RE: [ActiveDir] DHCP authorization problem
Charlie, is it possible that you were having problems at a lower level in the stack? DHCP should check every 60 minutes by default IIRC. If it loses connectivity, it should check every 5 minutes (default) for the AD. But I don't recall a limit on the number of retries and it sounds like authorization was fine since it was handing out addresses on it's local subnet. Al -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser Sent: Tuesday, November 02, 2004 9:08 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] DHCP authorization problem I'm going to test it again by yanking the ethernet cable after hours and seeing if the same problem returns. I'm still not convinced there isn't a core switch config or code issue. I have seen this happen before; that's why I knew to bounce the service. We're going to keep looking at it. The only other thing running on that box is WINS... ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Robert > Rutherford > Sent: Tuesday, November 02, 2004 1:23 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] DHCP authorization problem > > If you had local connection (same subnet) connection to a DC and DNS > then I can't think of any reason why your problem would occur It's > also strange that the DHCP server was serving to its own subnet and > not to others. > > I would just it put it down to a 'one off' and wouldn't be too > concerned. If you could do a switch bounce again and test it then > fine. > > Out of interest, what else runs on the DHCP server? > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Charlie > Kaiser > Sent: 02 November 2004 00:47 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] DHCP authorization problem > > 1. Yes. > 2. Yes. > 3. Cisco 3640 and 2620s, with a 4006 core switch doing Layer > 3 routing. > 4. Cleanup on the configs, code updates, additional security; stuff > like that. We went over the configs this AM and everything looked > fine, and once I restarted DHCP, all the subnets got addresses just > fine. > 5. Yes. I check that one regularly. :-) > > I don't even mind that the DHCP server unauthorized, but it would have > been nice if it could reauthorize, or at least show me something that > indicated it had unauthorized. When I looked in the MMC, it gave me an > option to unauthorize, so I assumed (I know) it was still authorized. > Made a stupid mistake, though; I didn't check the system log when I > realized we had a problem. Would have found it much faster. > > Is the unauthorizing when DC comms go down behavior by design? > > ** > Charlie Kaiser > MCSE, CCNA > Systems Engineer > Essex Credit / Brickwalk > 510 595 5083 > ****** > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Robert > > Rutherford > > Sent: Monday, November 01, 2004 3:45 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] DHCP authorization problem > > > > A few question completely firing in different directions but may > > lead to a cause :- > > > > 1) I take it your routers are relaying DHCP, not agents? > > 2) Is there a local DC in the same subnet as the DHCP server? > > 3) What are the routers? I've seen different routers play games with > > DHCP relays. > > 4) What was the maintenance? > > 5) Are all your DCs running clean on DCDIAGS ( I know I always ask > > that question, but identifies obvious config issues at times) > > > > Rob > > > > > > > > From: [EMAIL PROTECTED] on behalf of Charlie Kaiser > > Sent: Mon 01/11/2004 21:23 > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] DHCP authorization problem > > > > > > > > I had an odd one over the weekend. We did some network maintenance > > that included a core switch bounce. Down for about 5 minutes. We > found out > > this morning that DHCP wasn't working on any subnets except for the > > one that the DHCP server was on. We had made switch and router code > > and config changes, so we looked to that as a solution, but with no > > success. > > I remembered something from a while back where I had a > similar problem > > and restarted the DHCP service. This corrected the issue. > Apparently, &g
RE: [ActiveDir] DHCP authorization problem
I'm going to test it again by yanking the ethernet cable after hours and seeing if the same problem returns. I'm still not convinced there isn't a core switch config or code issue. I have seen this happen before; that's why I knew to bounce the service. We're going to keep looking at it. The only other thing running on that box is WINS... ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Robert Rutherford > Sent: Tuesday, November 02, 2004 1:23 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] DHCP authorization problem > > If you had local connection (same subnet) connection to a DC and DNS > then I can't think of any reason why your problem would occur It's > also strange that the DHCP server was serving to its own > subnet and not > to others. > > I would just it put it down to a 'one off' and wouldn't be too > concerned. If you could do a switch bounce again and test it > then fine. > > Out of interest, what else runs on the DHCP server? > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Charlie Kaiser > Sent: 02 November 2004 00:47 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] DHCP authorization problem > > 1. Yes. > 2. Yes. > 3. Cisco 3640 and 2620s, with a 4006 core switch doing Layer > 3 routing. > 4. Cleanup on the configs, code updates, additional security; > stuff like > that. We went over the configs this AM and everything looked fine, and > once I restarted DHCP, all