Microsoft KB Archive/941464

= Event ID 1046 may be logged when a Windows Server 2003-based DHCP server is running on a domain controller in a child domain =

Article ID: 941464

Article Last Modified on 10/11/2007

-

APPLIES TO


 * Microsoft Windows Server 2003, Standard Edition (32-bit x86)
 * Microsoft Windows Server 2003, Enterprise Edition
 * Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
 * Microsoft Windows Server 2003, Standard x64 Edition
 * Microsoft Windows Server 2003, Enterprise x64 Edition
 * Microsoft Windows Server 2003, Datacenter x64 Edition
 * Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
 * Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems

-



SYMPTOMS
A Windows Server 2003-based Dynamic Host Configuration Protocol (DHCP) server is running on a domain controller in a child domain. Although the DHCP Microsoft Management Console (MMC) snap-in shows that the status of the server is unauthorized, the only available button is Unauthorize. Sometimes, neither the Authorize button nor the Unauthorize button is available. Additionally, the following event may be logged:

Event ID: 1046

Source: DhcpServer

Description: The Dhcp/Binl service on the local machine, belonging to the Windows Administrative domain child1.domainname.com, has determined that it is not authorized to start. It has stopped servicing clients. The following are some possible reasons for this: This machine is part of a directory service enterprise and is not authorized in the same domain. (See help on the DHCP Service Management Tool for additional information). This machine cannot reach its directory service enterprise and it has encountered another DHCP service on the network belonging to a directory service enterprise on which the local machine is not authorized. Some unexpected network error occurred. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp



WORKAROUND
To work around this problem, trigger Active Directory directory service replication in the forest. Use the ADSIedit.msc tool to check the following Active Directory location from the root domain controller:

CN=NetServices,CN=Services,CN=Configuration,DC= ,DC=com

You will see that the DHCP server object has been added.

Note When you check this Active Directory location from domain controllers that are running in child domains, you may not see the DHCP server object. This object may be missing because of configuration partition replication latency or because of other replication problems. The DHCP service can verify itself by using any domain controller in the forest. If replication has not finished yet, the DHCP server may not see the DHCP server object on a domain controller in a child domain.



The DHCP authorization process
 The DHCP server contacts a domain controller in the root domain and adds itself to the following Active Directory location:

CN=NetServices,CN=Services,CN=Configuration,DC= ,DC=com

 The DHCP MMC snap-in immediately changes the active button from Authorize to Unauthorize. The DHCP server does not start servicing DHCP clients immediately. Instead, the DHCP server checks the location that is listed in step 1 to make sure that the server is authorized before it starts servicing clients. This check can occur on any domain controller in the forest.

Note It may take some time for a DHCP server in a child domain to be fully operational. This is because the DHCP server must add itself to Active Directory on a domain controller in the root domain. Then, this information has to be replicated to domain controllers in a child domain in case the DHCP server uses one of these domain controllers to verify authorization.

Keywords: kbtshoot kbprb kbexpertiseinter KB941464

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.