Limited Or No Connectivity Message...

I'm having the strangest DHCP problem and it's driving me mad!!

I have two domains located on the same network segment.

Domain1 is an NT 4.0 domain - let's call the domain ABC.
Domain2 is a Windows Server 2003 domain - let's call it abc123.local.

There is a two-way trust between the domains.

Each domain now has a DHCP server. The DHCP server in domain ABC serves a scope of 10.1.4.x while the DHCP server in domain abc123.local serves the scope 10.1.8.x.

The NT domain, ABC, is really the domain with active users. I'm in the middle of a domain migration project and I'm still just testing things on the Windows Server 2003 domain.

Users logging into the NT domain may get either a 10.1.4.x or a 10.1.8.x IP address depending on which DHCP server responds first.

The problem is this:

I'm testing 2 computers on the Windows Server 2003 domain. When I boot these computers, they both will USUALLY come up with an APIPA address (with Limited Or No Connectivity shown in the icon tray). Usually, but not always. Sometimes they get a 10.1.8.x IP address as I would expect.

Maybe 80% of the time, they boot with an APIPA address. If I run a packet trace on these machines while in this state, I see DHCP Discover packets going out at about 5 minute intervals (this is how DHCP should behave) but I see no other DHCP packets (no Offer, Request, ACK packets). All of this leads me to believe that the computer cannot find a DHCP server. That would make sense except for the fact that after a few reboots it generally DOES find a DHCP server and it gets an IP address.

The network setup is very simple. Cabling runs from each office into a patch panel in the server room and then into a series of Bay Networks switches. The cabling from the servers runs directly into the same switches.

I cannot seem to find anything that sheds light on this subject. Anyone with insight into this problem will have my eternal gratitude!!

Thanks.
pfcvtAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
NJComputerNetworksConnect With a Mentor Commented:
Some comments:


The scopes do not overlap. Here's the configuration for both:  (Good...no duplicate IP hand outs then)

NT Domain Name: ABC

DHCP Server Config:
Begin Scope: 10.1.4.1
End Scope: 10.1.4.254
Subnet Mask: 255.255.0.0
Router: 10.1.1.1
DNS Servers: 10.1.1.5, 10.1.10.3, 216.204.0.x, 216.204.1xx.x  <-- these are find for NT..but your 2K3 members might get address from this scope.  Because of this, they should ONLY be pointed to Windows 2003 DNS servers...no other setting should be shown here.  You need to migrate your DNS to Windows 2003...and make sure all windows 2003 domain clients are pointed to just the Windows 2003 DNS server....not to ISP or WinNT DNS.
Domain Name: abc123.com  <-- this should be abc123.local for Windows 2003 domain clients.  Because you have a flat network, there is not way to tell a client from what DHCP server it gets an IP address.  because of this, you should make this settings abc123.local)
WINS/NBT: 10.1.1.3
WINS/NBT Node Type: 0x8

Windows Server 2003 Domain Name: abc123.local

DHCP Server Config:
Begin Scope: 10.1.8.1
End Scope: 10.1.8.254
Subnet Mask: 255.255.0.0
Router: 10.1.1.1
DNS Servers: 10.1.10.3
Domain Name: abc123.local
WINS/NBT: 10.1.1.3
WINS/NBT Node Type: 0x8

A few explanations:
10.1.1.5 is the DNS server on our NT domain
10.1.10.3 is the DNS server on our Win 2K3 domain
The two 216.x.x.x DNS servers belong to our ISP


1) I would point your whole environment to Windows 2003 DNS.  Configure forwarding (right click the DNS server in the DNS console and choose properties from the drop down box.  Click the forwarders tab and enter 216.x.x.x addresses for your ISP DNs server here...  this will enable DNs forwarding)

2) I would have the same scope options for all DHCP servers.  but don't overlap DHCP scopes..(which your not already)

0
 
BareMetalCommented:
I know in a Cisco network, you have to configure an "IP Helper" on the router to tell that subnet where to get the DHCP address from. You probably have something similar on that Bay Networks network that you need to configure for that subnet.
0
 
pfcvtAuthor Commented:
I should add that our NT domain works with no DHCP problems.

It's only the PCs that are trying to connect to the Windows Server 2003 domain that have this problem. Of course, the fact that it doesn't happen all of the time is making it very difficult to solve.

