Problem with DHCP Server after installing Active Directory

Hello everyone,

I am wondering if you can help my figure out what is wrong. I have a
beta server that is running Windows 2003 SP1. Right now I am trying to
add the role of domain controller/active directory. I have installed
DHCP and DNS roles which seem to be working fine. The problem is after
I install the DC/AD role the server hangs on reboot. It gets to
"preparing network connections" and hangs. I have to physically power
down and then reboot either into "safe mode" or "last known good
configuration". In the event log I get the following error:

Event ID 1046:

The DHCP/BINL service on the local machine, belonging to the Windows
Administrative domain betatest.company, has determined that it is not
authorized to start. It has stopped servicing clients.
The following are some possible reasons for this: This machine is part
of a directory service enterprise and is not
authorized in the same domain. (See help on the DHCP Service
Management Tool for additional information).

This machine cannot reach its directory service enterprise and it has
encountered another DHCP service on the network belonging to a
directory service enterprise on which the local machine is not
authorized.

Some unexpected network error occurred


I also get one that says "The DHCP service failed to see a directory
server for authorization."

At the moment there are no clients connected to this server. It is only
connected to a 5 port router. This server is not part of our domain or
connected to the internet. I will be attempting to connect 2 legacy
clients to this setup to see how (and if ) they will work with Windows
2003 SP1.

Any suggestions?

Hi XxLicherxX,

You shall autherize the DHCP server in AD.

http://www.microsoft.com/technet/pro...05781f2cf.mspx

cheers,
Haiwei

--
In a world without walls or fences, who needs Windows or Gates?



"XxLicherxX" <(E-Mail Removed)>
??????:(E-Mail Removed) groups.com...
> Hello everyone,
>
> I am wondering if you can help my figure out what is wrong. I have a
> beta server that is running Windows 2003 SP1. Right now I am trying to
> add the role of domain controller/active directory. I have installed
> DHCP and DNS roles which seem to be working fine. The problem is after
> I install the DC/AD role the server hangs on reboot. It gets to
> "preparing network connections" and hangs. I have to physically power
> down and then reboot either into "safe mode" or "last known good
> configuration". In the event log I get the following error:
>
> Event ID 1046:
>
> The DHCP/BINL service on the local machine, belonging to the Windows
> Administrative domain betatest.company, has determined that it is not
> authorized to start. It has stopped servicing clients.
> The following are some possible reasons for this: This machine is part
> of a directory service enterprise and is not
> authorized in the same domain. (See help on the DHCP Service
> Management Tool for additional information).
>
> This machine cannot reach its directory service enterprise and it has
> encountered another DHCP service on the network belonging to a
> directory service enterprise on which the local machine is not
> authorized.
>
> Some unexpected network error occurred
>
>
> I also get one that says "The DHCP service failed to see a directory
> server for authorization."
>
> At the moment there are no clients connected to this server. It is only
> connected to a 5 port router. This server is not part of our domain or
> connected to the internet. I will be attempting to connect 2 legacy
> clients to this setup to see how (and if ) they will work with Windows
> 2003 SP1.
>
> Any suggestions?
>

Hi lhiway,

I gave that a try, but got no luck from it. It actually isn't hanging,
I let it go for awhile it's just taking forever to bring up the
ctrl+alt+delete login screen.

I saw some posts regarding this, and a lot of people said it was
probably a DNS problem. I tried reconfiguring the DNS server according
to the article found at

http://www.petri.co.il/install_and_c...dns_server.htm

,but that didn't help. What else could be causing this to take so long?

You need to physically separate the test domain from your existing
domain. If it is on the same network, your server can see the DHCP server
from an existing setup. That is what the error messages are trying to tell
you. Have you configured the new server with a static IP address in its own
IP subnet? Have you configured it to use itself for DNS?


XxLicherxX wrote:
> Hi lhiway,
>
> I gave that a try, but got no luck from it. It actually isn't hanging,
> I let it go for awhile it's just taking forever to bring up the
> ctrl+alt+delete login screen.
>
> I saw some posts regarding this, and a lot of people said it was
> probably a DNS problem. I tried reconfiguring the DNS server according
> to the article found at
>
> http://www.petri.co.il/install_and_c...dns_server.htm
>
> ,but that didn't help. What else could be causing this to take so
> long?

