DHCP issues with CCM

Unanswered Question
Mar 26th, 2007


DHCP server on my main CCM server is having issues.

The error report is the following:

The DHCP/BINL service on this workgroup server has encountered another server with IP Address, 10.x.x.x, belonging to the domain xxxxx.

A little background. Our main DHCP server for our company went down a few weeks back, and weve been having this problem since we have brought it back up (as a new rebuit server).

We can workaround this problem, by stopping DHCP on the main server and starting DHCP Server on my CCM server. We can then start the DHCP service back up on the main server. This resolves the immediate problem (phones grab ip's and are fine untill a switch goes down, or they loose connection and try to renew their ip, and get stuck at configuring ip).

Any help would be appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
MikeTomasko Mon, 03/26/2007 - 12:53

When you rebuilt your main DHCP server, did you bring it back up online with a new name and new IP or old name, old IP...etc?

What you probably want to do is disable the DHCP scopes on the server you want to be the backup DHCP server. Then if the main DHCP server goes down, you can just activate the scopes. You don't want 2 active DHCP severs severing the same subnet.

marcuscastellanos Mon, 03/26/2007 - 13:21

When we brought the new main dchp server, it has a new name, but the same ip.

Here's the catch. The main DHCP server does not have my scope in it. My CCM server handles the scope for my range, and only my phone scope.

MikeTomasko Mon, 03/26/2007 - 13:26

Can you give me more detailed info...

Main DHCP Server IP Address?

Subnets servered by main DHCP Server?

2nd DHCP Server IP Address?

Subnets servered by 2nd DHCP Server?

Are they both on the same VLANs?

marcuscastellanos Mon, 03/26/2007 - 13:31

Main DHCP server address (DHCP)=

Start IP = -

2nd DHCP server address (CCM) =

Start IP = - (site 1) - (site 2) - (site 3)

I'm pretty sure they arent on the same Vlans

MikeTomasko Mon, 03/26/2007 - 16:33

Your 2 DHCP servers are probably on the same VLAN since they are on the same subnet and obiviously see each other on the network. I'd confirm your switch configs.

marcuscastellanos Tue, 03/27/2007 - 08:13

Mike, if im understanding you, they can not be on the same vlans?

I don't think any ip's or vlans had changed over from the previous DHCP server and it was working fine before.

marcuscastellanos Tue, 03/27/2007 - 09:11

Ok.. I think I found the source of the problem.

The old Server was running on nt 4.0 and was serving DHCP off that.

The new server is 2000. (no one told me the OS change)

Checking M$ ive found the following

Protecting Against Improper Use of Workgroup DHCP Servers

When a DHCP server that is not a member server of the domain (such as a member of a workgroup) comes up, the following happens: The server broadcasts a DHCPINFORM message on the network. Any other server that receives this message responds with DHCPACK message and provides the name of the directory domain it is part of. If a workgroup DHCP server detects another member DHCP server of a domain on the network, the workgroup DHCP server assumes that it is unauthorized on that network and does not service requests. If the workgroup DHCP server detects the presence of another workgroup server, it ignores it; this means that there can be multiple workgroup servers active at the same time, as long as there is no directory service.

Even when a workgroup server comes up and finds itself allowed to run (because no other domain member server or workgroup server is on the network), it continues to probe DHCPINFORM every five minutes. If an authorized domain member DHCP server comes up later, the workgroup server becomes unauthorized and stops servicing.

so.. I'm trying to find out if there is anyway to disable DHCPINFORM?

Or it looks like im going to have to have my servers join the domain (which i really do not want, due to security reasons)

Anyone else run into this issue?

marcuscastellanos Thu, 03/29/2007 - 09:14

Ok.. figure'd I would update this

We found a workaround, that was intended for sp1 but works fine for this specific instance.


The DHCP Authorization Process Occurs Frequently or, in Some Cases, Occurs Too Often, Which Causes Server Performance Problems

In versions of Windows 2000 that are earlier than Windows 2000 SP2, the Active Directory querying process is inefficient. The Active Directory querying process can consume up to 1 megabyte (MB) of network bandwidth for each DHCP server if you have approximately 800 authorized DHCP servers. This process can consume most of the network bandwidth if you are connected over a slow wide area network (WAN) link.

The Active Directory querying process has been optimized in Windows 2000 SP2, which results in about 10 packets for each authorized server regardless of the number of authorized DHCP servers. Also, a registry entry is added to disable the Rogue Detection feature. To disable the Rogue Detection feature: 1. Apply the latest service pack for Windows 2000 to the DHCP server. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

260910 (http://support.microsoft.com/kb/260910/) How to obtain the latest Windows 2000 Service Pack

2. WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

Set the following registry key:


Value name: DisableRogueDetection

Data type: REG_DWORD

Value data: 1


This Discussion