none
DHCP server bad address issue

    Question

  • Hi,

    I'm having an issue with ip address conflict or "bad_address"

    I've checked for rogue dhcp server with wireshark. One issue i'm having is that the mac address of the device getting the bad_address issue on the dhcp server is only 8 characters. There is no such device like that on my network. This would be occuring every other week. Removing it solved the problem, but how do i find the culprit of this problem?

    Thanks.

    Wednesday, June 22, 2011 1:16 AM

Answers

  • I understand what you're seeing. The discussion in that thread I posted indicated a Vista machine that had a "bridged" connection between it's wireless and wired interfaces that caused it. THis falls under the category of "multihomed" DHCP clients.  For example, if a machine has a wireless interface turned on, and it's plugged in to the network, they may both be active trying to get an address, especially if their interfaces are bridged.

    What operating system is the DHCP server? Is the DHCP server multihomed? This will cause it, too.

    Why are some of the addresses in the Address Leases for a given scope are marked as BAD_ADDRESS in the DHCP snap-in?
    Official Microsoft blog, by anto_rocks, 22 Feb 2005 9:48 AM....
    http://blogs.msdn.com/b/anto_rocks/archive/2005/02/22/378008.aspx

    DHCP server gets filled with BAD_ADDRESS
    http://forums.techarena.in/windows-server-help/772954.htm

     

    Multihomed DHCP clients may cause "bad_address" entry on a DHCP Windows 2000 server
    Feb 1, 2007 – A "bad_address" entry may be generated on a DHCP server. This problem may occur when the following conditions are true: You have one ...
    (I know this is for 2000, and it says to get a hotfix, but it has a good explanation of what is happening).
    http://support.microsoft.com/kb/325919

    Bad_address entry on a DHCP Server
    http://www.chicagotech.net/troubleshooting/badaddress.htm

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Saturday, June 25, 2011 4:33 PM

All replies

  • Could it be a wireless handheld, phone, iPad or other tablet, etc?

    Macs with an IPv6 address using DHCP that is brought into the office at those times?

    Is the DHCP server multihomed?

    Here are some links from my notes:

    ======
    Bad_Address

    DHCP Server Conflict Detection algorithm
    http://technet.microsoft.com/en-us/library/cc958918.aspx

    Thread: DHCP bad_address every 12 seconds - Scope exhausted
    Scroll down to "The computer is a Vista Premium laptop with bridged LAN and wireless. IPV6 is installed. If the device is connected to the LAN via the wired port and the wireless is switched off, no problem. If the wireless is subsequently switched on, straight away I see Bad_address entries in DHCP as decribed previously."
    http://www.techrepublic.com/forum/questions/101-229478
    ======

    Ace

     


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Wednesday, June 22, 2011 5:35 AM
  • please check the link too see what i'm talking about....

    http://i17.photobucket.com/albums/b61/dqb3000/MISC/Capture2.jpg

    Friday, June 24, 2011 10:28 PM
  • I understand what you're seeing. The discussion in that thread I posted indicated a Vista machine that had a "bridged" connection between it's wireless and wired interfaces that caused it. THis falls under the category of "multihomed" DHCP clients.  For example, if a machine has a wireless interface turned on, and it's plugged in to the network, they may both be active trying to get an address, especially if their interfaces are bridged.

    What operating system is the DHCP server? Is the DHCP server multihomed? This will cause it, too.

    Why are some of the addresses in the Address Leases for a given scope are marked as BAD_ADDRESS in the DHCP snap-in?
    Official Microsoft blog, by anto_rocks, 22 Feb 2005 9:48 AM....
    http://blogs.msdn.com/b/anto_rocks/archive/2005/02/22/378008.aspx

    DHCP server gets filled with BAD_ADDRESS
    http://forums.techarena.in/windows-server-help/772954.htm

     

    Multihomed DHCP clients may cause "bad_address" entry on a DHCP Windows 2000 server
    Feb 1, 2007 – A "bad_address" entry may be generated on a DHCP server. This problem may occur when the following conditions are true: You have one ...
    (I know this is for 2000, and it says to get a hotfix, but it has a good explanation of what is happening).
    http://support.microsoft.com/kb/325919

    Bad_address entry on a DHCP Server
    http://www.chicagotech.net/troubleshooting/badaddress.htm

    Ace


    Ace Fekay
    MVP, MCT, MCITP EA, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Saturday, June 25, 2011 4:33 PM
  • Ace,

    This issue been raised multiple times and always marked as answer by this reason or other but if you Google with "Windows 7 Bad_Address DHCP" then you will find that this issue is going round and round since 2 years and never was fully resolved. Not even workarounds.

    Usually we admins are forced to remove Win7 machines or giving them static IP rather than wasting our time in Technet forums. Is there really no solution for this problem?

    I am currently facing the same issue with one of my site where only Windows 7 machines are causing the same issue with Windows 2003 Server. While with similar configuration, I am running Windows 2003 DHCP Server successfully with Windows 7 clients at other sites. Its been weeks and had no conclusive resolution.


    Saturday, March 10, 2012 10:51 AM
  • There are multiple reasons that causes a BAD_ADDRESS. I'm sure you've read the two links above. If it's happening at one site and not another, and they are both Windows 2003 DHCP servers, the first thing I would look at is comparing how they're configured, is the DHCP server multihomed, are they authorized in AD, are they both set to force Dynamic Updates or set to default allowing the clients to update, looking at the client machines if they are multihomed (maybe wireless stays active while plugged in), are the clients virtual machines with their MACs spoofed, things like that.

