locked
DHCP Bad IP Address - scope filling fast and detecting as conflict RRS feed

  • Question


  • Hi

    We have centralized DHCP Server running on Windows 2016 Server in Datacenter. All locations end users IP scopes are configured in this DHCP Server.

    We are facing issue specifically in one scope which is used for Wi Fi Guest Network.

    Guest WiFi DHCP scope is getting filled with repeated request from few clients (not specific to any client) and running out of DHCP scope very soon.

    DHCP Log shows BAD Address entries for all the IPs it is trying to allocate.

    There are no events found with any DHCP errors.

    DHCP Server is  Windows 2016 and Failover configuration is only removed for this scope to isolate the issue.

    All other scopes are working fine and similar issue  (Bad IP address and scope filling with repeated request) is not observed in any other scope.

    Kindly suggest how we can fix this issue. Does this really issue with DHCP Server or Wi Fi Access Points?


    Regards:Mahesh

    Thursday, March 5, 2020 6:44 AM

Answers

  • This is a tough one depending on the size of the environment. As mentioned in my case it was a tiny environment and I simply ask all users if they had plugged anything new into the network anywhere.

    I would suggest you start with something like "Advanced IP Scanner" which is a great freeware utility that quickly scans a network. Look through the results for anything that looks out of place  from a name / manufacturer point of view in the report.

    You mentioned this is on a Wifi network scope only...

    Are you certain the AP is correctly configured to pass DHCP onto your Windows DHCP Server and is not trying to issue addresses itself on behalf of the server? My money is on this last possibility?

    Happy Hunting...

    • Marked as answer by A.Mahesh Friday, March 6, 2020 8:14 AM
    Thursday, March 5, 2020 7:05 PM
  • Hi,

    BAD Address problem is most likely caused by the following reasons:

    1. You have one multihomed DHCP client and one DHCP server. Both network adaptors on the DHCP client and the network adaptor on the DHCP server are connected to the same segment.

    2. There may be two DHCP servers are present on the network and DHCP Duplicate IP Detection is marking the IP address as Bad_Address when the response is "host unreachable"

    3. The router has ARP cache enabled.

    4. The router has the BOOTP relay agent enabled.

    To solve the problem, you can try the following steps:

    1. Make sure you have only one DHCP in the network.

    2. Make sure the DHCP server is not running on a multihomed computer.

    3. Check the router settings.

    4. To resolve this problem, obtain the latest service pack or hotfix. 

    Here is a similar thread discussed before, you could have a look: https://community.spiceworks.com/topic/251943-bad_address-in-windows-2008-dhcp-server

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Hope this can help you, if you have anything unclear, please let me know.

    Have a nice day!

    Allan



    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by A.Mahesh Friday, March 6, 2020 8:12 AM
    Friday, March 6, 2020 6:05 AM
  • Hi

    Thanks for your suggestions, some of you shared similar information which we tried yesterday and went through analysis. This issue is fixed now with below solution.

    After long time, this was a good experience and interesting.

    Solution  : 

    1. From the Wireshark capture observed that DHCP DORA process is getting completed and client is able to get the IP from DHCP Server.
    2. Immediately after client getting the IP, its detecting as duplicate IP and conflict with other device - shows the Mac address.
    3. After verifying the Mac address and more analysis, its found that , every IP allocated from DHCP is getting conflict with Firewall NIC which is used as gateway for specific Subnet.
    4. Once IP allocated from DHCP is in conflict, client decline the DHCP request and hence DHCP Server is marking it as Bad Address in lease details.
    5. This issue has been addressed by moving the DHCP Relay config to Switch instead of Firewall.
    6. Post the changes, IP allocation from DHCP looks fine and client is able to maintain the connectivity without any issue.

    Note : During the troubleshooting process we disabled the DHCP fail-over and made the scope available on one Server only to isolate the perception of DHCP Fail-over or multiple DHCP Servers issue.

    DHCP fail-over is reconfigured after fixing the issue.



    Regards:Mahesh

    • Marked as answer by A.Mahesh Friday, March 6, 2020 8:12 AM
    Friday, March 6, 2020 8:11 AM

All replies

  • Hi,

    In my experience when you see "BAD ADDRESS" entries there is a device in the network / subnet that is trying to issue addresses that is not authorized to.

