Rouge DHCP servers

Is there a way to make Windows DHCP server ignore any other DHCP servers on
the network?
Example - If an ADSL router with DHCP enabled (default on most routers) is
connected to the network, for configuration or testing, the Windows DHCP
service is stopped.

Paul wrote:
> Is there a way to make Windows DHCP server ignore any other DHCP
> servers on the network?
> Example - If an ADSL router with DHCP enabled (default on most
> routers) is connected to the network, for configuration or testing,
> the Windows DHCP service is stopped.

No - although with W2003 (and, I believe W2000) DHCP it will detect another
similar Windows server DHCP server. The right answer is, don't let anyone
else connect a router to your network, and if they do, give 'em a good
talking to.

Try editing the registry;

Set the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\DHCPServer\Parameters

Value name: DisableRogueDetection

Data type: REG_DWORD Value data: 1

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
"Paul" <(E-Mail Removed)> wrote in message
news:59D6C58A-3C1A-449E-871B-(E-Mail Removed)...
> Is there a way to make Windows DHCP server ignore any other DHCP servers
on
> the network?
> Example - If an ADSL router with DHCP enabled (default on most routers) is
> connected to the network, for configuration or testing, the Windows DHCP
> service is stopped.

Thank you Doug.

I spent around 2 hours searching the KB.





"Doug Sherman [MVP]" wrote:

> Try editing the registry;
>
> Set the following registry key:
>
> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\DHCPServer\Parameters
>
> Value name: DisableRogueDetection
>
> Data type: REG_DWORD Value data: 1
>
> Doug Sherman
> MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
> "Paul" <(E-Mail Removed)> wrote in message
> news:59D6C58A-3C1A-449E-871B-(E-Mail Removed)...
> > Is there a way to make Windows DHCP server ignore any other DHCP servers
> on
> > the network?
> > Example - If an ADSL router with DHCP enabled (default on most routers) is
> > connected to the network, for configuration or testing, the Windows DHCP
> > service is stopped.
>
>
>

Doug,

Tried adding the registy key below then to test I connected a router with
DHCP enabled

An hour later, (as articles i've read suggest) the DHCP server stopped with
the following detail

Details
Product: Windows Operating System
ID: 1053
Source: DhcpServer
Version: 5.2
Symbolic Name: DHCP_ROGUE_EVENT_SAM_OTHER_SERVER
Message: The DHCP/BINL service on this computer running Windows Server 2003
for Small Business Server has encountered another server on this network with
IP Address, %1, belonging to the domain: %2.

Explanation
Another active DHCP server might be on the network.

User Action
Verify that no other DHCP server is active on the network. If Routing and
Remote Access is set up incorrectly, it can act as a second DHCP server. An
SBS DHCP server will not operate in the presence of another active DHCP
server.


Is there no possible way to combat this problem?????




"Doug Sherman [MVP]" wrote:

> Try editing the registry;
>
> Set the following registry key:
>
> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\DHCPServer\Parameters
>
> Value name: DisableRogueDetection
>
> Data type: REG_DWORD Value data: 1
>
> Doug Sherman
> MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
> "Paul" <(E-Mail Removed)> wrote in message
> news:59D6C58A-3C1A-449E-871B-(E-Mail Removed)...
> > Is there a way to make Windows DHCP server ignore any other DHCP servers
> on
> > the network?
> > Example - If an ADSL router with DHCP enabled (default on most routers) is
> > connected to the network, for configuration or testing, the Windows DHCP
> > service is stopped.
>
>
>

Doug Sherman [MVP] wrote:
> Try editing the registry;
>
> Set the following registry key:
>
> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\DHCPServer\Parameters
>
> Value name: DisableRogueDetection
>
> Data type: REG_DWORD Value data: 1

I believe that will only work with other Windows DHCP servers....no?

>
> Doug Sherman
> MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
> "Paul" <(E-Mail Removed)> wrote in message
> news:59D6C58A-3C1A-449E-871B-(E-Mail Removed)...
>> Is there a way to make Windows DHCP server ignore any other DHCP
>> servers on the network?
>> Example - If an ADSL router with DHCP enabled (default on most
>> routers) is connected to the network, for configuration or testing,
>> the Windows DHCP service is stopped.

Paul wrote:
> Doug,
>
> Tried adding the registy key below then to test I connected a router
> with DHCP enabled
>
> An hour later, (as articles i've read suggest) the DHCP server
> stopped with the following detail
>
> Details
> Product: Windows Operating System
> ID: 1053
> Source: DhcpServer
> Version: 5.2
> Symbolic Name: DHCP_ROGUE_EVENT_SAM_OTHER_SERVER
> Message: The DHCP/BINL service on this computer running Windows
> Server 2003 for Small Business Server has encountered another server
> on this network with IP Address, %1, belonging to the domain: %2.
>
> Explanation
> Another active DHCP server might be on the network.
>
> User Action
> Verify that no other DHCP server is active on the network. If Routing
> and Remote Access is set up incorrectly, it can act as a second DHCP
> server. An SBS DHCP server will not operate in the presence of
> another active DHCP server.
>
>
> Is there no possible way to combat this problem?????

