none
Strange behaviour on DHCP leases.

    Pregunta

  • Hello all,

    in latest days we're noticing a very strange behaviour about DHCP leases, or somehow related.

    In our headquarter there's only one DHCP server, installed almost two months ago on a 2008 R2 server in order to replace the old DHCP server installed on a 2003 machine.

    All the scope options are the same, except for the 006 DNS Servers options that were changed in this way:

    .

    old dhcp server: (let's say) 192.168.10.3 and 192.168.10.7

    new dhcp server: (let's say) 192.168.10.9 and 192.168.10.4

    .

    Every client get the right DNS ip addresses when they're switched on, so until now it's all ok... after some hours some clients, always different so the problem is not about the same clients, are no longer able to connect to network resources and we see that, suddenly, their dns addresses are changed and they're now using the old ones.
    The command ipconfig/all show that the dhcp server is the new one.
    We need to do a ipconfig/renew in order to let the client get the new dns addresses again.
    The old DHCP server has the scopes disabled and the DHCP server service itself is stopped and disabled.
    The 2003 server is still functional as file server.
    A check with wireshark show that the new DHCP server is the only one in our network.
    Any ideas?
    Many thanks in advance.
    Best regards
    Angelo

    jueves, 06 de septiembre de 2012 9:51

Respuestas

  • It shouldn't, unless there's corruption. Just uninstall the DHCP service on that machine if you're not using it any longer.

    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    lunes, 10 de septiembre de 2012 15:18

Todas las respuestas

  • Hi,

    I'm pretty sure there is a rouge DHCP server acting in your network.

    Use Dhcploc.exe: DHCP Server Locator Utility to locate the rouge DHCP server in your network.

    http://technet.microsoft.com/en-us/library/cc759117.aspx


    Regards,
    Rafic

    If you found this post helpful, please give it a "Helpful" vote.
    If it answered your question, remember to mark it as an "Answer".
    This posting is provided "AS IS" with no warranties and confers no rights! Always test ANY suggestion in a test environment before implementing!

    jueves, 06 de septiembre de 2012 13:12
  • Hello Rafic,

    thank you very much for your reply and to have pointed me to that utility.

    I've discovered an ancient dhcp server, the very first one in our network: the service is still running but both the scopes are disabled, so how can this create the problem?

    The only one notification I've seen with dhcploc is a ACK from that server, all others are regarding the new DHCP.

    jueves, 06 de septiembre de 2012 15:04
  • Doing other checks with Dhcploc.exe (launched as "dhcploc 192.168.10.5 192.168.10.9"), today I got messages like these:

    .

    10:54:19 ACK (IP)0.0.0.0  (S)192.168.10.3 ***

    10:54:19 ACK (IP)0.0.0.0  (S)192.168.10.9

    .

    I understand the asterisks, but:

    .

    192.168.10.3 is the very first one dhcp server in our network, the service is running but both the scopes are disabled so why I see it in this list?

    192.168.10.9 is the new dhcp server and I don't understand why an ACK 0.0.0.0 is showed.

    .

    Any ideas?

    .

    Best regards

    Angelo


    • Editado Angelo M. _ sábado, 08 de septiembre de 2012 12:10
    sábado, 08 de septiembre de 2012 12:08
  • Hi Angelo,

    Thank you for the post.

    It should be caused that the DHCP server authorized in AD. Please unauthorized DHCP server or you have to change scope option in old DHCP server.
    http://technet.microsoft.com/en-us/library/cc738731(WS.10).aspx

    If there are more inquiries on this issue, please feel free to let us know.

    Regards,
    Rick Tan
    TechNet Subscriber Support
    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedbackhere.


    Rick Tan

    TechNet Community Support

    lunes, 10 de septiembre de 2012 6:16
    Moderador
  • I concur with Rick. And if you are having trouble unauthorizing it in the console, you can use ADSI Edit (even though it says Windows 2000, it works for all operating system versions).

    After a new DHCP server is authorized, the original DHCP server becomes unauthorized and cannot be authorized again in Windows 2000 Server
    (Article ID: 306925 - Last Review: October 30, 2006 - Revision: 5.1)
    http://support.microsoft.com/kb/306925


    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    lunes, 10 de septiembre de 2012 6:50
  • Hello Rick and Ace,

    I checked and the old server is unauthorized but thank you for the ADSI Edit trick, it helped me in order to delete some old dhcp server that were installed in other sites and then uninstalled before unauthorizing them.

    This let me wonder again how an unauthorized dhcp server, with both scopes disabled, is able to be seen again on the network... now I'll stop definitively the service, but the curiosity is still here.

    Angelo

    lunes, 10 de septiembre de 2012 8:47
  • It shouldn't, unless there's corruption. Just uninstall the DHCP service on that machine if you're not using it any longer.

    Ace Fekay
    MVP, MCT, MCITP/EA, MCTS Windows 2008/R2 & Exchange 2007, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Technical Blogs & Videos: http://www.delawarecountycomputerconsulting.com/

    This post is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn

    lunes, 10 de septiembre de 2012 15:18
  • Very strange indeed, even because ipconfig/all on affected clients show that the dhcp server is the new one, not another one.

    I've uninstalled the service on the very first dhcp server, we'll see if this happen again.

    Angelo

    martes, 11 de septiembre de 2012 7:24