14

I have a small environment running Windows 2008 R2 where the DHCP service on the domain controller fails every two weeks.

enter image description here

The most-visible error is Event ID 1059 and the Event Viewer message is:

"The DHCP service failed to see a directory server for authorization."

enter image description here

The setup features two domain controller and the usual services and roles (file, print, Exchange). Restarting the service fails for a variety of reasons. I've had the following messages at different times:

  • "Not enough storage is available to complete this operation".
  • "Unable to determine the DHCP Server version for the Server 192.168.x.x"
  • "The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service."

A reboot of the domain controller resolves the issue for ~2 weeks. The systems are virtualized and there are no network connectivity issues.

Any ideas as to what's happening here?

Edit - The solution seems to be to fix a misbehaving domain controller.

ewwhite
  • 194,921
  • 91
  • 434
  • 799
  • I understand that it might sound a little silly, but have you tried this: http://technet.microsoft.com/en-us/library/cc774849%28v=ws.10%29.aspx – George May 21 '12 at 14:50
  • No network connectivity issues. These are VMs. – ewwhite May 21 '12 at 15:16
  • 1
    Wait, shouldn't at least one of the DCs be a physical server? – George May 21 '12 at 15:23
  • Not an option here. It's on separate hardware, though. – ewwhite May 21 '12 at 15:27
  • I am at loss here. Sorry couldn't help. – George May 21 '12 at 15:37
  • 5
    Since both DC's are VMs - are you getting time skew perhaps? VMs are prone to this and could cause some of the issues you're seeing. Are you syncing the time with the hypervisor? – colealtdelete May 21 '12 at 20:29
  • Good point. No time issue, but I will check the next time I see the issue. – ewwhite May 21 '12 at 20:30
  • Are your NICs configured with the proper DNS servers? The first entry should be itself, and the second should be another highly-available DC/DNS server in your organization. – Bigbio2002 May 29 '12 at 21:07
  • @Bigbio2002 Yes. That is how the interfaces are configured. – ewwhite May 29 '12 at 21:08
  • Do you have any active directory issues? Does your domain pass a DCdiag test? – Jeremy May 30 '12 at 15:58
  • 2
    @Bigbio2002 that's wrong, see [this](http://serverfault.com/questions/394804/what-should-the-order-of-dns-servers-be-for-the-network-adapter-of-a-domain-cont/394805#394805). Though that probably doesn't have any bearing on this specific problem it's a common mistake to list the loopback address first on a DC. – MDMarra Jun 02 '12 at 21:27
  • Are the DCs multihomed by chance? i.e. more than one NIC? – Brent Pabst Jun 05 '12 at 14:37
  • No, they're single-NIC virtual machines. – ewwhite Jun 05 '12 at 14:39

10 Answers10

3

This part really jumps out at me:

  • "Not enough storage is available to complete this operation".

I'm assuming that you actually do have disk space available on the server. This points to the possibility of data or disk corruption. Have you run a chkdsk? Do the credentials the DHCP service runs under have permissions to the log directory and to the directory where the DHCP db is stored?

Ruling out those possibilities, next step is to check that there are no invalid entries in DNS for your domain, especially if there was a DC that was removed from the domain at some point. First do a nslookup on the FQDN of your domain, check to make sure there are no invalid IP addresses returned (I've seen sometimes a 2nd unused NIC on a DC with 169.254.x.x address register itself in DNS as a valid NS/DC). Next on the DNS server check SRV entries for LDAP and KRB, make sure they are all valid.

JayBee
  • 31
  • 2
  • 1
    Not a bad answer, but the out of space error is much more likely about memory or item number/database limits. By the time you have so little disk space, your DHCP service is failing, you'll have noticed other, bigger problems. – HopelessN00b Oct 07 '12 at 18:48
  • Microsoft is notoriously bad about throwing this kind of error as an "if all else fails" error. Also, "storage space" refers to a specific "flavor" of memory to be allocated rather than disk space very frequently with this error. – Evan Anderson Jul 15 '13 at 16:16
3

Since I've had the privilege of actually working in this specific environment, I can say with certainty that the DC that is hosting DHCP fails replication and goes unresponsive to requests for various Directory Services functions (like authorizing DHCP servers) every few weeks. This DHCP issue is a symptom of the larger replication problem.

