[Troubleshooting] Troubleshoot DHCP Authorization issue RRS feed

  • Question

    • Make sure that the Windows DHCP server is an Active Directory domain member and that its secure channel to the domain is not broken. Use the Nltest utility that installs with the Windows Support Tools to check the validity of the Windows DHCP server’s secure channel. To reset the secure channel to a domain controller, use the following command: 

      nltest /server: servername /sc_reset: domainname

    • Make sure that the domain ports for LDAP, RPC, and DNS are open between the Windows DHCP server and the local Windows domain controller. Verify that the DHCP server has proper DNS FQDN resolution.
    • On the local Windows Active Directory domain controller, access the NetServices key in the Advanced View of Active Directory Sites and Services, and see if the name or IP address of the Windows DHCP server that is failing authorization is already listed there. If so delete it and let the change be replicated through Active Directory if needed. Then try to authorize the Windows DHCP server in AD.



    To authorize a DHCP server in Active Directory:

    1. Open the DHCP Management snap-in.
    2. In the console tree, click DHCP.
    3. On the Action menu, click Manage authorized servers. The Manage Authorized Servers dialog box appears.
    4. Click Authorize.
    5. When prompted, type the name or IP address of the DHCP server to be authorized, and then click OK.


    You can also authorize a DHCP server via netsh:

    1. Open an elevated command prompt
    2. Enter the command netsh dhcp add server <ServerFQDN> <ServerIP>



    • For a DHCP server to be authorized in an Active Directory domain environment, you must first be logged on as a member of the Enterprise Admins group for the enterprise where the server is being added.
    • This procedure is usually only needed if you are running a DHCP server on a member server. In most cases, if you are installing a DHCP server on a computer also running as a domain controller, the server is automatically authorized the first time you add the server to the DHCP console.
    • The fully qualified domain name (FQDN) of the DHCP server cannot exceed 64 characters. If the FQDN of the DHCP server exceeds 64 characters, the attempt to authorize the server fails with the error message, "A constraint violation has occurred." If your DHCP server FQDN exceeds 64 characters, authorize the server using the IP address of the server instead of its FQDN.

    Go Back

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact

    Monday, December 31, 2018 6:24 AM