Solved

DHCP Hands out wrong IP addresses and wrong default gateway.. WHY?!?!

Posted on 2004-09-02
7
328 Views
Last Modified: 2008-02-01
Hey

We have a Windows 2003 network. Our DHCP server seems to work fine for the computers that are already setup, it can hand out IPs correctly and whatnot. But when someone brings in there laptop for some reason they get assigned an IP address that is out of our lease scope (We give out 10.10.2.1 - 10.10.3.50), for example they would get 10.10.3.230. Also they would get a default gateway of 10.10.3.210 which used to be the IP address of one of our citrix servers.

In DHCP there is a setting for "router" with the proper default gateway in the scope. I have no idea why it is handing this information out.

There is no other DHCP server running.

We also have 2 DNS servers, one of them has an NT4 OS the other has W2K3, one external and one internal.

Please help, this is very innoying.
0
Comment
Question by:andy0789
7 Comments
 
LVL 11

Accepted Solution

by:
NetoMeter Screencasts earned 500 total points
ID: 11963965
Hi!
When you check the result of "ipconfig /all" on one of the laptops which are getting wrong DHCP info what is the IP address of the DHCP server which provided them with IP lease and info?
My guess is that there is a second DHCP server on your network which is providing the new clients (the laptops) with the wrong info.

NetoMeter
0
 
LVL 4

Expert Comment

by:novacopy
ID: 11964133
you should try shutting down the dhcp service and doing a ipconfig /release ipconfig /renew and see if something else provides you with a lease.
0
 
LVL 6

Expert Comment

by:Eric
ID: 11964171
you can use the command "set l" from the command prompt to see what logon server authenticated you.  

try a "ipconfig /release" or "ipconfig /renew" from the command prompt and see if it picks up a new address..

in the DHCP log file does it show that it handed out the wrong IP address to the laptop ?

0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 15

Expert Comment

by:scampgb
ID: 11964788
Hi

I agee with NetoMeter, it's likely to be a rogue DHCP server on your network.

Use "ipconfig /all" to see what server address handed out that IP.  In Win95 or Win98 use "winipcfg"
It might also be worth taking a look at NetScanTools as it has a DHCP server discovery feature - http://www.netscantools.com/nstpro_dhcp.html

DSL/cable routers and wireless access points are common culprits here.

If you find that you do have a rogue DHCP server, hit it with a large hammer :)


If that doesn't help, can you please let us know the following?
What OS is running on the PCs that encounter the problem
Are they all connected into the same hub/switch
Do you have any VLANs?
0
 

Expert Comment

by:EddyGoedegebuure
ID: 11965059
Is there a server or router who is routing dhcp requests (dhcp-helper)?
0
 
LVL 3

Expert Comment

by:prav007
ID: 11971519
Yes I agree with Eddy . Your machines are getting ip addresses from an alternate DHCP server .This server is the real culprit
I have faced this problem. Try to find out the DHCP server's ip address by doing an ipconfig/all . Normally this happens when a
DSL/ADSL modem/router gets into your local area network . DSL/ADSL routers are configured to host the DHCP service .

My best suggestion is if you can trace the DHCP server ip address . try telnetting into it and you may be able to find out the real culprit.

Best Regards,
Praveen
0
 

Author Comment

by:andy0789
ID: 11997706
Yes it was a lone DHCP server so I found its ass and kicked it.

Thank you for all your help!!
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

I've written instructions for one router type, but this principle may be useful for others of the same brand and even other brands of router. Problem: I had an issue especially with mobile devices that refused to use DNS information supplied via…
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now