Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1045 Source: DHCP

The DHCP/BINL service on the local machine has determined that it is not authorized to start. It has stopped servicing clients. The following are some possible reasons for this: This machine belongs to a workgroup and has encountered another DHCP Server (belonging to a Windows Administrative Domain) servicing the same network.
An unexpected network error occurred.
As per Microsoft: "When configured correctly and authorized for use on a network, Dynamic Host Configuration Protocol (DHCP) servers provide a useful administrative service. However, a misconfigured or unauthorized DHCP server can cause problems. For example, if an unauthorized DHCP server starts, it might begin either leasing incorrect IP addresses to clients or negatively acknowledging DHCP clients that attempt to renew current IP address leases.

To resolve these issues, DHCP servers are verified as authorized in Active Directory Domain Services before they can service clients. This prevents most of the accidental damage caused by either misconfigured DHCP servers or correctly configured DHCP servers running on the wrong network". See the link to "Event ID 1045 - DHCP Authorization and Conflicts" for more details.
As per Microsoft: "This event message indicates the possibility of an unauthorized server on the network. For the directory authorization process to work properly, it is assumed and necessary that the first DHCP server introduced on to your network participate in the Active Directory service. This requires that the server be installed as either a domain controller or a member server. Where you are either planning for or actively deploying Active Directory services, it is important that you do not select to install your first DHCP server computer as a stand-alone server". See MSW2KDB for more details.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.