Sometimes (maybe ~20% of the time) when I boot these PCs they boot up and connect to the DHCP server and receive their IP address with no problem.

The second DHCP is a new addition to the network. I added it at the suggestion of someone else in an attempt to solve this problem.

Thanks.



0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
BareMetalCommented:
How are the two networks seperated? (NT & 2003)
0
 
pfcvtAuthor Commented:
They're really not. Only in domain name.

They're on the same cabling with no router between them.

All of the servers (NT and Win 2K3) plug into ports on a stack of Bay Networks Switches (5 of them).
All of the client PCs plug into ports on the same Bay stack.

There is a two-way trust between the 2 networks.

Thanks.

0
 
TheCleanerCommented:
1.  Is your DHCP server in 2003 "authorized"?

2.  For DHCP to hand out based on subnets like that, VLANs/subnetting have to be setup so that the DHCP server(s) know that a DHCP request is coming from that particular VLAN/subnet.

3.  Are there event log entries on the client computer and DHCP server that may help?

4.  Are the PCs XP pro?  I've heard of issues before with them trying to get IP addresses from an NT4 DHCP server.  If that is the DHCP server that responds first that could be the problem.  You can test this by preventing your test workstation from being able to see the NT4 box somehow...then boot and see if it gets a DHCP address from the 2003 box.  One quick way to "test" is to put the test computer and 2003 server on a single little switch and see what happens.
0
 
BareMetalCommented:
Typically you would seperate DHCP servers from clients by subnetting them. You can create a VLAN for each domain group and then assign the proper DHCP settings to that client group by that VLAN.

You will need WINS settings for the NT 4.0 group and the Windows Server 2003 domain DNS settings for the 2003 domain group.

If you do not want to seperate them, I would recommend using a common DNS and WINS envinroment and a single DHCP server for both clients. Having two DHCP servers on the same subnet has been known to cause problems.

Here are some Microsoft DHCP Best Practicies: http://technet2.microsoft.com/WindowsServer/en/Library/75cd0e1f-f464-40ea-ac88-2060e6769f331033.mspx
0
 
pfcvtAuthor Commented:
Thanks for your reply.

1. The 2003 DHCP server is authorized. I don't think it would hand out any IP addresses otherwise.

2. To be honest, I have not tried to be specific as to who gets their IP address from which scope. In other words, I have a total of about 70 users. All of them log on to the NT domain. The Win 2K3 domain is for testing only right now. I have two laptops that I've been using to test that domain.

At this point, I have about 8 of the NT users and both Win 2K3 domain users who have been getting their IP address (10.1.8.x) from the Win 2K3 DHCP server. Everyone else gets a 10.1.4.x from my NT DHCP server.

My servers all have static 10.1.1.x IP addresses.

I've experienced no previous problems with this setup (subnet mask is 255.255.0.0).

3. I've seen nothing in the event logs on either DHCP server that would indicate a problem. On one of the laptops, I found a few messages indicating

"Your computer was not able to renew its address from the network (from the DHCP server) for the network card 0000865Be... The following error occurred:
The semaphore timeout period has expired.

In looking into this message, I've seen reference to Port Spanning. It reminded that I had enable Port Mirroring on this wall jack. I've just disabled it and I'll do some more testing. I may have to wait overnight to get a true test.

4. The PCs are both XP Pro. Al of my PCs are running XP Pro including those that log into the NT domain and they've never had a problem getting an IP address from my old NT DHCP server.

I'm hoping that the Port Mirroring issue may be the answer. I have tested one of the machines in a different network wall jack but maybe not conclusively.

I'll let you know the result.
Thanks.


0
 
NJComputerNetworksCommented:
At this point, I have about 8 of the NT users and both Win 2K3 domain users who have been getting their IP address (10.1.8.x) from the Win 2K3 DHCP server. Everyone else gets a 10.1.4.x from my NT DHCP server.

My servers all have static 10.1.1.x IP addresses.

I've experienced no previous problems with this setup (subnet mask is 255.255.0.0).



Note:  I didn't read this very carefully...

It seems to me that you have two DHCP servers handing out addresses for the same network subnet.

10.10.1.x, 10.1.8.x, 10.1.4.x are all considered the same network subnet because you are using a 255.255.0.0.  This would mean that your scope option on each DHCP server is the same.  Each DCHP server would have to handing out the same Defualt GATEWAY.

