Share via


DHCP Server Rogue Detection

Applies To: Windows Server 2008

When configured correctly and authorized for use on a network, Dynamic Host Configuration Protocol (DHCP) servers provide a useful administrative service. However, a misconfigured or unauthorized DHCP server can cause problems. For example, if an unauthorized DHCP server starts, it might begin either leasing incorrect IP addresses to clients or negatively acknowledging DHCP clients that attempt to renew current address leases.

To resolve these issues, DHCP servers are verified as authorized in Active Directory Domain Services before they can service clients and unauthorized, or rogue, servers are detected. This prevents most of the accidental damage caused by either misconfigured DHCP servers or correctly configured DHCP servers running on the wrong network.

Events

Event ID Source Message

1042

Microsoft-Windows-DHCP-Server

The DHCP/BINL service running on this computer has detected a server on the network. If the server does not belong to any domain, the domain is listed as empty. The IP address of the server is listed in parentheses. %1

1098

Microsoft-Windows-DHCP-Server

Unreachable Domain%0

1100

Microsoft-Windows-DHCP-Server

Server Upgraded%0

1101

Microsoft-Windows-DHCP-Server

Cached authorization%0

1103

Microsoft-Windows-DHCP-Server

Authorized(servicing)%0

1105

Microsoft-Windows-DHCP-Server

Server found in our domain%0

1107

Microsoft-Windows-DHCP-Server

Network failure%0

1109

Microsoft-Windows-DHCP-Server

Server found that belongs to DS domain%0

1110

Microsoft-Windows-DHCP-Server

Another server was found%0

1111

Microsoft-Windows-DHCP-Server

Restarting rogue detection%0

DHCP Runtime

DHCP Infrastructure