13.Force replication of Active Directory to the other sites, or wait for the replication cycle to be completed.
14.Restart the computer.
15.Authorize the DHCP servers again.
Microsoft Windows 2000 Server
Microsoft Windows 2000 Advanced Server

Authorizing Windows 2003 DHCP servers.

Collapse -


by unreal76 In reply to DHCP server won't authori ...

It's been almost a year since I posted the problem, but we finally resolved the issue.

As our network was beginning to experience more and more replication problems we focused on getting that sorted out and as a result this DHCP problem has been solved. Unfortunately I don't know exactly what made everything work.

Things we did:
Used dcdiag and repadmin tools a lot to figure out where the problems were

Used "dcdiag /fix"
Used "repadmin /removelingeringobjects"

Changed registry values on every server ("allow replication with divergent and corrupt partner") as per:**36(WS.10).aspx

Will need to change the key back soon now that everything is working well.

Active Directory is a bit of a mess now but at least the DHCP issue is resolved and replication is working a lot better.

(If you're wondering why it took so long, the same week I posted this myself and another tech were laid off and the one remaining tech was kept busy dealing with day-to-day crises so the site was put on manually assigned IP addresses as a workaround and left that way until now)

Collapse -

Thanks for the update

by NexS In reply to Solved

Hopefully it'll help out someone in the same situation as you.
Good work.

Related Discussions

Related Forums