Announcement

Collapse
No announcement yet.

DHCP server disables itself detecting rogue DHCP

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • DHCP server disables itself detecting rogue DHCP

    I have a customer with a network in a public environment (golf course). A conference room has a wireless router plugged into the network giving the conference room users access to the Internet on a different subnet.

    Yesterday the DHCP server on the Windows 2003 server (192.168.10.2) shut down because it detected a rougue DHCP server (192.168.0.1) on the network. We suspect that someone hit the reset button on the wireless router which enabled DHCP. It had been previously disabled.

    Is it possible to disable Server 2003 ability to shut down the DHCP service on detection of a rougue DHCP server? Becuase of this one incident, the entire facility went down including all the POS terminals.

    Thanks,
    Network Engineers do IT under the desk

  • #2
    Re: DHCP server disables itself detecting rogue DHCP

    Try this:

    Under HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\DHCPServer\Parameters set DisableRogueDetection to a DWORD of 00000001

    Test it, test it, and test it again (just to make sure!).

    p.s. I do not know why there is a space in the word Services in my post - I tried to remove it but it won't go away. Oh well.
    Best wishes,
    PaulH.
    MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

    Comment


    • #3
      Re: DHCP server disables itself detecting rogue DHCP

      Thanks, will give it a try
      Network Engineers do IT under the desk

      Comment


      • #4
        Re: DHCP server disables itself detecting rogue DHCP


        From what you write, it does not seem that this router is the culprit. If you hooked it up; Main LAN > WAN port, then that DHCP service that was enabled would not affect the server DHCP.
        If you hooked it up to the LAN ports on the router you would not be able to use the network either, based on your IP scheme.


        But in the other hand if the router was reset without your knowledge, then that person could have fiddled with the cables and triggered the DHCP shutdown.

        Just a thought
        "...if I turn out to be particularly clear, you've probably misunderstood what I've said” - Alan Greenspan

        Comment


        • #5
          Re: DHCP server disables itself detecting rogue DHCP

          Originally posted by Lior_S View Post
          you would not be able to use the network either, based on your IP scheme.
          ...unless he had a subnet mask of 255.255.0.0, perhaps? But as that's likely to be unusual, he should have both on 192.168.0.x, I agree.
          Best wishes,
          PaulH.
          MCP:Server 2003; MCITP:Server 2008; MCTS: SBS2008

          Comment


          • #6
            Re: DHCP server disables itself detecting rogue DHCP

            Actually, DHCP would have been enabled to service the wireless clients in the conference room on 192.168.0.0 / 24.

            I suspect that someone unplugged the network connection (192.168.10.0 / 24) from the WAN port on the router and plugged it in to the LAN port on the router.
            Network Engineers do IT under the desk

            Comment

            Working...
            X