none
DHCP Server Generating BAD Address RRS feed

  • Question

  • Dear Team,

    Problem Statement: I've configured a DHCP server and the server is functioning normally, but the server has lot of BAD_ADDRESS Generating and the scope is getting filled very fast within few hours.

    Troubleshooting Done as of Now: 

    Changed Conflict detection on Server to 1. 

    Important Observation: The MAC address of the BAD ADDRESS is actually 8 bits(51e6a8c0).

    Any quick help on this would be really helpful as it's hitting production.

    Thanks

    Shashi Kumar G 

    Monday, March 14, 2016 9:18 AM

Answers

  • Hi Shashi,

    >>Infact i tried this on both windows server 2008 R2 and windows 7. but i was able to go through and create Deny/Allow filter and tried to move that BAD address but strange thing is it's a 8 BIT mac and getting error "the parameter is incorrect".

    According your description,you are using win2008r2 as a DHCP server,there are multiple reasons that causes a BAD_ADDRESS.:

    1.Could it be a wireless handheld, phone, iPad or other tablet, etc?

    2.Could it be a laptop with bridged LAN and wireless?

    3.Is the DHCP server multihomed?

    4.Is there a client multihomed?

    5.Look at your switches.  Is someone plugged a network cable into two drops that spanned across two switches creating a loop?

    6.Check your network devices,sometimes it is occurred by hardware.

    7.Try delete the scope and rebuild it on DHCP. 

    Here are some links for your reference:

    DHCP Server Conflict Detection algorithm
    http://technet.microsoft.com/en-us/library/cc958918.aspx

    Why are some of the addresses in the Address Leases for a given scope are marked as BAD_ADDRESS in the DHCP snap-in?
    http://blogs.msdn.com/b/anto_rocks/archive/2005/02/22/378008.aspx

    DHCP server gets filled with BAD_ADDRESS
    http://forums.techarena.in/windows-server-help/772954.htm


      Best Regards,

    Cartman

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, March 15, 2016 1:40 AM
  • Hi Shen,

    Thanks for your comments, in-fact i followed each and every step you had written and finally was able to trace the actual issue.

    Troubleshooting done after your steps.

    1. Moved back and configured the DHCP server from Server to on Firewall. Even on firewall the lease was getting full within hours and network admin had to literally clear the lease everytime. 

    2. Then again moved back from Firewall to DHCP. But observed one strange issue.

       

      192.168.231.77        1a-5b-0e-54-eb-4e     dynamic

      192.168.231.78        1a-5b-0e-54-eb-4e     dynamic

      192.168.231.80        1a-5b-0e-54-eb-4e     dynamic

      192.168.231.81        1a-5b-0e-54-eb-4e     dynamic

      192.168.231.84        1a-5b-0e-54-eb-4e     dynamic

      192.168.231.87        1a-5b-0e-54-eb-4e     dynamic

      192.168.231.94        1a-5b-0e-54-eb-4e     dynamic

      192.168.231.95        1a-5b-0e-54-eb-4e     dynamic

      192.168.231.97        b0-83-fe-81-72-3b     dynamic

      192.168.231.98        1a-5b-0e-54-eb-4e     dynamic

    3. One of the MAC address was holding lot of IP's and the next thing i did was to find out this machine. 

    4. In in Fortinet Firewall i was able to find this MAC address and this was actually one of the wireless Access points from OEM - Fortigate. 

    5. The next thing we tried removing the AP from Network and the BAD_ADDRESS didn't occur but when again made up the BAD-ADDRESS started appearing agian.

    6. Upgraded the IOS of the AP and then brought back to network and the issue was resolved.

    But the worst part was i had to go through with this issue close to a week to find an actual solution. But Great to hear responses from Technet.

    It was really helpful in narrowing down the issue.

    Thanks

    Shashi Kumar G 

    • Marked as answer by shashikg Monday, March 28, 2016 9:51 AM
    Monday, March 28, 2016 9:51 AM

All replies

  • Dear All,

    I've configured a DHCP server on one of the Servers. The DHCP server is working pretty fine but have a major issue like in the leases the Server is generating lot of "BAD_ADDRESS" which is making the DHCP address as full.

    IMP: The strange thing is the MAC of the machine where bad address is actually 8 Bits (51e6a8c0). 

    Things Done: Tried changing conflict detection as 1 on the DHCP server. Checked with Netscanner for any finding the mac address but in vain i'm unable to find the issue exactly.

    Any suggestions on this would be of great help as the scope is getting filled up within few minutes and this is hitting very badly.

    Thanks

    Shashi Kumar G

    • Moved by Mahdi Tehrani Monday, March 14, 2016 10:51 AM
    • Merged by Hello_2018 Tuesday, March 15, 2016 3:22 AM duplicate
    Monday, March 14, 2016 9:14 AM
  • Hi

     Anything in the event log on the dhcp server?Also you can check with "dhcp events tool",

    https://blogs.technet.microsoft.com/teamdhcp/2009/03/20/dhcp-server-events-tool/


    This posting is provided AS IS with no warranties or guarantees,and confers no rights. Best regards Burak Uğur

    Monday, March 14, 2016 9:50 AM
  • Hey Ugur,

    I've gone through the DHCP logs but except 

    1063: there are no IP addrs available for lease in the scope or superscope"USER LAN" nothing is coming up.

    The DHCP server events tool i was not able to install with some ErrorLevel = -1.

    Infact i tried this on both windows server 2008 R2 and windows 7. but i was able to go through and create Deny/Allow filter and tried to move that BAD address but strange thing is it's a 8 BIT mac and getting error "the parameter is incorrect".

    but the regular MAC address i'm able to add into allow\deny group.

