none
Windows Server 2008 R2 - DHCP Server assigning the same IP address to two clients. Shall we split-scope?

    Question

  • Dear all,

    In the last month we have experienced an issue with our old Windows Server 2003 R2 DHCP server, whereby it would assign IP addresses which it shouldn't to a range of different clients.

    The subnet we are using is 192.168.0.0/16 but the scope itself is configured to start with address 192.168.191.1 and 192.168.195.1.

    When I ran out of ideas, my solution was to migrate all of this over to a newly built Windows Server 2008 R2 DHCP server.

    I am now out of ideas again as unfortunately the problem is reoccurring.

    The symptoms. All of these are very intermittent.

    • DHCP clients with reserved IP addresses (printers) have somehow ended up being issued IP addresses belonging to our print server (192.168.199.24) - Notice how that address isn't even within the scope?
    • DHCP clients are being issued the same IP address as other DHCP clients causing conflicts.
    • We have had printers go offline randomly (separate to the first issue above) and I suspect this to be similarly related.

    Before problems started on the 2003 server, address conflict resolution was set to 0 attempts. As a trial I ran for a week set to 1 attempt. This seemed to alleviate the conflict issue (though not entirely) but, and unfortunately I have no proof of this, printers going offline seemed to be a more regular occurrence. As such, when migrating to 2008 R2, I set the resolution attempts back down to 0.

    It's worth noting that the same DHCP server, now the 2008 R2 one, serves IP addresses without issue to a number of other scopes and it is only the scope mentioned at the beginning which is an issue.

     

    My question is:

    Firstly, what could be causing this issue? Secondly, we would like to build some resiliency into the infrastructure therefore we would very much like to consider split-scope with a second DHCP server on an 80/20 basis. Would any one suggest this as my next move? Does it sound like it may lead to a resolution?

     

    Cheers

    Monday, October 10, 2011 8:19 AM

Answers

  • Hi,

     

    Thanks for posting here.

     

    A workaround to find out this rogue DHCP sever is first verify the “DHCP server” entry in “ipconfig /all” results from DHCP clients that encountering this issue and check the ARP table on client to verify the MAC address of this IP address. After that we can query the ARP table on your central switch to find out the port that this the rogue DHCP sever connects with.

     

    http://technet.microsoft.com/en-us/library/cc754761(WS.10).aspx

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Tiger Li Monday, October 17, 2011 6:25 AM
    Tuesday, October 11, 2011 10:36 AM

All replies

  • Hi there -

    I don't know what is causing the DHCP server to behave this way, however you might consider creating an IP address reservation for each printer using its MAC address.

    Adding a DHCP server and split scopes will provide failover, but I'm not sure whether it will solve this particular issue.

    Thanks -


    James McIllece
    Monday, October 10, 2011 5:19 PM
  • Hi thanks for the response.

    I forgot to mention, all of the printers already DO have IP address reservations. So what makes it even more bizarre is a DHCP client who already has an address reservation, has somehow managed to steal an address from a server which is excluded from the scope where the server it has stolen the address from isn't even a DHCP client itself and the addresses are assigned manually.

    The split-scope needs to be done at some point, but I am just clutching at straws as to whether it would make a difference to this issue or not. I am just out of ideas.

    Monday, October 10, 2011 10:44 PM
  • Hi,

     

    Thanks for posting here.

     

    A workaround to find out this rogue DHCP sever is first verify the “DHCP server” entry in “ipconfig /all” results from DHCP clients that encountering this issue and check the ARP table on client to verify the MAC address of this IP address. After that we can query the ARP table on your central switch to find out the port that this the rogue DHCP sever connects with.

     

    http://technet.microsoft.com/en-us/library/cc754761(WS.10).aspx

     

    Thanks.

     

    Tiger Li


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    • Marked as answer by Tiger Li Monday, October 17, 2011 6:25 AM
    Tuesday, October 11, 2011 10:36 AM