    The last time I saw this it was at a small business site where a user had a network hub in his office which popped so to tide him over while he bought a new one he plugged in an old ADSL router to use the 4 switch ports as a temporary hub.

    Problem was he left the DHCP feature enabled which was trying to issue addresses on the network.

    As soon as we removed this device the problem was solved. We just deleted the BAD ADDRESS entries and all was fine.

      

    Thursday, March 5, 2020 7:16 AM
  • Hi Durrie,

    Thanks for your reply, we are also suspecting something similar but not able to locate the device which is causing this issue.

    Appreciate if you can help with details to identify such device in network. 

    How did you identified in your scenario ?


    Regards:Mahesh

    Thursday, March 5, 2020 7:30 AM
  • This is a tough one depending on the size of the environment. As mentioned in my case it was a tiny environment and I simply ask all users if they had plugged anything new into the network anywhere.

    I would suggest you start with something like "Advanced IP Scanner" which is a great freeware utility that quickly scans a network. Look through the results for anything that looks out of place  from a name / manufacturer point of view in the report.

    You mentioned this is on a Wifi network scope only...

    Are you certain the AP is correctly configured to pass DHCP onto your Windows DHCP Server and is not trying to issue addresses itself on behalf of the server? My money is on this last possibility?

    Happy Hunting...

    • Marked as answer by A.Mahesh Friday, March 6, 2020 8:14 AM
    Thursday, March 5, 2020 7:05 PM
  • Hi,

    BAD Address problem is most likely caused by the following reasons:

    1. You have one multihomed DHCP client and one DHCP server. Both network adaptors on the DHCP client and the network adaptor on the DHCP server are connected to the same segment.

    2. There may be two DHCP servers are present on the network and DHCP Duplicate IP Detection is marking the IP address as Bad_Address when the response is "host unreachable"

    3. The router has ARP cache enabled.

    4. The router has the BOOTP relay agent enabled.

    To solve the problem, you can try the following steps:

    1. Make sure you have only one DHCP in the network.

    2. Make sure the DHCP server is not running on a multihomed computer.

    3. Check the router settings.

    4. To resolve this problem, obtain the latest service pack or hotfix. 

    Here is a similar thread discussed before, you could have a look: https://community.spiceworks.com/topic/251943-bad_address-in-windows-2008-dhcp-server

    Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Hope this can help you, if you have anything unclear, please let me know.

    Have a nice day!

    Allan



    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Marked as answer by A.Mahesh Friday, March 6, 2020 8:12 AM
    Friday, March 6, 2020 6:05 AM
  • Hi

    Thanks for your suggestions, some of you shared similar information which we tried yesterday and went through analysis. This issue is fixed now with below solution.

    After long time, this was a good experience and interesting.

    Solution  : 

    1. From the Wireshark capture observed that DHCP DORA process is getting completed and client is able to get the IP from DHCP Server.
    2. Immediately after client getting the IP, its detecting as duplicate IP and conflict with other device - shows the Mac address.
    3. After verifying the Mac address and more analysis, its found that , every IP allocated from DHCP is getting conflict with Firewall NIC which is used as gateway for specific Subnet.
    4. Once IP allocated from DHCP is in conflict, client decline the DHCP request and hence DHCP Server is marking it as Bad Address in lease details.
    5. This issue has been addressed by moving the DHCP Relay config to Switch instead of Firewall.
    6. Post the changes, IP allocation from DHCP looks fine and client is able to maintain the connectivity without any issue.

    Note : During the troubleshooting process we disabled the DHCP fail-over and made the scope available on one Server only to isolate the perception of DHCP Fail-over or multiple DHCP Servers issue.

    DHCP fail-over is reconfigured after fixing the issue.



    Regards:Mahesh

    • Marked as answer by A.Mahesh Friday, March 6, 2020 8:12 AM
    Friday, March 6, 2020 8:11 AM
  • Hi,

    Good to hear that you have solved this issue by yourself.

    In addition, thanks for sharing your solution in the forum as it would be helpful to anyone who encounters similar issues.

    If there is anything else we can do for you, please feel free to post in the forum.

    Best Regards,

    Allan


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 9, 2020 9:15 AM