Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Saturday, August 21, 2010 2:52 AM
Hello,
I am very new to Windows Server (3 weeks now) and am installing Active Directory, DNS, and DHCP on the same box.
Using the roles installation wizards the 3 are installed, however I am receiving an error Event ID: 1056 Documented here.
The message in the event log is below:
| Message: | The DHCP service has detected that it is running on a DC and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration. Credentials for Dynamic DNS registrations may be configured using the command line "netsh dhcp server set dnscredentials" or via the DHCP Administrative tool. |
To Fix the error I beleive that I need to change the Logon for the DHCP Service from NT AUTHORITY\NetworkService to an Account in my active directory domain, and then to register that account per the instructions linked above.
I attempted to create an account called DHCPUser and added it to the Administrative and System groups, but when I try to start the service it tells gives me Error 1297: A privilege that the service requires to function properly does not exist in the service account configuration. You may use the Services Microsoft Management Console (MMC) snap-in (services.msc) and the Local Security Settings MMC snap-in (secpol.msc) to view the service configuration and the account configuration.
I have tried a number of different combinations of permissions in the "Members Of" and "Security" tabs with no luck.
Do I even need a domain account to start this service to correct the original error? Any help would be greatly appreciated.
All replies (3)
Saturday, August 21, 2010 5:12 AM âś…Answered
Hi,
I created a new Hyper-V guest to test this out. I created a domain
(contoso.com) and configured the DHCP role and authorized the server in AD.
The first piece that I determined is that the DHCP service needs to run
as the Network Service account. Since the Authenticated Users principal
has the ability to create all child objects in the forward lookup zone,
you will simply need to create a regular domain user account using
Active Directory Users and Computers (I called mine dhcpregister).
I set the credentials with the following command:
netsh dhcp server set dnscredentials <username> <domain> <password>
netsh dhcp server set dnscredentials dhcpregister contoso.com DHCPPSWD
You can determine the exact syntax for your system with:
netsh dhcp server set dnscredentials /?
From there the DHCP Server service needs to be restarted and everything
should work. There is a little bit of a potential difficulty with these
docs,
http://technet.microsoft.com/en-us/library/cc774834%28WS.10%29.aspx
Here it is unclear whether the account should be a domain account and
the doc says to create it as a local account (here the domain becomes
the computer name). This doc says that you should use a dedicated user
account in AD:
http://technet.microsoft.com/en-us/library/cc774797%28WS.10%29.aspx
-- Mike Burr
Sunday, August 22, 2010 7:56 PM
Hi Mike,
I really appreciate the help!
Based on your explanation I think understand where I'm going wrong.
I didn't realize that the DHCP's service logon account needs to remain the "Network Service" account.
If I understood correctly, I am simply creating a standard user account for the sole purpose of that dnscredentials command.
I spent a few hours futsing with this one and was starting to lose some hair! I can't thank you enough!
- Jordan
Monday, September 2, 2013 5:12 AM
I had the same issue that DNS was NOT updating. So I changed my service account. That was a bad idea. So I put "NT AUTHORITY\NetworkService" back as the user. (remember to leave password fields blank)
I then used the link above, http://technet.microsoft.com/en-us/library/cc774834%28WS.10%29.aspx, and that new ID to do the DNS updates. Summarized steps below.
Please note I am running windows 2012.
- Go to command prompt and type: netsh dhcp server set dnscredentials username domainname password (where username is the new account created in the previous step), and then press ENTER.
- Type: netsh dhcp server show dnscredentials
This will display the user info you just setup to validate it looks correct. - Restart the DNS service
- Goto a DHCP computer
- Go to a command prompt and type: IPCONFIG /RENEW
- Review your DNS server for that updated computer
Good luck!