If this is true, that I think you may have a problem...  This is because Windows 2003 AD requires DNS to be pointed to the Windows 2003 DNS server.  NT 4.0 domains don't have this requirement...they primariliy use WINS.

In any case, I would suggest migrating your entire DHCP scheme to Windows 2003.  Make sure that the options point all clients to use the DNS server of the Windwos 2003 DC.
0
 
pfcvtAuthor Commented:
Just a quick reiteration, the second DHCP server was added last week in an attempt to solve the general problem.

Previously, I had only 1 DHCP server. It is on my NT domain and is configured to give out 10.1.4.x addresses (and, yes, also a WINS server). The 2 laptops connecting to the Win 2K3 domain were not always getting an IP address (from the NT domain DHCP server, our only one at this point). An ipconfig /renew would just time out, unable to connect to a DHCP server.

A packet trace showed that in these instances, the laptops were sending out DHCP Discover messages (over and over, as they should) but never getting any response from the DHCP server. Keep in mind that this didn't happen all of the time. Sometimes it worked perfectly, they received their 10.1.4.x IP addresses just as they should and all was well with the world.

It was suggested that perhaps I should add a DHCP server to my Win 2K3 domain as well. Perhaps that would solve the problem of communicating with a DHCP server. I set this 2nd DHCP server up to give out a scope of 10.1.8.x, 255.255.0.0 and default gateway of 10.1.1.1 (subnet and Def Gateway are the same as our other DHCP server).

As you see, it did not solve the problem. No change.

What is most puzzling is that sometimes it would work and sometimes it wouldn't.

Thanks!
0
 
TheCleanerCommented:
Were the DHCP servers actually receiving the DHCPDiscover packets?  You mentioned the laptops are sending them out, but nothing about the server side.


(I'd ask why you are testing in a "live" network environment, but that's your call)
0
 
NJComputerNetworksCommented:
"I set this 2nd DHCP server up to give out a scope of 10.1.8.x, 255.255.0.0 and default gateway of 10.1.1.1 (subnet and Def Gateway are the same as our other DHCP server). "

Do you have overlapping scopes?  What are the scope ranges.  Because you are using the same gateway on both DHCP servers, it is obvious that you are one flat network.  You should only use multiple DHCP servers if you verify that your scopes do not overlap.  

I would switch everything to use Windows 2003 DHCP.  Windows 2003 domain members must be pointed to the internal windows 2003 DNS in the clients TCP/IP properties.  So, make sure this happens through DHCP...

Although, I don't think this is the root issue in your environment.   do you have any event viewer errors on the clients?
0
 
pfcvtAuthor Commented:
The scopes do not overlap. Here's the configuration for both:

NT Domain Name: ABC

DHCP Server Config:
Begin Scope: 10.1.4.1
End Scope: 10.1.4.254
Subnet Mask: 255.255.0.0
Router: 10.1.1.1
DNS Servers: 10.1.1.5, 10.1.10.3, 216.204.0.x, 216.204.1xx.x
Domain Name: abc123.com
WINS/NBT: 10.1.1.3
WINS/NBT Node Type: 0x8

Windows Server 2003 Domain Name: abc123.local

DHCP Server Config:
Begin Scope: 10.1.8.1
End Scope: 10.1.8.254
Subnet Mask: 255.255.0.0
Router: 10.1.1.1
DNS Servers: 10.1.10.3
Domain Name: abc123.local
WINS/NBT: 10.1.1.3
WINS/NBT Node Type: 0x8

A few explanations:
10.1.1.5 is the DNS server on our NT domain
10.1.10.3 is the DNS server on our Win 2K3 domain
The two 216.x.x.x DNS servers belong to our ISP

Thanks! I can't tell you how much I appreciate your assistance on this problem.
0
 
pfcvtAuthor Commented:
To The Cleaner:

I don't know if the DHCP Discover packets were being received by the servers. I did not have a trace running on them. I would have guessed that the answer would be "no" because there was never a DHCP Offer (or any other response).

As for testing on a "live network", it's live but, in a sense, not really. I feel that the two domains are segregated enough so as not to cause any problems. Of course, I may be wrong about that, but to this point, I've had no issues.

