DHCP problems

[DBarnes]

I setup a new DHCP server in our active directory Domain called "123.com" But when i did this our DHCP in our NT "abc" Domain came up with a "You must authorize this DHCP server with active directory. Why is this?

I had to unauthorize the new active directory DHCP for the NT DHCP to start working again.

I thought that I could have these two up and running since they were in seprate domains. The two DCHP servers had just about the same infromaion in it except for the scopes were of course different.

Can anyone give me some insight to this problem. I was trying to have the people that logged on to the active directory domain to get the AD DHCP and the people that logged on to the NT dmain gets the NT DHCP.

 

[Jpoandl]

DCHP is segment based. So if your DHCP servers are on the same network, Windows 2000/2003 is smart enough to detect other DHCP servers. Even if you have a router that has DHCP service working, Windows would detect this.

This is for your safety. imagine if someone installed a rogue DHCP server on your network and started handing out DHCP address that were invalid. This would take DHCP clients off the networks causing network outages.

So, MS created the ability for DHCP detection.

Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please check out

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)

 

[DBarnes]

then why would the new active directory DHCP make my old DHCP stop working?

 

[polishbeergod]

I have a similar problem. The new DHCP shows that it is active and it is authorized. When I close the DHCP window and then reopen DHCP, the DHCP server shows that it is not connected. After i click on it, it reconnects and shows that it is active. Everything wroks fine, so long as I don't close the DHCP window. How do I fix this?

 

[Jpoandl]

A new feature that will be very popular with network administrators is Server Authorization. With Windows NT 4 and earlier, it was quite possible for someone to bring up a rogue server, and start serving out invalid addresses. I once ran a training course for a large computer manufacturer in Ireland. I’d asked their tech support guys to make sure I was off the network I demonstrated how easy it was to setup a DHCP server. A few seconds after activating the scope, we notices that every address had been taken. We never did found out what devices were using those addresses, but we got yanked off the factory network very, very quickly!

With Windows 2000, the DHCP server will query the active directory to find out if the particular server has been authorized. If not, the service just fails to start. To achieve this, the server will broadcast a DHCPINFORM message on all interfaces. This message contains a vendor extension field. If any other DHCP server is on an attached subnet, it responds with a DHCPACK message, containing its domain name. This allows the server which is initializing to check with a domain controller in that domain to see if it is authorized. If so, it will complete the start up process. If not, it will shut down immediately, writing a message to the DHCP log. This process is repeated ever hour, which puts a very small amount of extra traffic on the network.

To authorize a new DHCP server, the administrator uses the DHCP manager and types in the name or IP address of the server to be authorized. The DHCP manager then updates the Active Directory with the new authorization information.


Joseph L. Poandl
MCSE 2003

If your company is in need of experts to examine technical problems/solutions, please check out

http://www.NJCOMPUTERNETWORKS.com

(Sales@njcomputernetworks.com)