the subnets got addresses just fine. > 5. Yes. I check that one regularly. :-) > > I don't even mind that the DHCP server unauthorized, but it would have > been nice if it could reauthorize, or at least show me something that > indicated it had unauthorized. When I looked in the MMC, it gave me an > option to unauthorize, so I assumed (I know) it was still authorized. > Made a stupid mistake, though; I didn't check the system log when I > realized we had a problem. Would have found it much faster. > > Is the unauthorizing when DC comms go down behavior by design? > > ** > Charlie Kaiser > MCSE, CCNA > Systems Engineer > Essex Credit / Brickwalk > 510 595 5083 > ****** > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of > > Robert Rutherford > > Sent: Monday, November 01, 2004 3:45 PM > > To: [EMAIL PROTECTED] > > Subject: RE: [ActiveDir] DHCP authorization problem > > > > A few question completely firing in different directions > > but may lead to a cause :- > > > > 1) I take it your routers are relaying DHCP, not agents? > > 2) Is there a local DC in the same subnet as the DHCP server? > > 3) What are the routers? I've seen different routers play > > games with DHCP relays. > > 4) What was the maintenance? > > 5) Are all your DCs running clean on DCDIAGS ( I know I > > always ask that question, but identifies obvious config > > issues at times) > > > > Rob > > > > > > > > From: [EMAIL PROTECTED] on behalf of Charlie Kaiser > > Sent: Mon 01/11/2004 21:23 > > To: [EMAIL PROTECTED] > > Subject: [ActiveDir] DHCP authorization problem > > > > > > > > I had an odd one over the weekend. We did some network > > maintenance that > > included a core switch bounce. Down for about 5 minutes. We > found out > > this morning that DHCP wasn't working on any subnets except > > for the one > > that the DHCP server was on. We had made switch and router code and > > config changes, so we looked to that as a solution, but with > > no success. > > I remembered something from a while back where I had a > similar problem > > and restarted the DHCP service. This corrected the issue. > Apparently, > > the DHCP server had lost authorization from AD when the core > > switch went > > down. Event ID 1059; "The DHCP service failed to see a > > directory server > > for authorization." I would have expected it to reauthorize once > > connectivity was restored, however. But it didn't. I had to > > restart the > > service manually. > > Is this normal? I would expect that DHCP authorization would > > be able to > > recover from a short loss of connectivity. >
RE: [ActiveDir] DHCP authorization problem
If you had local connection (same subnet) connection to a DC and DNS then I can't think of any reason why your problem would occur It's also strange that the DHCP server was serving to its own subnet and not to others. I would just it put it down to a 'one off' and wouldn't be too concerned. If you could do a switch bounce again and test it then fine. Out of interest, what else runs on the DHCP server? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Charlie Kaiser Sent: 02 November 2004 00:47 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] DHCP authorization problem 1. Yes. 2. Yes. 3. Cisco 3640 and 2620s, with a 4006 core switch doing Layer 3 routing. 4. Cleanup on the configs, code updates, additional security; stuff like that. We went over the configs this AM and everything looked fine, and once I restarted DHCP, all the subnets got addresses just fine. 5. Yes. I check that one regularly. :-) I don't even mind that the DHCP server unauthorized, but it would have been nice if it could reauthorize, or at least show me something that indicated it had unauthorized. When I looked in the MMC, it gave me an option to unauthorize, so I assumed (I know) it was still authorized. Made a stupid mistake, though; I didn't check the system log when I realized we had a problem. Would have found it much faster. Is the unauthorizing when DC comms go down behavior by design? ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Robert Rutherford > Sent: Monday, November 01, 2004 3:45 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] DHCP authorization problem > > A few question completely firing in different directions > but may lead to a cause :- > > 1) I take it your routers are relaying DHCP, not agents? > 2) Is there a local DC in the same subnet as the DHCP server? > 3) What are the routers? I've seen different routers play > games with DHCP relays. > 4) What was the maintenance? > 5) Are all your DCs running clean on DCDIAGS ( I know I > always ask that question, but identifies obvious config > issues at times) > > Rob > > > > From: [EMAIL PROTECTED] on behalf of Charlie Kaiser > Sent: Mon 01/11/2004 21:23 > To: [EMAIL PROTECTED] > Subject: [ActiveDir] DHCP authorization problem > > > > I had an odd one over the weekend. We did some network > maintenance that > included a core switch bounce. Down for about 5 minutes. We found out > this morning that DHCP wasn't working on any subnets except > for the one > that the DHCP server was on. We had made switch and router code and > config changes, so we looked to that as a solution, but with > no success. > I remembered something from a while back where I had a similar problem > and restarted the DHCP service. This corrected the issue. Apparently, > the DHCP server had lost authorization from AD when the core > switch went > down. Event ID 1059; "The DHCP service failed to see a > directory server > for authorization." I would have expected it to reauthorize once > connectivity was restored, however. But it didn't. I had to > restart the > service manually. > Is this normal? I would expect that DHCP authorization would > be able to > recover from a short loss of connectivity. > Any pointers to a way to prevent this from happening again? > Thanks! > > ** > Charlie Kaiser > MCSE, CCNA > Systems Engineer > Essex Credit / Brickwalk > 510 595 5083 > ** > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > == > = > Scanned for virus infection by Messagelabs > == > = > > > List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ === Scanned for virus infection by Messagelabs === List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DHCP authorization problem
