DHCP: The server should be authorized

  • Article

Applies To: Windows Server 2008 R2, Windows Server 2012

This topic is intended to address a specific issue identified by a Best Practices Analyzer scan. You should apply the information in this topic only to computers that have had the Dynamic Host Configuration Protocol Best Practices Analyzer run against them and are experiencing the issue addressed by this topic. For more information about best practices and scans, see Best Practices Analyzer (https://go.microsoft.com/fwlink/?LinkId=122786).

Operating System

Windows Server 2008 R2, Windows Server 2012

Product/Feature

Dynamic Host Configuration Protocol (DHCP)

Severity

Error

Category

Configuration

Issue

This DHCP server is not authorized.

Impact

If the DHCP server is not authorized, it will not lease IP addresses to DHCP clients.

Resolution

For a domain joined computer, use the DHCP MMC to authorize this server in Active Directory. For a workgroup computer, identify any other DHCP server on the network and decide which server is authoritative. Shut down the other server.

When configured correctly and authorized for use on a network, Dynamic Host Configuration Protocol (DHCP) servers provide a useful administrative service. However, a misconfigured or unauthorized DHCP server can cause problems. For example, if an unauthorized DHCP server starts, it might begin either leasing incorrect IP addresses to clients or negatively acknowledging DHCP clients that attempt to renew current address leases.

To resolve these issues, DHCP servers are verified as authorized in Active Directory Domain Services before they can service clients and unauthorized, or rogue, servers are detected. This prevents most of the accidental damage caused by either misconfigured DHCP servers or correctly configured DHCP servers running on the wrong network.

Membership in the Domain Admins group, or equivalent, is the minimum required to complete this procedure.

To authorize a DHCP server in AD DS

  1. Click Start, point to Administrative Tools and then click DHCP

  2. In the console tree, click DHCP

  3. On the Action menu, click Manage authorized servers.The Manage Authorized Servers dialog box appears.

  4. Click Authorize.

  5. When prompted, type the name or IP address of the DHCP server to be authorized, and then click OK.

Additional considerations

For a DHCP server to be authorized in an Active Directory domain environment, you must first be logged on as a member of the Enterprise Admins group for the enterprise where the server is being added.

The fully qualified domain name (FQDN) of the DHCP server cannot exceed 64 characters. If the FQDN of the DHCP server exceeds 64 characters, the attempt to authorize the server fails with the error message, "A constraint violation has occurred." If your DHCP server FQDN exceeds 64 characters, authorize the server using the IP address of the server instead of its FQDN.

Additional references

For updated detailed IT pro information about DHCP and selectively enabling or disabling DHCP server bindings, see the Windows Server 2008 R2 documentation on the Microsoft TechNet Web site.