Yes. Do not let anyone connect a DHCP server to the network, unless it's
you. Nobody should be doing stuff like this.
>
>
>
>
> "Doug Sherman [MVP]" wrote:
>
>> Try editing the registry;
>>
>> Set the following registry key:
>>
>>
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\DHCPServer\Parameters
>>
>> Value name: DisableRogueDetection
>>
>> Data type: REG_DWORD Value data: 1
>>
>> Doug Sherman
>> MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
>> "Paul" <(E-Mail Removed)> wrote in message
>> news:59D6C58A-3C1A-449E-871B-(E-Mail Removed)...
>>> Is there a way to make Windows DHCP server ignore any other DHCP
>>> servers on the network?
>>> Example - If an ADSL router with DHCP enabled (default on most
>>> routers) is connected to the network, for configuration or testing,
>>> the Windows DHCP service is stopped.

Are you running an unauthenticated Windows DHCP server?
If that's the case, you first need to authenticate it in Active
Directory.Then it won't be affected by any new servers coming up in the
domain.

--
Thanks,
Achint Setia
(E-Mail Removed)
-----------------------------------------------------------------------------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.
-----------------------------------------------------------------------------------------------------------------------
"Lanwench [MVP - Exchange]"
<(E-Mail Removed) ahoo.com> wrote in message
news:(E-Mail Removed)...
> Paul wrote:
>> Doug,
>>
>> Tried adding the registy key below then to test I connected a router
>> with DHCP enabled
>>
>> An hour later, (as articles i've read suggest) the DHCP server
>> stopped with the following detail
>>
>> Details
>> Product: Windows Operating System
>> ID: 1053
>> Source: DhcpServer
>> Version: 5.2
>> Symbolic Name: DHCP_ROGUE_EVENT_SAM_OTHER_SERVER
>> Message: The DHCP/BINL service on this computer running Windows
>> Server 2003 for Small Business Server has encountered another server
>> on this network with IP Address, %1, belonging to the domain: %2.
>>
>> Explanation
>> Another active DHCP server might be on the network.
>>
>> User Action
>> Verify that no other DHCP server is active on the network. If Routing
>> and Remote Access is set up incorrectly, it can act as a second DHCP
>> server. An SBS DHCP server will not operate in the presence of
>> another active DHCP server.
>>
>>
>> Is there no possible way to combat this problem?????
>
> Yes. Do not let anyone connect a DHCP server to the network, unless it's
> you. Nobody should be doing stuff like this.
>>
>>
>>
>>
>> "Doug Sherman [MVP]" wrote:
>>
>>> Try editing the registry;
>>>
>>> Set the following registry key:
>>>
>>>
> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\DHCPServer\Parameters
>>>
>>> Value name: DisableRogueDetection
>>>
>>> Data type: REG_DWORD Value data: 1
>>>
>>> Doug Sherman
>>> MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
>>> "Paul" <(E-Mail Removed)> wrote in message
>>> news:59D6C58A-3C1A-449E-871B-(E-Mail Removed)...
>>>> Is there a way to make Windows DHCP server ignore any other DHCP
>>>> servers on the network?
>>>> Example - If an ADSL router with DHCP enabled (default on most
>>>> routers) is connected to the network, for configuration or testing,
>>>> the Windows DHCP service is stopped.
>
>

Achint Setia {MSFT} wrote:
> Are you running an unauthenticated Windows DHCP server?
> If that's the case, you first need to authenticate it in Active
> Directory.Then it won't be affected by any new servers coming up in
> the domain.

It won't run if it isn't authorized anyway. And it won't do anything to
prevent problems if someone plugs in a little router/firewall that has a
DHCP server....

>
>> Paul wrote:
>>> Doug,
>>>
>>> Tried adding the registy key below then to test I connected a router
>>> with DHCP enabled
>>>
>>> An hour later, (as articles i've read suggest) the DHCP server
>>> stopped with the following detail
>>>
>>> Details
>>> Product: Windows Operating System
>>> ID: 1053
>>> Source: DhcpServer
>>> Version: 5.2
>>> Symbolic Name: DHCP_ROGUE_EVENT_SAM_OTHER_SERVER
>>> Message: The DHCP/BINL service on this computer running Windows
>>> Server 2003 for Small Business Server has encountered another server
>>> on this network with IP Address, %1, belonging to the domain: %2.
>>>
>>> Explanation
>>> Another active DHCP server might be on the network.
>>>
>>> User Action
>>> Verify that no other DHCP server is active on the network. If
>>> Routing and Remote Access is set up incorrectly, it can act as a
>>> second DHCP server. An SBS DHCP server will not operate in the
>>> presence of another active DHCP server.
>>>
>>>
>>> Is there no possible way to combat this problem?????
>>
>> Yes. Do not let anyone connect a DHCP server to the network, unless
>> it's you. Nobody should be doing stuff like this.
>>>
>>>
>>>
>>>
>>> "Doug Sherman [MVP]" wrote:
>>>
>>>> Try editing the registry;
>>>>
>>>> Set the following registry key:
>>>>
>>>>
>>
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\DHCPServer\Parameters
>>>>
>>>> Value name: DisableRogueDetection
>>>>
>>>> Data type: REG_DWORD Value data: 1
>>>>
>>>> Doug Sherman
>>>> MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
>>>> "Paul" <(E-Mail Removed)> wrote in message
>>>> news:59D6C58A-3C1A-449E-871B-(E-Mail Removed)...
>>>>> Is there a way to make Windows DHCP server ignore any other DHCP
>>>>> servers on the network?
>>>>> Example - If an ADSL router with DHCP enabled (default on most
>>>>> routers) is connected to the network, for configuration or
>>>>> testing, the Windows DHCP service is stopped.