Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 15612
  • Last Modified:

Clients are being given a DHCPNACK

My XP xlients are getting the following error in event viewer :

Event Type:      Error
Event Source:   Dhcp
Event Category:            None
Event ID:          1002
Date:                15/03/2005
Time:               09:22:30
User:                N/A
Computer:        TFWS57

Description:
The IP address lease 0.0.0.0 for the Network Card with network address 000D567D3562 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Doing an IPconfig /all i get the follwong on 2 different computers

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . : domain.techforge.com
        Description . . . . . . . . . . . : Broadcom 570x Gigabit Integrated Cotroller
        Physical Address. . . . . . . . . : 00-0D-56-7D-35-62
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 0.0.0.0
        Subnet Mask . . . . . . . . . . . : 0.0.0.0
        Default Gateway . . . . . . . . . :
        DHCP Server . . . . . . . . . . . : 172.24.20.31
        DNS Servers . . . . . . . . . . . : 172.24.20.31
                                            172.24.20.32

Ethernet adapter Local Area Connection:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Intel(R) PRO/1000 MT Network Connect
ion
        Physical Address. . . . . . . . . : 00-0D-56-D1-B1-1B
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 0.0.0.0
        Subnet Mask . . . . . . . . . . . : 0.0.0.0
        Default Gateway . . . . . . . . . :
        DHCP Server . . . . . . . . . . . : 255.255.255.255

NOw 172.24.20.31 is the actual DHCP server.

Any help in resolving this is greatly appreciated!

0
Avatar261
Asked:
Avatar261
1 Solution
 
Pete LongTechnical ConsultantCommented:
??????
do you have a ROUTER or other network (that isnt a windows server) leasing out DHCP addresses? or do you have a router cloning/spoofing a MAC address?
0
 
Avatar261Author Commented:
have a sonicwall 4060 that does lease out IP addresses but on a 192.168.1.x range. i have disabled this but the problem still persists.

upon doing a DHCPLOC i get

dhcploc 172.24.20.83
11:08:51     NACK (IP)0.0.0.0         ***
11:08:51      ACK (IP)172.24.20.167   (S)172.24.20.31    ***
11:08:56    OFFER (IP)172.24.20.167   (S)172.24.20.31    ***
11:08:56     NACK (IP)0.0.0.0         ***
0
 
rafael_accCommented:
Considering the IP you get (0.0.0.0) and the error message itself, I'd say the DHCP server is trying to assign your client with an address which is already allocated on the network. Is this address a reserved one in your dhcp server? Is this address supposed to be assigned to a server? What subnet mask are you using in your scope (make sure this address is not the broadcast address)?

For example, if you are using the subnet mask 255.255.255.224, then this address of 172.24.20.31 is the broadcast address for your first subnet ...

Check this and let me know ...


Cheers.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
neteducationCommented:
sounds to me like your dhcp-server is out of IP-Addresses to lease out
0
 
rafael_accCommented:
Yep ... could be as well. If that's the case, a solution is to configure another scope and group both (the new one and the initial one) in a superscope.

cheers.
0
 
Avatar261Author Commented:
scope has plenty of addresses available, just checked
0
 
lrmooreCommented:
Have you tried stopping and restarting the DHCP server service?
0
 
Avatar261Author Commented:
yep, tried that, i thought that would be the issue, however im starting to think there is a rogue server
0
 
rafael_accCommented:
Recalling my post ...
If you have a static address alocated, say 172.24.20.83 and then you don't exclude that address from the Dhcp pool and the additionally you reserve it for a specific network card, then that network card will never get it!!

Do you have an ICS (INternet Connection Sharing) capabilities active in your network? If you do, deactivate it as it comes with it's own built in dhcp server which might cause some problem.

Cheers.
0
 
rafael_accCommented:
Looking more carefully ...

dhcploc 172.24.20.83
11:08:51     NACK (IP)0.0.0.0         ***
11:08:51      ACK (IP)172.24.20.167   (S)172.24.20.31    ***
11:08:56    OFFER (IP)172.24.20.167   (S)172.24.20.31    ***
11:08:56     NACK (IP)0.0.0.0         ***

According to this output I'd say 172.24.20.167 is dhcp server. But then ...

Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 0.0.0.0
        Subnet Mask . . . . . . . . . . . : 0.0.0.0
        Default Gateway . . . . . . . . . :
        DHCP Server . . . . . . . . . . . : 172.24.20.31
        DNS Servers . . . . . . . . . . . : 172.24.20.31

... says the dhcp server is 172.24.20.31 !!!!

So ??? Can u see the problem?
0
 
Avatar261Author Commented:
no, it means that a client with the IP address 167 has been offered an address from 31 (which is the DHCP server) however it cannot take the address as it is also being offered one from 0.0.0.0

Sorry bout late reply, only just got in this morning
0
 
Avatar261Author Commented:
hmmm, think i sorta found the issue.

what happened is we ahve a new SoinicWall 4060. I upgraded the firmware from 2.5 to 3.0 and this in turn seemed to enable o access a rogue DHCP server !?!??!?

however rolling back to the previous version seemed to cure this. However this not really a fix more a workaround.
0
 
Avatar261Author Commented:
After long winded time with Sonicwall it turns out to be a fulty firmware version. Upon upgrading to their newest version. All is fine now.
0
 
PAQ_ManCommented:
PAQed with points refunded (500)

PAQ_Man
Community Support Moderator
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now