Re: Moved DHCP server to DC, now only works for domain users

---

• From: "robert.waters" <robert.waters@xxxxxxxxx>
• Date: Mon, 11 Aug 2008 15:44:26 -0700 (PDT)

---

On Aug 11, 11:39 am, "Phillip Windell" <philwind...@xxxxxxxxxxx>
wrote:

DHCP is anonymous,..it does not care about users.
Machines get an IP Config before the user can even login in the first
place,...therefore it is impossible to wait until the user has logged in
before they get the config,...the IP Config must come first,..then the
login.

Machines always go to the same DHCP they got the last successful Config
Machines always ask for the same IP# they got last time.
If a machine got a Config from the Linksys box then it will keep trying the
Linksys box the next time.  Since the linksys box is still "alive" it will
try the Linksys box even of the Linksys DHCP Service is disabled.

You're screwing yourself by even allowing the Linksys box to have the DHCP
enabled at all in the first place.

Delete and re-create the Scope.  *Keep it simple*.  Configure only the
basics (IP, mask, DNS, DFG) at first until it works right.  Don't get
"creative" until everything works dependably.  Do not enable the Scope until
the Linksys DHCP is disabled.  Make sure your scope is activated and the
DHCP is authorized.  You may want the Scopes to be inactive and the DHCP
Server to be un-authorized until the Linksys box has the DHCP Disabled.

--
Phillip Windellwww.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

"robert.waters" <robert.wat...@xxxxxxxxx> wrote in message

news:78945182-708a-4435-8239-9bc40648caf2@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

I have just moved the DHCP server role from a domain member server
(which is being decommissioned) to the domain controller.  It will now
only provide IP addresses to machines which are logged in to the
domain (domain user accounts).
Previously, it was no problem for the old DHCP server to provide
addresses to any machine that appeared in the network.  This was good/
required behavior, because many of our machines are journeyman laptops
or linux workstations.

I have done a few hours of research on the subject, and most results
point to a problem for non-authenticated users not being able to
interact with DNS properly/securely.  I have enabled insecure dynamic
updates on the DNS server, provided a dns domain name via DHCP option
015 (which was not present on the old server, btw), and made several
more changes (that I cannot remember right now) that might have
helped, but did not.

Please, can anyone help me with this problem?  I currently have an old
linksys NAT box providing IPs to everyone, and while that is a
solution, it's not an incredibly robust one.

Thank you in advance,
Robert Waters

The linksys box was not in the network until I had the problems; it
was a last-ditch solution implemented only when I could not get the
new DHCP server working for non-domain PCs.

The DHCP server worked perfectly on a domain member server, but when
moved to the domain controller (using the same configuration with
respect to DNS servers, gateway, WINS etc.) it would only grant IP
addresses to machines (users) authenticated to the domain. e.g. log
into PC with a local (non-domain) user account, no IP assigned; re-
login using a domain account, the IP is provided.
It seems that since I moved the role to the DC, it will only allow
authenticated users to get IP addresses.

Thanks for your help.
.

---

• Follow-Ups:
  • Re: Moved DHCP server to DC, now only works for domain users
    • From: Lanwench [MVP - Exchange]

• References:
  • Moved DHCP server to DC, now only works for domain users
    • From: robert.waters
  • Re: Moved DHCP server to DC, now only works for domain users
    • From: Phillip Windell

• Prev by Date: Re: I have a VPN question for someone please
• Next by Date: Re: Moved DHCP server to DC, now only works for domain users
• Previous by thread: Re: Moved DHCP server to DC, now only works for domain users
• Next by thread: Re: Moved DHCP server to DC, now only works for domain users
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Moved DHCP server to DC, now only works for domain users ... Machines get an IP Config before the user can even login in the first ... If a machine got a Config from the Linksys box then it will keep ... "alive" it will try the Linksys box even of the Linksys DHCP Service ... (microsoft.public.windows.server.networking) Re: Moved DHCP server to DC, now only works for domain users ... Machines get an IP Config before the user can even login in the first ... If a machine got a Config from the Linksys box then it will keep ... "alive" it will try the Linksys box even of the Linksys DHCP Service ... (microsoft.public.windows.server.networking) Re: [FC3] Sites disappearing from DNS ... >>What could be happenning is that your ISP is rotating his machines on ... >>DNS and sending your notifications through DHCP. ... You have to read the DHCP ... firewall config and then restarting both. ... (Fedora) Re: Moved DHCP server to DC, now only works for domain users ... Machines get an IP Config before the user can even login in the first ... Machines always go to the same DHCP they got the last successful Config ... Linksys box the next time. ... (microsoft.public.windows.server.networking) RE: [SLE] Basic setup questions [Part 1] ... >> the range that the LinkSys thinks it owns for dynamic ... > permantently assign a DHCP address to a computer. ... (I refer to the DNS server addresses, netmask, etc., ... I saw something in the LinkSys config pages, ... (SuSE)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)