Dynamic Host Configuration Protocol server management issues in Windows 2000 and in Windows Server 2003

The following problems are fixed in Microsoft Windows 2000 Service Pack 2 (SP2)and in Microsoft Windows Server 2003:

• No more than approximately 850 Dynamic Host Configuration Protocol (DHCP) servers can be authorized in Active Directory.
• The Active Directory query interval is not configurable.
• The DHCP authorization process occurs frequently or, in some cases, occurs too often, which causes server performance problems.

This article describes how to use Windows 2000 SP2 and Windows Server 2003 to resolve these problems.

No More Than Approximately 850 Dynamic Host Configuration Protocol Servers Can Be Authorized in Active Directory

In a Windows 2000 domain, DHCP servers must be authorized in Active Directory before those DHCP servers can service DHCP Clients. In versions of Windows 2000 that are earlier than Windows 2000 SP2, only approximately 850 DHCP servers can be authorized in Active Directory. This is a per-forest limitation. After the limit on the number of DHCP servers is reached, you may receive the following error message: To remove this limitation and resolve this problem:

1. Apply the latest service pack for Windows 2000 or for Windows Server 2003 to all of the DHCP servers, and also to any servers that you use to administer DHCP. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
   260910 How to obtain the latest Windows 2000 Service Pack
   For more information, click the following article number to view the article in the Microsoft Knowledge Base:
   889100 How to obtain the latest service pack for Windows Server 2003
2. WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
   
   Set the following registry key on all of the DHCP servers, and also to any servers that you use to administer DHCP:
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters
   Value name: SP2Mode
   Data type: REG_DWORD
   Value data: 1

NOTE: If you remove Windows 2000 Service Pack 2 (SP2) on an authorized DHCP server, the server may see itself as unauthorized, and therefore the server may stop servicing clients.

The Active Directory Query Interval Is Not Configurable

With versions of Windows 2000 that are earlier than Windows 2000 SP2, a DHCP server verifies authorization status with Active Directory when the DHCP server is started, and approximately every 60 minutes after that. If the server does not pass authentication, the server retries every five minutes. You can use the following steps to modify the DHCP Active Directory authorization check interval:

1. Apply the latest service pack for Windows 2000 to the DHCP server. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
   260910 How to obtain the latest Windows 2000 Service Pack
2. WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
   
   Set the following registry key on the DHCP server:
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters
   Value name: RogueAuthorizationRecheckInterval
   Data type: REG_DWORD
   Value data: Minutes between Authorization Intervals (Default = 60)

The DHCP Authorization Process Occurs Frequently or, in Some Cases, Occurs Too Often, Which Causes Server Performance Problems

In versions of Windows 2000 that are earlier than Windows 2000 SP2, the Active Directory querying process is inefficient. The Active Directory querying process can consume up to 1 megabyte (MB) of network bandwidth for each DHCP server if you have approximately 800 authorized DHCP servers. This process can consume most of the network bandwidth if you are connected over a slow wide area network (WAN) link.

The Active Directory querying process has been optimized in Windows 2000 SP2, which results in about 10 packets for each authorized server regardless of the number of authorized DHCP servers. Also, a registry entry is added to disable the Rogue Detection feature. To disable the Rogue Detection feature:

1. Apply the latest service pack for Windows 2000 to the DHCP server. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
   260910 How to obtain the latest Windows 2000 Service Pack
2. WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.
   
   Set the following registry key:
   HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters
   Value name: DisableRogueDetection
   Data type: REG_DWORD
   Value data: 1

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section. This problem was first corrected in Windows 2000 Service Pack 2.