Avatar261
asked on
Clients are being given a DHCPNACK
My XP xlients are getting the following error in event viewer :
Event Type: Error
Event Source: Dhcp
Event Category: None
Event ID: 1002
Date: 15/03/2005
Time: 09:22:30
User: N/A
Computer: TFWS57
Description:
The IP address lease 0.0.0.0 for the Network Card with network address 000D567D3562 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Doing an IPconfig /all i get the follwong on 2 different computers
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domain.techforge.com
Description . . . . . . . . . . . : Broadcom 570x Gigabit Integrated Cotroller
Physical Address. . . . . . . . . : 00-0D-56-7D-35-62
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 172.24.20.31
DNS Servers . . . . . . . . . . . : 172.24.20.31
172.24.20.32
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connect
ion
Physical Address. . . . . . . . . : 00-0D-56-D1-B1-1B
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 255.255.255.255
NOw 172.24.20.31 is the actual DHCP server.
Any help in resolving this is greatly appreciated!
Event Type: Error
Event Source: Dhcp
Event Category: None
Event ID: 1002
Date: 15/03/2005
Time: 09:22:30
User: N/A
Computer: TFWS57
Description:
The IP address lease 0.0.0.0 for the Network Card with network address 000D567D3562 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Doing an IPconfig /all i get the follwong on 2 different computers
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : domain.techforge.com
Description . . . . . . . . . . . : Broadcom 570x Gigabit Integrated Cotroller
Physical Address. . . . . . . . . : 00-0D-56-7D-35-62
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 172.24.20.31
DNS Servers . . . . . . . . . . . : 172.24.20.31
172.24.20.32
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connect
ion
Physical Address. . . . . . . . . : 00-0D-56-D1-B1-1B
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 255.255.255.255
NOw 172.24.20.31 is the actual DHCP server.
Any help in resolving this is greatly appreciated!
ASKER
have a sonicwall 4060 that does lease out IP addresses but on a 192.168.1.x range. i have disabled this but the problem still persists.
upon doing a DHCPLOC i get
dhcploc 172.24.20.83
11:08:51 NACK (IP)0.0.0.0 ***
11:08:51 ACK (IP)172.24.20.167 (S)172.24.20.31 ***
11:08:56 OFFER (IP)172.24.20.167 (S)172.24.20.31 ***
11:08:56 NACK (IP)0.0.0.0 ***
upon doing a DHCPLOC i get
dhcploc 172.24.20.83
11:08:51 NACK (IP)0.0.0.0 ***
11:08:51 ACK (IP)172.24.20.167 (S)172.24.20.31 ***
11:08:56 OFFER (IP)172.24.20.167 (S)172.24.20.31 ***
11:08:56 NACK (IP)0.0.0.0 ***
Considering the IP you get (0.0.0.0) and the error message itself, I'd say the DHCP server is trying to assign your client with an address which is already allocated on the network. Is this address a reserved one in your dhcp server? Is this address supposed to be assigned to a server? What subnet mask are you using in your scope (make sure this address is not the broadcast address)?
For example, if you are using the subnet mask 255.255.255.224, then this address of 172.24.20.31 is the broadcast address for your first subnet ...
Check this and let me know ...
Cheers.
For example, if you are using the subnet mask 255.255.255.224, then this address of 172.24.20.31 is the broadcast address for your first subnet ...
Check this and let me know ...
Cheers.
sounds to me like your dhcp-server is out of IP-Addresses to lease out
Yep ... could be as well. If that's the case, a solution is to configure another scope and group both (the new one and the initial one) in a superscope.
cheers.
cheers.
ASKER
scope has plenty of addresses available, just checked
Have you tried stopping and restarting the DHCP server service?
ASKER
yep, tried that, i thought that would be the issue, however im starting to think there is a rogue server
Recalling my post ...
If you have a static address alocated, say 172.24.20.83 and then you don't exclude that address from the Dhcp pool and the additionally you reserve it for a specific network card, then that network card will never get it!!
Do you have an ICS (INternet Connection Sharing) capabilities active in your network? If you do, deactivate it as it comes with it's own built in dhcp server which might cause some problem.
Cheers.
If you have a static address alocated, say 172.24.20.83 and then you don't exclude that address from the Dhcp pool and the additionally you reserve it for a specific network card, then that network card will never get it!!
Do you have an ICS (INternet Connection Sharing) capabilities active in your network? If you do, deactivate it as it comes with it's own built in dhcp server which might cause some problem.
Cheers.
Looking more carefully ...
dhcploc 172.24.20.83
11:08:51 NACK (IP)0.0.0.0 ***
11:08:51 ACK (IP)172.24.20.167 (S)172.24.20.31 ***
11:08:56 OFFER (IP)172.24.20.167 (S)172.24.20.31 ***
11:08:56 NACK (IP)0.0.0.0 ***
According to this output I'd say 172.24.20.167 is dhcp server. But then ...
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 172.24.20.31
DNS Servers . . . . . . . . . . . : 172.24.20.31
... says the dhcp server is 172.24.20.31 !!!!
So ??? Can u see the problem?
dhcploc 172.24.20.83
11:08:51 NACK (IP)0.0.0.0 ***
11:08:51 ACK (IP)172.24.20.167 (S)172.24.20.31 ***
11:08:56 OFFER (IP)172.24.20.167 (S)172.24.20.31 ***
11:08:56 NACK (IP)0.0.0.0 ***
According to this output I'd say 172.24.20.167 is dhcp server. But then ...
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 0.0.0.0
Subnet Mask . . . . . . . . . . . : 0.0.0.0
Default Gateway . . . . . . . . . :
DHCP Server . . . . . . . . . . . : 172.24.20.31
DNS Servers . . . . . . . . . . . : 172.24.20.31
... says the dhcp server is 172.24.20.31 !!!!
So ??? Can u see the problem?
ASKER
no, it means that a client with the IP address 167 has been offered an address from 31 (which is the DHCP server) however it cannot take the address as it is also being offered one from 0.0.0.0
Sorry bout late reply, only just got in this morning
Sorry bout late reply, only just got in this morning
ASKER
hmmm, think i sorta found the issue.
what happened is we ahve a new SoinicWall 4060. I upgraded the firmware from 2.5 to 3.0 and this in turn seemed to enable o access a rogue DHCP server !?!??!?
however rolling back to the previous version seemed to cure this. However this not really a fix more a workaround.
what happened is we ahve a new SoinicWall 4060. I upgraded the firmware from 2.5 to 3.0 and this in turn seemed to enable o access a rogue DHCP server !?!??!?
however rolling back to the previous version seemed to cure this. However this not really a fix more a workaround.
ASKER
After long winded time with Sonicwall it turns out to be a fulty firmware version. Upon upgrading to their newest version. All is fine now.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
do you have a ROUTER or other network (that isnt a windows server) leasing out DHCP addresses? or do you have a router cloning/spoofing a MAC address?