Event ID 1046 may be logged when a Windows Server 2003-based DHCP server is running on a domain controller in a child domain


A Windows Server 2003-based Dynamic Host Configuration Protocol (DHCP) server is running on a domain controller in a child domain. Although the DHCP Microsoft Management Console (MMC) snap-in shows that the status of the server is unauthorized, the only available button is
Unauthorize. Sometimes, neither the Authorize button nor the Unauthorize button is available. Additionally, the following event may be logged:
Event ID: 1046
Source: DhcpServer
Description: The Dhcp/Binl service on the local machine, belonging to the Windows Administrative domain child1.domainname.com, has determined that it is not authorized to start. It has stopped servicing clients. The following are some possible reasons for this: This machine is part of a directory service enterprise and is not authorized in the same domain. (See help on the DHCP Service Management Tool for additional information). This machine cannot reach its directory service enterprise and it has encountered another DHCP service on the network belonging to a directory service enterprise on which the local machine is not authorized. Some unexpected network error occurred. For more information, see Help and Support Center at


To work around this problem, trigger Active Directory directory service replication in the forest. Use the ADSIedit.msc tool to check the following Active Directory location from the root domain controller:
You will see that the DHCP server object has been added.

Note When you check this Active Directory location from domain controllers that are running in child domains, you may not see the DHCP server object. This object may be missing because of configuration partition replication latency or because of other replication problems. The DHCP service can verify itself by using any domain controller in the forest. If replication has not finished yet, the DHCP server may not see the DHCP server object on a domain controller in a child domain.

More Information

The DHCP authorization process

  1. The DHCP server contacts a domain controller in the root domain and adds itself to the following Active Directory location:
  2. The DHCP MMC snap-in immediately changes the active button from Authorize to Unauthorize.
  3. The DHCP server does not start servicing DHCP clients immediately. Instead, the DHCP server checks the location that is listed in step 1 to make sure that the server is authorized before it starts servicing clients. This check can occur on any domain controller in the forest.

    Note It may take some time for a DHCP server in a child domain to be fully operational. This is because the DHCP server must add itself to Active Directory on a domain controller in the root domain. Then, this information has to be replicated to domain controllers in a child domain in case the DHCP server uses one of these domain controllers to verify authorization.

Article ID: 941464 - Last Review: May 18, 2009 - Revision: 1