    So I'm not really sure how to help without lots of config info. If the issue is causing productivity concern, then I would urge you to contact Microsoft support to get them involved. Here's their contact if you choose this option:
    http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS 

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Saturday, March 10, 2012 3:53 PM
  • Ace,

    I understand that it might be triggered by a number of reasons and trust me I have gone through the links given by you or others and checked other parameters as well. Matched the configurations at both the places (except the routers/switches of course). I even tried to check the network for rouge DHCP servers as well by dhcploc.exe but no luck. I doubt Firmwares on switch\router but nothing in DHCP logs leading me to that.

    Configuration details are usual Win2k3 SP2 server with simple options and symptoms are just the same as stated by others as well. 

    Bring one Windows 7 machine in network and it will keep on taking address and then rejecting it with BAD_ADDRESS entries in DHCP logs. The unique ID shown in MMC console would be reverse of IP Address in Hex.

    Same symptoms bee repeated multiple times and in multiple forums but no conclusive answer. 

    Definitely, I can open a ticket with Microsoft, but it will remain a question for rest of community that why this issue is not closed since 2 years.



    • Edited by Nitish2309 Saturday, March 10, 2012 4:21 PM
    Saturday, March 10, 2012 4:20 PM
  • I haven't been able to reproduce it in my lab, probably because the way I have DHCP setup or the client setup to turn off wireless when plugged in. I believe it still indicates that something on the client side is causing it, if not the server (is the DHCP server multihomed?). If not the wireless turned on, maybe there's an active VPN connection on the client? So there's lots of questions, and many depend on the DHCP config (forcing or not forcing DHCP to register, DHCP credentials, etc), owner on the BAD records, the client config, ipconfigs from the client and DHCP, etc, etc.

    .

    Instead of posting all your config data from both of your sites or customers, all in all, it may be easier to contact Microosft. And if you do contact Microsoft, if you can, it would really benefit others if you post the solution Microsoft Support gives you. Then it would more than likely "close" the question for others with your same scenario.

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Saturday, March 10, 2012 5:09 PM
  • OK Will do that. Though would like to mention that its happening with even new machines with only ONE ethernet card, disabled wireless and no VPN. I have unauthorize and then re-Authorize DHCP as well, credentials are fine, DHCP DB is consistent, the server has only one Ethernet card active means not MultiHomed..

    Would like to again mention that NO Issue with Windows XP  machines.

    • Edited by Nitish2309 Saturday, March 10, 2012 5:34 PM
    Saturday, March 10, 2012 5:30 PM
  • What confuses me, is that it works fine at one site with all of your Windows 7 machines, but not the other. So something up with the DHCP Server? As I asked before, is it multihomed? If RRAS is installe on it, that constitutes multihoming, too.

    .

    OTH, Windows 7/Vista's DHCP Lease behavior is a bit different than XP. And keep in mind, we can't discount server side issues, yet, or we can look at this as a combo of the facts. In addition, if anything is on a VLAN, then that's another layer of "something" else that we need to look at.

    .

    Anyway, here are my notes on Windwos 7/Vista DHCP lease behavior differences:

    Windows 7 DHCP Lease Behavior is different than Windows XP upon startup

    DHCP Client Behavior
    http://blogs.technet.com/b/networking/archive/2009/01/29/dhcp-client-behavior.aspx

    If the DHCP client obtained a lease from a DHCP server on a previous occasion, and the lease is still valid (not expired) at system startup, the client tries to renew its lease. 

    If, during the renewal attempt, the client fails to locate any DHCP server, it attempts to ping the default gateway listed in the lease, and proceeds in one of the following ways:

    •If the ping is successful, the DHCP client assumes that it is still located on the same network where it obtained its current lease, and continues to use the lease as long as the lease is still valid.  By default the client then attempts, in the background, to renew its lease when 50 percent of its assigned lease time has expired.
    •If the ping fails, the DHCP client assumes that it has been moved to a network where a DHCP server is not available.  The client then auto-configures its IP address by using the settings on the Alternate Configuration tab.  When the client is auto-configured, it attempts to locate a DHCP server and obtain a lease.

    As a workaround, you can force a Windows Vista or Windows 7 DHCP client to keep the old DHCP lease by adding registry key “DontPingGateway” if connectivity fails, see the resolution in the KB article below:

    Windows Vista does not keep its DHCP IP address if a DHCP server is not available (works for Windows 7, too):
    http://support.microsoft.com/kb/958336

    .


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Saturday, March 10, 2012 5:35 PM
  • I can try the same but the case is not of loosing the IP when rebooted, but it doesn't hold an ip for more than 2 seconds (shown in logs as well). Anyway, have planned for replacing the server with other by monday as its critical. If that also doesn't resolves then will be forced to use Linux based DHCP. 
    Saturday, March 10, 2012 5:38 PM
  • Nitish - any update on your issue?  We just started experiencing the same problem last week. (3/22)  We have been through DHCP and DNS with a fine toothed comb.  We can watch the DHCP server send an offer and then the client Nacks.  We thought it was the Arp table on the core switch, so we rebooted it, then we upgraded the code and the problem continues. 

    The infrastructure is Win 2008 R2, no SPs and about 2100 mixed XP, Win7, IOS clients, and Avaya switches.

    Ace - thanks for your blog articles, very good stuff!

    Tom

    Tuesday, March 27, 2012 1:05 PM
  • @Nitish, I don't think blaming Microsoft DHCP for this is a resolution. You have to find why it's occuring. From past experience, it's usually at the switch or some sort of devices, such as a wireless AP. I would contact the hardware vendor for their insight on it.

    @TatPion - Let us know what you find if you contact your vendor.

    Thanks!


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    Tuesday, March 27, 2012 3:49 PM
  • when you see this issue look at the dhcp log there will be the name and mac address of the culprid.

    if the issue is that same day stop the dhcp server for a while open the log or copy it and start the service again

    Monday, January 13, 2014 9:32 PM