What would make DHCP server lose authentication?

boB Gage 11 Reputation points
2024-03-28T02:09:30.1433333+00:00

We are a small hospital with a set of vendor devices operating within a private network. The server controlling the private network has two NICs, one on our domain, the other on the private network. They run DNS & DHCP for the private network -- the DHCP server keeps losing authentication.

We have, on three occasions now, had the corporate admins authorize the DHCP service in the Domain Controllers. Twice they have deleted the old authorization and put it in anew, because of this odd problem.

Each time the authorization works, the errors go away, then less than 2 days later, it wants authorization again and the errors re-start.

The DHCP server reports hourly errors 1059 = "The DHCP service failed to see a directory server for authorization."

Thanks!!

Windows DHCP
Windows DHCP
Windows: A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.DHCP: Dynamic Host Configuration Protocol (DHCP). A communications protocol that lets network administrators manage centrally and automate the assignment of Internet Protocol (IP) addresses in an organization's network.
1,021 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2024-03-28T02:09:30.16+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The DHCP service may lose authentication if the DHCP credentials are not configured on the domain controller on which the DHCP Server service and DNS services are installed. This is not a recommended security configuration. Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool. Additionally, the DHCP service may fail to see a directory server for authorization, which can result in event ID 1059. This can occur if the missing or incorrect service principal names (SPNs) cause delegation to fail. It is recommended to check the required service principal names (SPNs) and ensure that they are not missing or incorrect.

    References:

    0 comments
  2. Jing Zhou 2,085 Reputation points Microsoft Vendor
    2024-03-29T02:31:38.9133333+00:00

    Hello,

     

    Thank you for posting in Q&A forum.

    Firstly I want to show you the DHCP authorization logic:

    REF: https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dhcpe/56f8870b-a7c1-4db1-8a86-f69079fe5077

    According to Microsoft Official Documentation, The DHCP server validates its authorization in AD DS every hour. It uses LDAP protocol [MS-ADTS] for the purpose of communicating with the Active Directory and validating whether it is authorized to serve IP addresses.

    Hence you can try to troubleshoot the issue from below aspects:

    1.Check the TCP and domain connectivity between servers.

    2.Check if the DNS configuration on DHCP server is correct.

    3.Check if there's any AD replication issue.

    4.Check if the DHCP service account is configured with proper permission.

    Hope this answer can help you well.

     

    Best regards,

    Jill Zhou

    0 comments