Since the server that DHCP is on is a DC, it only ever looks to itself for authorization. When Directory Services stops functioning on it, so does DHCP.

MDMarra
  • 100,183
  • 32
  • 195
  • 326
0

The issues seems that you are not an enterprise administrator of your the tree in your forest. Do you have any other DHCP's in your domain? Because if you do, try to de-authorize it and see if you can, if you can't then you don't have access which proves the point of not being an enterprise administrator. Please also take a look at this article:

http://technet.microsoft.com/en-us/library/cc775255(v=ws.10).aspx

WeAreYoung
  • 1
  • We have the same issues and being an Enterprise Administrator doesn't solve it. We tried looking but couldn't find a document that describes what exactly associates the DHCP and AD services. – nearora May 31 '12 at 03:40
  • @nearora how often does this occur in your environment? – ewwhite Jun 05 '12 at 14:23
  • @ewwhite, it is permanent. Even a reboot hasn't fixed it for us from what I recall. We've only tried it with a R&D setup with stock standard MS Windows Server 2008 R2. If you need any information for debugging, I could get it, but might take a while as I need to hassle a colleague to let me use their setup. – nearora Jun 05 '12 at 22:09
0

Maybe there is a rogue dhcp server (Check with nmap)? Also, check http://support.microsoft.com/kb/938456 describing conflicting records in AD.

JGurtz
  • 523
  • 5
  • 13
0

maybe you run into a bug. http://support.microsoft.com/kb/2632816/en-gb

user1008764
  • 1,176
  • 2
  • 8
  • 12
0

Just a few articles to look at...some may not seem to apply, but look carefully and consider the causes in each article:

http://support.microsoft.com/kb/935744

http://blogs.technet.com/b/abizerh/archive/2009/07/12/troubleshooting-the-error-not-enough-storage-is-available-to-complete-this-operation.aspx

http://forums.whirlpool.net.au/archive/1533833

TheCleaner
  • 32,352
  • 26
  • 126
  • 188
0

I would check for AD replication issues.

http://www.microsoft.com/en-us/download/details.aspx?id=30005

shouldbeq931
  • 509
  • 4
  • 15
0

Couple of questions for you... Can you try running a DCDiag on both DCs and posting any errors? Are there any other errors in the event logs? If there's no errors now try running it again on both dcs when the service has failed before rebooting the server.

Have you tried simply reinstalling DHCP on the trouble server?

Jason
  • 31
  • 2
  • DCDiag fails on the affected server when this happens. Again, it's once every few weeks, so I need to catch it in progress again before I can troubleshoot more. – ewwhite Aug 15 '12 at 20:22
  • No problem, those issues are always the hardest to track down. – Jason Aug 15 '12 at 20:30
0

So, two virtual Domain Controllers... are both DHCP servers? It sounds like only one is. In which case I'd be tempted to run for a few weeks with the DHCP server only using the other domain controller as DNS. And then for a few weeks with the other domain controller shut down.

You can always revert the change if it impacts on users but it might help narrow down which box (if it is only one) is causing the issue.

I'd also be tempted to add a third DC and then decommission the second one to rule out it being some weird installation corruption of the type Windows loves to flump into.

Have you tried restarting services on the DC rather than rebooting it?

Do the DCs host other services (file, exchange, etc)? Since you've got a virtualised environment do you have headroom to move those services onto their own servers for a few weeks to rule out confusion from those roles clashing?

Additionally, and since it hasn't been commented on, with respect to the "Not enough storage is available to complete this operation" error. If the server's disks are full then all of its DC functions are going to start to fail. Are the disks full?

Paul D'Ambra
  • 1,072
  • 1
  • 13
  • 22
0

To resolve the issue, kindly remove the Server Bindings (Remember we have to have a Static IP address for the DHCP Server to do this).

Steps:

  • Click Start, point to Programs, point to Administrative Tools, and then click DHCP.
  • Right click the name of the original DHCP server name.
  • Click on Add/Remove Bindings.
  • In Server Binding Properties, Uncheck the box for the Local Area Connection and click on OK.
  • Restart the DHCP Service if required.
MDMarra
  • 100,183
  • 32
  • 195
  • 326
William Mascarenhas
  • 1