Hi Bill,

Thank you very much for the reply. Yes, I have configured and
reconfigured (and reconfigured again) DNS and given the server its own
static IP address and told it also to use that IP address for its DNS.
This test domain is already not part of our company's network. I
removed it from the domain and then unplugged the network cable from
the rest of the network to avoid any weird behavior/interference. This
setup current set up consists of the server with a network cable going
to a 5 port router. There is no internet access.

I have also tried uninstalling Active Directory (AD). When AD is gone,
the server boots up normally, but as soon as I reinstall AD, it takes
forever to get past the "Preparing Network Connections screen". I can't
find anything in the event viewer for this problem.

Do you (or anyone else) have any more ideas?

A server does take longer to boot with AD installed and it does sit at
that point, but it should boot! From the error messages, it does appear to
be trying to contact your existing AD. Somehow it thinks it is still part of
it.

XxLicherxX wrote:
> Hi Bill,
>
> Thank you very much for the reply. Yes, I have configured and
> reconfigured (and reconfigured again) DNS and given the server its
> own static IP address and told it also to use that IP address for its
> DNS. This test domain is already not part of our company's network. I
> removed it from the domain and then unplugged the network cable from
> the rest of the network to avoid any weird behavior/interference. This
> setup current set up consists of the server with a network cable going
> to a 5 port router. There is no internet access.
>
> I have also tried uninstalling Active Directory (AD). When AD is gone,
> the server boots up normally, but as soon as I reinstall AD, it takes
> forever to get past the "Preparing Network Connections screen". I
> can't find anything in the event viewer for this problem.
>
> Do you (or anyone else) have any more ideas?

Hi Bill,

I think I have that problem solved now. For some reason the File
Replication Service was not working properly. I eventually fixed this
problem by freeing up disk space as described in KB 819268. Setting the
Journal size back to 128 did NOT work. I had to free up the disk space.
(Which was tough to do considering this is a test machine with small
HD). The computer boots up normally now.

Now that I have solved that, I have another problem to deal with...
Clients won't see this computer as the Domain Controller. When I try to
add a client (XP) to the domain, it tells me that it could not contact
a Domain Controller. This error is a lie, because I am able to ping the
DC from the client by both IP address and Machine name. I can also ping
the client from the server. I have tried using both static and dynamic
IP addresses.

Any ideas on how to tackle this one?

This is really AD stuff rather than networking. It really depends on
what exactly you have done.

Is this a domain controller in an existing forest or its own forest?
Does it have its own DNS service? Are the clients using this server for DNS?
Does the DNS server have the SRV records needed for domain logon?

XxLicherxX wrote:
> Hi Bill,
>
> I think I have that problem solved now. For some reason the File
> Replication Service was not working properly. I eventually fixed this
> problem by freeing up disk space as described in KB 819268. Setting
> the Journal size back to 128 did NOT work. I had to free up the disk
> space. (Which was tough to do considering this is a test machine with
> small HD). The computer boots up normally now.
>
> Now that I have solved that, I have another problem to deal with...
> Clients won't see this computer as the Domain Controller. When I try
> to add a client (XP) to the domain, it tells me that it could not
> contact a Domain Controller. This error is a lie, because I am able
> to ping the DC from the client by both IP address and Machine name. I
> can also ping the client from the server. I have tried using both
> static and dynamic IP addresses.
>
> Any ideas on how to tackle this one?

Hi Bill,

When I set up the domain controller, I chose to put it in a new forest.
Installing AD forced me to install DNS, so I know that service is on
the machine and running. (I have started and stopped it plenty of
times). When I attempt to add a client to a new domain, I switch its
DNS to the test server's IP address.

The only thing that I can see that I may have an issue with is the SRV
records. I am not exactly clear as to what these do or how to check if
they are correct. Can you explain how I would find out more info
regarding the SRV records?

Thanks

Also, since this is no longer a networking issue, should I move this
discussion over to a different newsgroup?

I just tried running nslookup described in KB816587.

"1. On your DNS, click Start, and then click Run.
2. In the Open box, type cmd.
3. Type nslookup, and then press ENTER.
4. Type set type=all, and then press ENTER.
5. Type _ldap._tcp.dc._msdcs.Domain_Name, where Domain_Name is the name
of your domain, and then press ENTER.
"

When I do this the request times out.