1. Yes. 2. Yes. 3. Cisco 3640 and 2620s, with a 4006 core switch doing Layer 3 routing. 4. Cleanup on the configs, code updates, additional security; stuff like that. We went over the configs this AM and everything looked fine, and once I restarted DHCP, all the subnets got addresses just fine. 5. Yes. I check that one regularly. :-) I don't even mind that the DHCP server unauthorized, but it would have been nice if it could reauthorize, or at least show me something that indicated it had unauthorized. When I looked in the MMC, it gave me an option to unauthorize, so I assumed (I know) it was still authorized. Made a stupid mistake, though; I didn't check the system log when I realized we had a problem. Would have found it much faster. Is the unauthorizing when DC comms go down behavior by design? ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > Robert Rutherford > Sent: Monday, November 01, 2004 3:45 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] DHCP authorization problem > > A few question completely firing in different directions > but may lead to a cause :- > > 1) I take it your routers are relaying DHCP, not agents? > 2) Is there a local DC in the same subnet as the DHCP server? > 3) What are the routers? I've seen different routers play > games with DHCP relays. > 4) What was the maintenance? > 5) Are all your DCs running clean on DCDIAGS ( I know I > always ask that question, but identifies obvious config > issues at times) > > Rob > > > > From: [EMAIL PROTECTED] on behalf of Charlie Kaiser > Sent: Mon 01/11/2004 21:23 > To: [EMAIL PROTECTED] > Subject: [ActiveDir] DHCP authorization problem > > > > I had an odd one over the weekend. We did some network > maintenance that > included a core switch bounce. Down for about 5 minutes. We found out > this morning that DHCP wasn't working on any subnets except > for the one > that the DHCP server was on. We had made switch and router code and > config changes, so we looked to that as a solution, but with > no success. > I remembered something from a while back where I had a similar problem > and restarted the DHCP service. This corrected the issue. Apparently, > the DHCP server had lost authorization from AD when the core > switch went > down. Event ID 1059; "The DHCP service failed to see a > directory server > for authorization." I would have expected it to reauthorize once > connectivity was restored, however. But it didn't. I had to > restart the > service manually. > Is this normal? I would expect that DHCP authorization would > be able to > recover from a short loss of connectivity. > Any pointers to a way to prevent this from happening again? > Thanks! > > ** > Charlie Kaiser > MCSE, CCNA > Systems Engineer > Essex Credit / Brickwalk > 510 595 5083 > ** > List info : http://www.activedir.org/mail_list.htm > List FAQ: http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > > == > = > Scanned for virus infection by Messagelabs > == > = > > > List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] DHCP authorization problem
A few question completely firing in different directions but may lead to a cause :- 1) I take it your routers are relaying DHCP, not agents? 2) Is there a local DC in the same subnet as the DHCP server? 3) What are the routers? I've seen different routers play games with DHCP relays. 4) What was the maintenance? 5) Are all your DCs running clean on DCDIAGS ( I know I always ask that question, but identifies obvious config issues at times) Rob From: [EMAIL PROTECTED] on behalf of Charlie Kaiser Sent: Mon 01/11/2004 21:23 To: [EMAIL PROTECTED] Subject: [ActiveDir] DHCP authorization problem I had an odd one over the weekend. We did some network maintenance that included a core switch bounce. Down for about 5 minutes. We found out this morning that DHCP wasn't working on any subnets except for the one that the DHCP server was on. We had made switch and router code and config changes, so we looked to that as a solution, but with no success. I remembered something from a while back where I had a similar problem and restarted the DHCP service. This corrected the issue. Apparently, the DHCP server had lost authorization from AD when the core switch went down. Event ID 1059; "The DHCP service failed to see a directory server for authorization." I would have expected it to reauthorize once connectivity was restored, however. But it didn't. I had to restart the service manually. Is this normal? I would expect that DHCP authorization would be able to recover from a short loss of connectivity. Any pointers to a way to prevent this from happening again? Thanks! ** Charlie Kaiser MCSE, CCNA Systems Engineer Essex Credit / Brickwalk 510 595 5083 ** List info : http://www.activedir.org/mail_list.htm List FAQ: http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ === Scanned for virus infection by Messagelabs === <>
