🟠 High   ⏱ 5–30 min  Last verified: 29 May 2026
Affected versions: Windows Server 2022

πŸ“– ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution β€” Primary Fix
  7. Solution β€” Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Clients intermittently get wrong network settings or APIPA addresses, breaking access to domain resources.

Environment & Reproduction

Windows Server 2022 build 20348 in switched networks lacking DHCP snooping controls.

ipconfig /all
Get-DhcpServerInDC
Get-DhcpServerv4Lease -AllLeases | Select -First 20

Root Cause Analysis

Unauthorized DHCP service on endpoint, lab device, or virtual switch injects faster DHCPOFFER packets.

Quick Triage

Identify lease source and compare offered gateway/DNS values.

Get-NetIPConfiguration
arp -a
Get-WinEvent -LogName System -MaxEvents 40 | Where-Object Message -match 'DHCP'

Step-by-Step Diagnosis

Capture DHCP traffic and trace OFFER server identifiers.

pktmon start --capture --comp nics --pkt-size 0
Start-Sleep -Seconds 20
pktmon stop
pktmon format PktMon.etl -o C:Temppktmon-dhcp.txt
Illustrative mockup for windows-server-2022 β€” terminal_or_powershell
Rogue DHCP detection output β€” Illustrative mockup β€” Progressive Robot

Solution β€” Primary Fix

Remove rogue DHCP source and authorize only trusted servers.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Add-DhcpServerInDC -DnsName dhcp01.contoso.local -IpAddress 10.10.10.5
Get-DhcpServerInDC
# Disable rogue service on identified host
sc.exe \roguehost stop dhcpserver
Illustrative mockup for windows-server-2022 β€” event_or_log_viewer
Client lease failures and conflict logs β€” Illustrative mockup β€” Progressive Robot

Solution β€” Alternative Approaches

Enforce network controls when immediate device removal is not possible.

# Switch-side action (vendor specific): enable DHCP snooping on access VLANs
# Temporary host mitigation
ipconfig /release
ipconfig /renew

Verification & Acceptance Criteria

Clients receive leases from authorized DHCP with correct options.

Get-DhcpServerv4Lease -ScopeId 10.10.20.0 | Select IPAddress,ClientId,HostName
ipconfig /all

Rollback Plan

If outage occurs after network policy change, disable new ACL and restore prior switch config.

# Restore previous switch config from backup
# Re-enable previous relay path if modified

Prevention & Hardening

Use DHCP snooping, port security, and periodic rogue scans.

Get-DhcpServerAuditLog
Export-DhcpServer -File C:Tempdhcp-audit.xml

Frequently appears with VLAN trunk mistakes and duplicate gateway advertisements.

Related tutorial: View the step-by-step tutorial for Windows Server 2022.

View all Windows Server 2022 tutorials on the Tutorials Hub β†’

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Microsoft Learn DHCP authorization in AD DS and enterprise rogue DHCP prevention.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today β€” we respond within one business day.