Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1053 Source: DhcpServer

Source
Level
Description
The DHCP/BINL service on this Small Business Server has encountered another server on this network with  IP Address, <IP address>, belonging to the domain: .
Comments
 
See the link to "EventID 1053 from source DHCP" for information on this event.
There is a discussion of this problem at Minasi Forums Topic ID: 9033. Microsoft added rogue DHCP detection in Server 2003. The official DHCP service must be authorized and entered in Active Directory. Authorization seems to be by IP address, which seems to authorize all DHCP services using that IP. The Server Management Console in SBS 2003 is flawed and hides the correct setup screen for VPN and Dialup address allocation. It leads one to the setup for a mini- DHCP server labeled the '' DHCP Allocator'' within the NAT/Basic Firewall setup. This Allocator is seen by SBS as a second DHCP and causes the DHCP services on the server to shut down. This often leaves the Allocator running and gives clients the domain suffix mshome.net. Stopping the RRAS service corrects the 1053 problem so there is proof this is the issue. To use RRAS and avoid 1053 drill to NAT/Basic Firewall and in its properties select TAB Address Assignment and uncheck "Automatically assign IP addresses by using the DHCP Allocator". This stopped the 1053 shut downs for me. Use the RRAS console accessed from the START, Admin Tools menu to setup VPN and dialup addressing. There are properties in this console that cannot be reached via the Server Management console. Follow the link to Minasi Forums Topic ID: 9033 for more details.
The problem was related to our T-1 router on which the night before our ISP had just installed another DHCP service without notice. The router's IP address was the same as the gateway address we were using and that generated conflicts with our DHCP server. We had the DHCP service turned off on the router and everything's back to normal.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...