Clients are being given a DHCPNACK

My XP xlients are getting the following error in event viewer :

Event Type:      Error
Event Source:   Dhcp
Event Category:            None
Event ID:          1002
Date:                15/03/2005
Time:               09:22:30
User:                N/A
Computer:        TFWS57

Description:
The IP address lease 0.0.0.0 for the Network Card with network address 000D567D3562 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Doing an IPconfig /all i get the follwong on 2 different computers

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : domain.techforge.com
        Description . . . . . . . . . . . : Broadcom 570x Gigabit Integrated Cotroller
        Physical Address. . . . . . . . . : 00-0D-56-7D-35-62
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 0.0.0.0
        Subnet Mask . . . . . . . . . . . : 0.0.0.0
        Default Gateway . . . . . . . . . :
        DHCP Server . . . . . . . . . . . : 172.24.20.31
        DNS Servers . . . . . . . . . . . : 172.24.20.31
                                            172.24.20.32

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connect
ion
        Physical Address. . . . . . . . . : 00-0D-56-D1-B1-1B
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 0.0.0.0
        Subnet Mask . . . . . . . . . . . : 0.0.0.0
        Default Gateway . . . . . . . . . :
        DHCP Server . . . . . . . . . . . : 255.255.255.255

NOw 172.24.20.31 is the actual DHCP server.

Any help in resolving this is greatly appreciated!

LVL 2
Avatar261Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Pete LongTechnical ConsultantCommented:
??????
do you have a ROUTER or other network (that isnt a windows server) leasing out DHCP addresses? or do you have a router cloning/spoofing a MAC address?
Avatar261Author Commented:
have a sonicwall 4060 that does lease out IP addresses but on a 192.168.1.x range. i have disabled this but the problem still persists.

upon doing a DHCPLOC i get

dhcploc 172.24.20.83
11:08:51     NACK (IP)0.0.0.0         ***
11:08:51      ACK (IP)172.24.20.167   (S)172.24.20.31    ***
11:08:56    OFFER (IP)172.24.20.167   (S)172.24.20.31    ***
11:08:56     NACK (IP)0.0.0.0         ***
rafael_accCommented:
Considering the IP you get (0.0.0.0) and the error message itself, I'd say the DHCP server is trying to assign your client with an address which is already allocated on the network. Is this address a reserved one in your dhcp server? Is this address supposed to be assigned to a server? What subnet mask are you using in your scope (make sure this address is not the broadcast address)?

For example, if you are using the subnet mask 255.255.255.224, then this address of 172.24.20.31 is the broadcast address for your first subnet ...

Check this and let me know ...


Cheers.
Ensure Business Longevity with As-A-Service

Using the as-a-service approach for your business model allows you to grow your revenue stream with new practice areas, without forcing you to part ways with existing clients just because they don’t fit the mold of your new service offerings.

neteducationCommented:
sounds to me like your dhcp-server is out of IP-Addresses to lease out
rafael_accCommented:
Yep ... could be as well. If that's the case, a solution is to configure another scope and group both (the new one and the initial one) in a superscope.

cheers.
Avatar261Author Commented:
scope has plenty of addresses available, just checked
lrmooreCommented:
Have you tried stopping and restarting the DHCP server service?
Avatar261Author Commented:
yep, tried that, i thought that would be the issue, however im starting to think there is a rogue server
rafael_accCommented:
Recalling my post ...
If you have a static address alocated, say 172.24.20.83 and then you don't exclude that address from the Dhcp pool and the additionally you reserve it for a specific network card, then that network card will never get it!!

Do you have an ICS (INternet Connection Sharing) capabilities active in your network? If you do, deactivate it as it comes with it's own built in dhcp server which might cause some problem.

Cheers.
rafael_accCommented:
Looking more carefully ...

dhcploc 172.24.20.83
11:08:51     NACK (IP)0.0.0.0         ***
11:08:51      ACK (IP)172.24.20.167   (S)172.24.20.31    ***
11:08:56    OFFER (IP)172.24.20.167   (S)172.24.20.31    ***
11:08:56     NACK (IP)0.0.0.0         ***

According to this output I'd say 172.24.20.167 is dhcp server. But then ...

Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 0.0.0.0
        Subnet Mask . . . . . . . . . . . : 0.0.0.0
        Default Gateway . . . . . . . . . :
        DHCP Server . . . . . . . . . . . : 172.24.20.31
        DNS Servers . . . . . . . . . . . : 172.24.20.31

... says the dhcp server is 172.24.20.31 !!!!

So ??? Can u see the problem?
Avatar261Author Commented:
no, it means that a client with the IP address 167 has been offered an address from 31 (which is the DHCP server) however it cannot take the address as it is also being offered one from 0.0.0.0

Sorry bout late reply, only just got in this morning
Avatar261Author Commented:
hmmm, think i sorta found the issue.

what happened is we ahve a new SoinicWall 4060. I upgraded the firmware from 2.5 to 3.0 and this in turn seemed to enable o access a rogue DHCP server !?!??!?

however rolling back to the previous version seemed to cure this. However this not really a fix more a workaround.
Avatar261Author Commented:
After long winded time with Sonicwall it turns out to be a fulty firmware version. Upon upgrading to their newest version. All is fine now.
PAQ_ManCommented:
PAQed with points refunded (500)

PAQ_Man
Community Support Moderator

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.