Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Rouge DHCP servers

95 views
Skip to first unread message

Paul

unread,
Oct 12, 2004, 1:01:01 AM10/12/04
to
Is there a way to make Windows DHCP server ignore any other DHCP servers on
the network?
Example - If an ADSL router with DHCP enabled (default on most routers) is
connected to the network, for configuration or testing, the Windows DHCP
service is stopped.

Doug Sherman [MVP]

unread,
Oct 12, 2004, 11:14:59 AM10/12/04
to
Try editing the registry;

Set the following registry key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters

Value name: DisableRogueDetection

Data type: REG_DWORD Value data: 1

Doug Sherman
MCSE Win2k/NT4.0, MCSA, MCP+I, MVP
"Paul" <Pa...@discussions.microsoft.com> wrote in message
news:59D6C58A-3C1A-449E...@microsoft.com...

Lanwench [MVP - Exchange]

unread,
Oct 12, 2004, 9:41:08 AM10/12/04
to

No - although with W2003 (and, I believe W2000) DHCP it will detect another
similar Windows server DHCP server. The right answer is, don't let anyone
else connect a router to your network, and if they do, give 'em a good
talking to.


Paul

unread,
Oct 12, 2004, 7:15:06 PM10/12/04
to
Thank you Doug.

I spent around 2 hours searching the KB.

Paul

unread,
Oct 13, 2004, 8:05:03 PM10/13/04
to
Doug,

Tried adding the registy key below then to test I connected a router with
DHCP enabled

An hour later, (as articles i've read suggest) the DHCP server stopped with
the following detail

Details
Product: Windows Operating System
ID: 1053
Source: DhcpServer
Version: 5.2
Symbolic Name: DHCP_ROGUE_EVENT_SAM_OTHER_SERVER
Message: The DHCP/BINL service on this computer running Windows Server 2003
for Small Business Server has encountered another server on this network with
IP Address, %1, belonging to the domain: %2.

Explanation
Another active DHCP server might be on the network.

User Action
Verify that no other DHCP server is active on the network. If Routing and
Remote Access is set up incorrectly, it can act as a second DHCP server. An
SBS DHCP server will not operate in the presence of another active DHCP
server.


Is there no possible way to combat this problem?????

Lanwench [MVP - Exchange]

unread,
Oct 13, 2004, 9:10:30 PM10/13/04
to
Paul wrote:
> Doug,
>
> Tried adding the registy key below then to test I connected a router
> with DHCP enabled
>
> An hour later, (as articles i've read suggest) the DHCP server
> stopped with the following detail
>
> Details
> Product: Windows Operating System
> ID: 1053
> Source: DhcpServer
> Version: 5.2
> Symbolic Name: DHCP_ROGUE_EVENT_SAM_OTHER_SERVER
> Message: The DHCP/BINL service on this computer running Windows
> Server 2003 for Small Business Server has encountered another server
> on this network with IP Address, %1, belonging to the domain: %2.
>
> Explanation
> Another active DHCP server might be on the network.
>
> User Action
> Verify that no other DHCP server is active on the network. If Routing
> and Remote Access is set up incorrectly, it can act as a second DHCP
> server. An SBS DHCP server will not operate in the presence of
> another active DHCP server.
>
>
> Is there no possible way to combat this problem?????

Yes. Do not let anyone connect a DHCP server to the network, unless it's
you. Nobody should be doing stuff like this.

Lanwench [MVP - Exchange]

unread,
Oct 13, 2004, 9:09:23 PM10/13/04
to
Doug Sherman [MVP] wrote:
> Try editing the registry;
>
> Set the following registry key:
>
> HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters
>
> Value name: DisableRogueDetection
>
> Data type: REG_DWORD Value data: 1

I believe that will only work with other Windows DHCP servers....no?

Achint Setia {MSFT}

unread,
Oct 23, 2004, 7:35:45 AM10/23/04
to
Are you running an unauthenticated Windows DHCP server?
If that's the case, you first need to authenticate it in Active
Directory.Then it won't be affected by any new servers coming up in the
domain.

--
Thanks,
Achint Setia
ase...@online.microsoft.com
-----------------------------------------------------------------------------------------------------------------------
This posting is provided "AS IS" with no warranties, and confers no rights.
-----------------------------------------------------------------------------------------------------------------------
"Lanwench [MVP - Exchange]"
<lanw...@heybuddy.donotsendme.unsolicitedmail.atyahoo.com> wrote in message
news:u58iICZs...@TK2MSFTNGP12.phx.gbl...

Lanwench [MVP - Exchange]

unread,
Oct 24, 2004, 10:45:18 AM10/24/04
to
Achint Setia {MSFT} wrote:
> Are you running an unauthenticated Windows DHCP server?
> If that's the case, you first need to authenticate it in Active
> Directory.Then it won't be affected by any new servers coming up in
> the domain.

It won't run if it isn't authorized anyway. And it won't do anything to
prevent problems if someone plugs in a little router/firewall that has a
DHCP server....

0 new messages