DHCP WON'T Authorize

[Guest]

OK, I have spent a day on this and I'm not a happy bunny.

I have authorized and de-authorized a couple of DHCP servers on a remote
site more times than I care to think of and they simply won't start.

I've kicked them out in ADSIEdit, synched AD and still no joy.

Configuration:

Remote child domain which spans two seperate subnets. They are not on the
same broadcast address as they are seperated by a router.

DHCP servers on the original subnet are fine.

No matter what I do, the new DHCP server on the new subnet will not accept
that it's authorised.

I went in as an enterprise admin and all looked well, but every time I try
and start it, it tells me it's unauthorised... Aaargh, if it tells me that
again, I am going to shoot it!!!!

It IS authorised and yet it isn't. Google and support have come up with
nothing on this. Please point me in the right direction, something is buried
somewhere in AD and I can't find it.

Is there a way to just paste the damn values in somewhere, I know nothing
else is giving out DHCP on that subnet, as it's a greenfield network.

Heeelp please, I'm supposed to be moving thirty users in tomorrow and I
really want to avoid statics!

 

[RandyC]

Sounds like the child domains aren't trusted. I'd check that first.
Randy

 

[Anthony Yates]

I had this problem with a remote site. I resolved it by making the
authorisation "closer" to the DHCP server. Sorry I forget the exact details,
but it was something like making the Enterprise Admin account a member of
the local DHCP administrators group, then running it. I put it down to a bug
in the way the right to authorise is detected across a WAN. We don't have
any such problem on the more connected sites.
Anthony

 

[Herb Martin]

Chances are it is really an Authentication issue,
or even replication.

Both of these will likely turn out to be DNS problems.

Run DCDiag on all DCs and search for FAIL, WARN,
and ERROR in the output (send to a text file.)

 

[Anthony Yates]

I had exactly the same problem with a remote site over a WAN, across domains
in the forest. There is/was no replication problem. My feeling is that it is
a timeout problem seeking to validate the rights to authorise the server.
Hence if you can reduce the number of steps to resolving whether the account
has the rights to authorise the server to start, you can work round the
problem. I did this and it started immediately.
That's just empirical. Someone may know exactly why authorisation of remote
DHCPs is preoblematic.
Anthony

 

[Guest]

Hmmm, seems someone was playing around with the primary server on the parent
domain while I was trying to authorize DHCP.... They had helpfully put the
same IP address on a deactivated LAN card as they were thinking of switching
it over!!! AAAARGH!

It's replicating again now, so I'll leave it and have a look after the
weekend...

It's a bit pants if you ask me.