Microsoft KB Archive/282001

From BetaArchive Wiki

Article ID: 282001

Article Last Modified on 2/28/2007


APPLIES TO

  • Microsoft Windows Server 2003, Standard x64 Edition
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)


This article was previously published under Q282001

SYMPTOMS

After you install the DHCP Server service on a Windows Server 2003 domain controller that is also running the DNS Server service, the following event may be logged in the System log:

Event Type: Warning
Event Source: DhcpServer
Event ID: 1056

Description:
The DHCP service has detected that it is running on a domain controller and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration. Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool.

CAUSE

This behavior occurs because you did not configure the DNSCredentials on the domain controller on which you installed the DHCP Server service, and DNS services. This is not a recommended configuration; see the "More Information" section in this article for more details.

RESOLUTION

To resolve this behavior, configure DNSCredentials by using one of the following methods:

By Using the DHCP Server Snap-In

  1. In the DHCP Server snap-in, which is located in the Administrative Tools folder, right-click the DHCP server that you want to configure, and then click Properties.
  2. On the Advanced tab, click Credentials.
  3. Type the username, domain and password of the account under which you want the DHCP Server service to run. You can use any valid existing user account for this, such as a Domain User account. The account should not be set to expire or have any other restrictions.
  4. Click OK, and then OK again to exit the Properties dialog box.

By Using the Netsh.exe Command Line

  1. From a command prompt, type netsh, and then press ENTER.
  2. From the netsh prompt, type dhcp server ipaddress (where ipaddress is the IP address of the DHCP server that you want to configure), and then press ENTER.
  3. Type set dnscredentials username domain password (where username domain password is the user account information for the account under which you want the DHCP Server to run), and then press ENTER. You can use any valid existing user account for this, such as a Domain User account. The account should not be set to expire or have any other restrictions.
  4. Type quit, and then press ENTER to exit.


MORE INFORMATION

The DHCP Server service runs under the domain controller's computer account and therefore has full control of all DNS objects. As a result, DNS records that you have dynamically registered with DNS are susceptible to having their name records overwritten by an earlier version of DHCP Client. This behavior may be undesirable, especially if you have configured the DNS zone for Secure Updates only. By using the DNSCredentials parameter, you can run the DHCP Server service under a specified user account that does not have the ability to overwrite the DNS records.

Microsoft strongly recommends the use of DNSCredentials when you are running the DHCP Server service and DNS services on the same domain controller to ensure the integrity of Secure Dynamic Updates. If you do not use DNSCredentials, Microsoft recommends that you run the services on different computers.


Additional query words: dnscredentials 1056 dhcp

Keywords: kberrmsg kbprb KB282001



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/282001&oldid=154508
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki