After you install the DHCP Server service on a Windows
Server 2003 domain controller that is also running the DNS Server service, the
following event may be logged in the System log:
Event Source: DhcpServer
Event ID: 1056
The DHCP service has detected that it is running on a domain
controller and has no credentials configured for use with Dynamic DNS
registrations initiated by the DHCP service. This is not a recommended security
configuration. Credentials for Dynamic DNS registrations may be configured
using the command line "netsh dhcp server set dnscredentials" or via the DHCP
This behavior occurs because you did not configure the DHCP Credentials on the domain controller on which you installed the DHCP Server service and DNS services. This is not a recommended configuration; see the "More Information" section of this article for more detail.
To resolve this behavior, configure DNSCredentials by using
one of the following methods:
By Using the DHCP Server Snap-In
- In the DHCP Server snap-in, which is located in the
Administrative Tools folder, right-click the DHCP server that you want to
configure, and then click Properties.
- On the Advanced tab, click Credentials.
- Type the username, domain and password of the account under
which you want the DHCP Server service to run. You can use any valid existing
user account for this, such as a Domain User account. The account should not be
set to expire or have any other restrictions.
- Click OK, and then OK again to exit the Properties dialog box.
By Using the Netsh.exe Command Line
- From a command prompt, type netsh,
and then press ENTER.
- From the netsh prompt, type dhcp server
ipaddress is the IP address of the DHCP server that
you want to configure), and then press ENTER.
- Type set dnscredentials username domain password (where username domain password is the
user account information for the account under which you want the DHCP Server
to run), and then press ENTER. You can use any valid existing user account for
this, such as a Domain User account. The account should not be set to expire or
have any other restrictions.
- Type quit, and then press ENTER to exit.
The DHCP Server service runs under the domain controller's
computer account and therefore has full control of all DNS objects. As a
result, DNS records that you have dynamically registered with DNS are
susceptible to having their name records overwritten by an earlier version of
DHCP Client. This behavior may be undesirable, especially if you have
configured the DNS zone for Secure Updates only. By using the DNSCredentials
parameter, you can run the DHCP Server service under a specified user account
that does not have the ability to overwrite the DNS records.
Microsoft strongly recommends the use of DNSCredentials when you are running
the DHCP Server service and DNS services on the same domain controller to
ensure the integrity of Secure Dynamic Updates. If you do not use
DNSCredentials, Microsoft recommends that you run the services on different