Solved

DHCP RAS connections

Posted on 2004-04-13
6
566 Views
Last Modified: 2008-03-10
Hey now.

I'm getting strange entries in my Win 2000 DHCP Address Leases. I don't have RAS enabled on this machine, and I'm not using routing and remote access.  I am, however using Remote Desktop (but closed on the firewall). But I'm still seeing 3 entries showing RAS instead of a MAC address, 2 have the same machine name and 1 is unique.

I've changed my login name and password last week but still see new leases popping up today.

Can someone please explain to me how this is possible? And what I can do to prevent it?

Thanks in advance for any help.
0
Comment
Question by:chrisfuzy
6 Comments
 
LVL 1

Expert Comment

by:ZakDaddy
ID: 10817959
Are the 3 machine names you mention from within your network, or foreign?

What is the timing of the leases you see showing up mysteriously?  Default lease assignment for Win2k DHCP is 8 days, I'm sure you know that - but if any machine is issued an 8 day lease it will attempt to renew after half the time is expired.  

Sorry to answer a question with more questions, but the more info we have the more people might be able to do with it...
0
 

Author Comment

by:chrisfuzy
ID: 10819014
I believe they're from our network....In other words I've seen them with regular leases before. I have lease expiration set for 7 days, and the leases for those three machines expire one week from today.
0
 
LVL 16

Expert Comment

by:JamesDS
ID: 10820878
chrisfuzy

One of the machines on your network has RAS switched on and the RAS service automatically gets an IP address from the DHCP server when it starts.
To find the culprit.

run from your command line:
NBTSTAT -a <insert target hostname here>

this will return a table which usually contains the username of the person logged on and hence a probable culprit.

Cheers

JamesDS
0
Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

 

Author Comment

by:chrisfuzy
ID: 10822765
Tried it this morning, no luck. Got back "Host not found". I guess that means they're not logged on at the moment, so I'll keep trying throughout the day.

I'm still not clear as to how they can log on using RAS if it's not running on the DHCP machine, though.
0
 
LVL 16

Accepted Solution

by:
JamesDS earned 500 total points
ID: 10822858
chrisfuzy
The RAS service runs on your DHCP client and will simply hunt round the network for a DHCP server. The server itself is irrelevant to RAS - it simply sees whats available and takes an IP for each RAS port.

Try looking in your WINS database for the IP address - you may at least be able to get the username of the last logon

Cheers

JamesDS
0
 
LVL 5

Expert Comment

by:mrfixit22
ID: 10823875
When a client is offered and accepts an IP address a 'lease' is created for x amount of days. To view current leases perform the following:

Start the DHCP MMC snap-in (Start - Programs - Administrative Tools - DHCP)
Expand the server
Expand the scope whose leases you wish to view
Select the 'Address Leases' branch and in the right hand window you will see the current lease details.
It will give details of the IP address, client name and the lease expiration date. Expired leases are also shown for approximately one day but have a dimmed icon. This grace period protects a client lease in the event of the client and server being in different time zones, clocks not synced or simply offline.

A known problem exists with the Windows 2000 DHCP server that causes the server to ignore a lease release request from a client on another subnet because releasing the lease causes the DHCP server to use its own IP address instead of the client's. This problem occurs if you haven't defined a scope for the DHCP server's primary interfaces local subnet. To work around this problem, create a scope for the local subnet (you don't have to activate it).

You can also manually delete the leases. Perform the following steps:

Start the Microsoft Management Console (MMC) DHCP snap-in (Start, Programs, Administrative Tools, DHCP).
Select the Scope that contains the leases to be deleted.
Select the Address Leases container.
Right-click the lease to be deleted and select Delete.
Click OK to the confirmation.

0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The question appears often enough, how do I transfer my data from my old server to the new server while preserving file shares, share permissions, and NTFS permisions.  Here are my tips for handling such a transfer.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question