🟠 High   ⏱ 5–30 min  Last verified: 29 May 2026
Affected versions: Windows Server 2019

📖 ~1 min read

Table of contents
  1. Symptom & Impact
  2. Environment & Reproduction
  3. Root Cause Analysis
  4. Quick Triage
  5. Step-by-Step Diagnosis
  6. Solution — Primary Fix
  7. Solution — Alternative Approaches
  8. Verification & Acceptance Criteria
  9. Rollback Plan
  10. Prevention & Hardening
  11. Related Errors & Cross-Refs
  12. References & Further Reading

Symptom & Impact

Clients obtain invalid network settings, leading to intermittent internet access and inability to reach domain services.

Environment & Reproduction

Enterprise VLAN where unauthorized endpoint provides faster DHCPOFFER responses.

ipconfig /all
Get-DhcpServerInDC

Root Cause Analysis

A rogue DHCP instance or consumer router is connected to an access port without DHCP snooping controls.

Quick Triage

Compare gateway and DNS options from failing clients to authorized scope settings.

Get-DhcpServerv4OptionValue -ScopeId 10.10.20.0
Get-NetIPConfiguration

Step-by-Step Diagnosis

Capture DHCP traffic and identify the server identifier from unexpected offers.

pktmon start --capture --comp nics --pkt-size 0
Start-Sleep -Seconds 20
pktmon stop
pktmon format PktMon.etl -o C:Temppktmon-dhcp.txt
Illustrative mockup for windows-server-2019 — terminal_or_powershell
Rogue DHCP detection workflow — Illustrative mockup — Progressive Robot

Solution — Primary Fix

Remove rogue DHCP source and ensure only authorized DHCP servers are in AD.

Still having issues? Our IT Solutions & Services team can diagnose and resolve this for you. Get in touch for a free consultation.

Get-DhcpServerInDC
Add-DhcpServerInDC -DnsName dhcp01.contoso.local -IpAddress 10.10.10.5
sc.exe \roguehost stop dhcpserver
Illustrative mockup for windows-server-2019 — event_or_log_viewer
Client lease errors and DHCP clues — Illustrative mockup — Progressive Robot

Solution — Alternative Approaches

Enable switch DHCP snooping and block untrusted ports when immediate endpoint access is unavailable.

ipconfig /release
ipconfig /renew

Verification & Acceptance Criteria

Clients consistently receive leases from authorized server and correct option set.

Get-DhcpServerv4Lease -ScopeId 10.10.20.0 | Select IPAddress,HostName,ClientId

Rollback Plan

Revert temporary switch ACLs if they block legitimate relay traffic.

# Restore prior switch configuration backup

Prevention & Hardening

Implement DHCP snooping and periodic rogue DHCP scans in each access domain.

Export-DhcpServer -File C:Tempdhcp-audit.xml

Common with VLAN trunk misconfiguration and duplicate gateway announcements.

Related tutorial: View the step-by-step tutorial for Windows Server 2019.

View all Windows Server 2019 tutorials on the Tutorials Hub →

Browse all common problems & solutions on the Tutorials Hub.

References & Further Reading

Microsoft Learn: DHCP authorization and rogue DHCP prevention methods.

Need Expert Help?

If you cannot resolve this yourself, our team offers hands-on Server Management, Managed IT Services, and flexible Support Plans. Contact us today — we respond within one business day.