Share via


Event ID 1101 — DHCP Server Rogue Detection

Applies To: Windows Server 2008

When configured correctly and authorized for use on a network, Dynamic Host Configuration Protocol (DHCP) servers provide a useful administrative service. However, a misconfigured or unauthorized DHCP server can cause problems. For example, if an unauthorized DHCP server starts, it might begin either leasing incorrect IP addresses to clients or negatively acknowledging DHCP clients that attempt to renew current address leases.

To resolve these issues, DHCP servers are verified as authorized in Active Directory Domain Services before they can service clients and unauthorized, or rogue, servers are detected. This prevents most of the accidental damage caused by either misconfigured DHCP servers or correctly configured DHCP servers running on the wrong network.

Event Details

Product: Windows Operating System
ID: 1101
Source: Microsoft-Windows-DHCP-Server
Version: 6.0
Symbolic Name: DHCP_ROGUE_LOG_PREAUTHORIZED
Message: Cached authorization%0

Resolve

This is a normal condition. No further action is required.

DHCP Server Rogue Detection

DHCP Infrastructure