    Please revert back if you have any other solutions as this is very critical for me and the frequency at which it is generating is high and making my DHCP scope full.

    Thanks

    Shashi Kumar G

    Monday, March 14, 2016 1:18 PM
  • Hi Shashi,

    >>Infact i tried this on both windows server 2008 R2 and windows 7. but i was able to go through and create Deny/Allow filter and tried to move that BAD address but strange thing is it's a 8 BIT mac and getting error "the parameter is incorrect".

    According your description,you are using win2008r2 as a DHCP server,there are multiple reasons that causes a BAD_ADDRESS.:

    1.Could it be a wireless handheld, phone, iPad or other tablet, etc?

    2.Could it be a laptop with bridged LAN and wireless?

    3.Is the DHCP server multihomed?

    4.Is there a client multihomed?

    5.Look at your switches.  Is someone plugged a network cable into two drops that spanned across two switches creating a loop?

    6.Check your network devices,sometimes it is occurred by hardware.

    7.Try delete the scope and rebuild it on DHCP. 

    Here are some links for your reference:

    DHCP Server Conflict Detection algorithm
    http://technet.microsoft.com/en-us/library/cc958918.aspx

    Why are some of the addresses in the Address Leases for a given scope are marked as BAD_ADDRESS in the DHCP snap-in?
    http://blogs.msdn.com/b/anto_rocks/archive/2005/02/22/378008.aspx

    DHCP server gets filled with BAD_ADDRESS
    http://forums.techarena.in/windows-server-help/772954.htm


      Best Regards,

    Cartman

    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Tuesday, March 15, 2016 1:40 AM
  • Hi Shen,

    Thanks for your comments, in-fact i followed each and every step you had written and finally was able to trace the actual issue.

    Troubleshooting done after your steps.

    1. Moved back and configured the DHCP server from Server to on Firewall. Even on firewall the lease was getting full within hours and network admin had to literally clear the lease everytime. 

    2. Then again moved back from Firewall to DHCP. But observed one strange issue.

       

      192.168.231.77        1a-5b-0e-54-eb-4e     dynamic

      192.168.231.78        1a-5b-0e-54-eb-4e     dynamic

      192.168.231.80        1a-5b-0e-54-eb-4e     dynamic

      192.168.231.81        1a-5b-0e-54-eb-4e     dynamic

      192.168.231.84        1a-5b-0e-54-eb-4e     dynamic

      192.168.231.87        1a-5b-0e-54-eb-4e     dynamic

      192.168.231.94        1a-5b-0e-54-eb-4e     dynamic

      192.168.231.95        1a-5b-0e-54-eb-4e     dynamic

      192.168.231.97        b0-83-fe-81-72-3b     dynamic

      192.168.231.98        1a-5b-0e-54-eb-4e     dynamic

    3. One of the MAC address was holding lot of IP's and the next thing i did was to find out this machine. 

    4. In in Fortinet Firewall i was able to find this MAC address and this was actually one of the wireless Access points from OEM - Fortigate. 

    5. The next thing we tried removing the AP from Network and the BAD_ADDRESS didn't occur but when again made up the BAD-ADDRESS started appearing agian.

    6. Upgraded the IOS of the AP and then brought back to network and the issue was resolved.

    But the worst part was i had to go through with this issue close to a week to find an actual solution. But Great to hear responses from Technet.

    It was really helpful in narrowing down the issue.

    Thanks

    Shashi Kumar G 

    • Marked as answer by shashikg Monday, March 28, 2016 9:51 AM
    Monday, March 28, 2016 9:51 AM
  • The 8 digit MAC is the reverse HEX of the IP Address: 192.168.230.81

    192 = c0

    168 = a8

    230 = e6

    51 = 81

    You said the issue was a device requesting too many IP Addresses. But how you were getting the 8 digit mac?

    Thursday, October 27, 2016 5:38 PM
  • IS here IPV6 and IPV4 both enabled and how is the reservation pool given.

    I hope there should some malware running in some PC, which is continuously loading all these IP's


    swapna

    Thursday, October 27, 2016 5:47 PM
  • I've just started getting this after a Microsoft Update Tuesday (3/13/2018) where only certain addresses are bad. This did not occur previous to the update. The invalid MAC address is just the reverse of the address that is giving me a BAD ADDRESS indication, as you relate. However the error is "This address is already in use." However, it isn't in use, and the error is invalid. The bad address is valid and in the proper scope for each Windows Server 2012 in question. I suspect this is a bug introduced in the update... As an example: 

    MAC IP Address
    0301090A 10.1.9.3
    1F09010A 10.1.9.31
    3303010A 10.1.3.51
    5802010A 10.1.2.88
    9902010A 10.1.2.153
    A202010A 10.1.2.162
    E302010A 10.1.2.227

    • Edited by Rez-IT Wednesday, March 21, 2018 7:05 PM Formatting
    Wednesday, March 21, 2018 7:04 PM
  • I know this is resolved, but every time i have had these "Bad Address" Issues, it has always been caused by some device on the network registering a duplicate address.. Be it someone added a home computer with a static address onto the network, someone added a firewall, or switch to the network that had a static management port of a DHCP address, or someone used a DHCP address and not an address out of the Scope to make a static address.. 

    Going forward, you can also go into your managed switches and have it display the mac address details and IP address details, and it should indicate what wall port your duplication is caused by.. 

    Also, 

    while it took a week.. at least now you will know in the future what to exactly look out for.. 


    Rob

    Wednesday, March 21, 2018 7:11 PM
  • just hit this exact issue with 2 clients so far.

    Randomly getting dozens of BAD IPS in DHCP with MAC being the hex version of 192...

    one a windows 2012r2 and the other a 2016

    Monday, September 9, 2019 5:58 PM