Windows Server 2008 R2 DHCP Error 1046–not authorized

Its late last night and I am doing my usual labs and I just rebuilt my entire lab using Server Core. It’s a temporary lab for a customer POC that I will ship out tomorrow and with that I have combined AD + DNS + DHCP role in one VM. So here’s the story:

  1. Successfully Installed AD and DNS, thru DCPromo /unattend:c:\DCUnnattend.txt – good.
  2. Installed DHCP server role using my trusted OCsetup and it installed flawlessly.
  3. Used netsh exec to load my usual DHCP configuration, same one that I have been using so far on any server install that I have for labs. Great.
  4. Now its not giving any IP addresses to other client VM’s – now why?
    I did some troubleshooting and found an error on the event log: Error 1046! (yea used wevtutil and viewing it thru event viewer but that’s for another story Smile)
      So what is Event 1046? TechNet says:

    Event ID 1046 — DHCP General Availability
    Applies To: Windows Server 2008

    General availability of the Dynamic Host Configuration Protocol (DHCP) server refers to its ability to service clients. General availability depends on:

    1. Proper authorization of the DHCP server
    2. Presence of Active Directory Domain Services
    3. Successful loading of the DHCP dynamic-link libraries (DLLs)

    Wait I say to myself, isn’t this server core installation is also the AD Server of this domain? Because I know for a fact that if DHCP role is installed in a computer running the AD also, it does not have to be Authorized!

    Okay, lets authorize it via CMD using this:

    netsh dhcp server serverID initiate auth


    netsh dhcp server initiate auth

    Oh this will be a long night. So saved the server VM, snapshot, shutdown and then I tried it again now using a template that is not from Core (Windows Server 2008 R2 Full + AD + DNS installed from WDS, another story for later). Tried same steps and there, Then me going to the DHCP snap-in on the server manager, I confirmed that the DHCP server still appears unauthorized. Out of desperation, I Restarted my server and while doing so reading this: Not very helpful though. Ok out of frustration, I authorized my DHCP on the MMC Snap-in and everything works fine!

    Having that, I suspect I am using the wrong command to initiate the authorization. Okay going back to basics, as one of my very very dark mentor before when I was still on the ISP business “RTFM”!

    So going to


    Wait, what?! Nah, lets see the complete manual of netsh dhcp here:


    So lets try it out, shut down the Server Fulls and restored the Server Core VM’s fired up this command:

    Netsh DCHP add server <fqdn>

    and it works, its alive! its alive!

    Okay lesson learned, if you are installing DHCP role with ADDS + DNS role, make sure that you add your fqdn and ip to the list of authorized servers in active directory. Snap-in authorization does this for us (I think) but if you are now using and adopting Server Core for the entire enterprise make sure that you fire up that command. Thus a new entry in my step-by-step commands on deploying Windows Server.

    Now back to my servers! Cheers! And oh Good morning!


    Enabling Audit Events for Windows Firewall with Advanced Security

    If you are following the TechNet Article you may notice that if you use :

    auditpol.exe /list /category:"Policy Change"  or any category, this throws an error 0x00000057 that the parameter is incorrect when used with Windows Server 2008 R2 and Windows 8 Beta (I have not checked with Vista and XP).

    When /get is used rather than /list, there is no error and it displays correctly. Full command used is as follows:

    auditpol.exe /get /category:"Policy Change"