Microsoft KB Archive/297847

= Dynamic Host Configuration Protocol server management issues in Windows 2000 and in Windows Server 2003 =

Article ID: 297847

Article Last Modified on 10/11/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
 * Microsoft Windows Server 2003, Standard x64 Edition
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q297847



IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry



SYMPTOMS
The following problems are fixed in Microsoft Windows 2000 Service Pack 2 (SP2)and in Microsoft Windows Server 2003:
 * No more than approximately 850 Dynamic Host Configuration Protocol (DHCP) servers can be authorized in Active Directory.
 * The Active Directory query interval is not configurable.
 * The DHCP authorization process occurs frequently or, in some cases, occurs too often, which causes server performance problems.

This article describes how to use Windows 2000 SP2 and Windows Server 2003 to resolve these problems.



No More Than Approximately 850 Dynamic Host Configuration Protocol Servers Can Be Authorized in Active Directory
In a Windows 2000 domain, DHCP servers must be authorized in Active Directory before those DHCP servers can service DHCP Clients. In versions of Windows 2000 that are earlier than Windows 2000 SP2, only approximately 850 DHCP servers can be authorized in Active Directory. This is a per-forest limitation. After the limit on the number of DHCP servers is reached, you may receive the following error message:

Administration limit for this request has exceeded

To remove this limitation and resolve this problem:  Apply the latest service pack for Windows 2000 or for Windows Server 2003 to all of the DHCP servers, and also to any servers that you use to administer DHCP. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to obtain the latest Windows 2000 Service Pack

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

889100 How to obtain the latest service pack for Windows Server 2003

 WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Set the following registry key on all of the DHCP servers, and also to any servers that you use to administer DHCP:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters

Value name: SP2Mode

Data type: REG_DWORD

Value data: 1



NOTE: If you remove Windows 2000 Service Pack 2 (SP2) on an authorized DHCP server, the server may see itself as unauthorized, and therefore the server may stop servicing clients.

The Active Directory Query Interval Is Not Configurable
With versions of Windows 2000 that are earlier than Windows 2000 SP2, a DHCP server verifies authorization status with Active Directory when the DHCP server is started, and approximately every 60 minutes after that. If the server does not pass authentication, the server retries every five minutes. You can use the following steps to modify the DHCP Active Directory authorization check interval:  Apply the latest service pack for Windows 2000 to the DHCP server. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to obtain the latest Windows 2000 Service Pack

 WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Set the following registry key on the DHCP server:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters

Value name: RogueAuthorizationRecheckInterval

Data type: REG_DWORD

Value data: Minutes between Authorization Intervals (Default = 60)



The DHCP Authorization Process Occurs Frequently or, in Some Cases, Occurs Too Often, Which Causes Server Performance Problems
In versions of Windows 2000 that are earlier than Windows 2000 SP2, the Active Directory querying process is inefficient. The Active Directory querying process can consume up to 1 megabyte (MB) of network bandwidth for each DHCP server if you have approximately 800 authorized DHCP servers. This process can consume most of the network bandwidth if you are connected over a slow wide area network (WAN) link.

The Active Directory querying process has been optimized in Windows 2000 SP2, which results in about 10 packets for each authorized server regardless of the number of authorized DHCP servers. Also, a registry entry is added to disable the Rogue Detection feature. To disable the Rogue Detection feature:  Apply the latest service pack for Windows 2000 to the DHCP server. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 How to obtain the latest Windows 2000 Service Pack

</li> WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Set the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters

Value name: DisableRogueDetection

Data type: REG_DWORD

Value data: 1</li></ol>

<div class="status_section">

STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the &quot;Applies to&quot; section. This problem was first corrected in Windows 2000 Service Pack 2.

Keywords: kbbug kbnofix kbperformance kbdhcp KB297847

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.