I chose this method of two "parallel domains" over the standard method of migration to Win 2K3. I felt that the standard method (demote the PDC and upgrade it, etc...) carried more risk. I had 3 new, unused servers on hand, so I thought it best to use them to set up a Win 2K3 domain, test it, and then just migrate users, printers, files and services over from the NT domain.

It seems that there's less risk and more room for experimentation on the Win 2K3 domain this way. For instance, if I was having this DHCP problem in a "live" environment it would be a serious nightmare. As it is, I'm only having the trouble with my 2 test laptops in the Win 2K3 domain. My NT users are humming along with no knowledge of the problem.

Thanks.
0
 
TheCleanerConnect With a Mentor Commented:
Well, with the old Bay switches, I'll assume they are layer 2 so subnetting them out won't work.

Again, any event log entries on the laptops or servers may help.

Here's another thought.  If you don't care which server is handing out the DHCP addressing at the moment, why not just disable the DHCP server on the 2003 box and see if the laptops are then able to get an address on the .4 network?
0
 
pfcvtAuthor Commented:
That's how I started out.

The .4 network DHCP server was the only one until last week. It was configured this way when the problem began. I only added the second .8 DHCP server last week in an attempt to solve the problem.

As I proceed with my domain migration, I will eventually decommision the old .4 DHCP though and only use the new one on the Win 2K3 server.

Thanks.



0
 
pfcvtAuthor Commented:
Sorry for the confusion.

My last comment "That's how I started out" was in response to "The Cleaner"...
0
 
pfcvtAuthor Commented:
NJComputerNetworks:

That makes sense and it's certainly where I'm headed as I proceed with the migration.

Are you then suggesting that I disable the NT DHCP server and, I would guess, by intimation, my NT DNS server and just work with the Win 2K3 DNS server, the Win 2K3 DHCP server and my NT WINS server?

There is a two-way trust between the domains so I would expect that this would work?

0
 
NJComputerNetworksCommented:
Note with regards to your domain upgrade method:

I would pick a domain upgrade option if I were you...

1) add a new desktop swing server to your environment.  Add Windows NT 4.0 BDC OS and make this a BDC of the current domain
2) Install a new Windows 2003 server on new hardware (this will become your new Windows 2003 DC in the future)
3) Make the new desktop swing BDC server a PDC using Server Manager.
4) Insert the Windows 2003 media into the dekstop swing server and upgrade this server to Windows 2003.  Pick the new domain FQDN name and all DNS to be installed locally on this server.
5) after this completes... edit the TCP/IP settings of the new hardware Windows 2003 server to point DNS to the desktop swing server.  After this is done, run DCPROMO on the Windows 2003 server.  This will make the new server become a domain controller.
6) Make this new server a global catalog server: http://technet2.microsoft.com/WindowsServer/en/Library/7b1c3e1c-ef32-4b8e-b4c4-e73910575f611033.mspx
7) transfer all of the FSMO roles to the new Windows 2003 DC running on new hardware:  http://support.microsoft.com/kb/255690
8) Install the DNS service on the new Windows 2003 server running on server class hardware.  Wait for AD replication to occur...the DNS database is held in AD by defualt.  Once you can verify the DNS has replicated, you can move onto the next step.
9) Run DCPROMO on the swing desktop Windows 2003 DC.  Choose to remove the domain controller role from this server.
10) After the desktop swing server reboots, you can drop this server to a workgroup.
11) go into AD Users and computers and remove the desktop swing server computer account (right click and delete) if you have some trouble removing the DC from the domain, remove it manually by looking at this document: http://www.petri.co.il/delete_failed_dcs_from_ad.htm

Now you can point your DHCP scopes to this new windows 2003 server using DNS scope option.
0
 
pfcvtAuthor Commented:
NJComputerNetworks:

I know that what you're suggesting is the preferred method for domain upgrades. After starting out that way and running into trouble, I backed off and decided to use another method. In the scenario I'm using, it's not really an upgrade, it's more of a migration.

I have 8 servers in my NT domain (all running NT 4.0). Problem is, only 4 of them are capable of running Windows Server 2003. So, I had these 3 new servers. I decided to install Win 2K3 on all three and start from scratch with a new Win 2K3 domain.

I now have a 3 server Win 2K3 domain and my 8 server NT domain running on the same cabling (theoretically, the same network because there is no router between them). There is a two-way trust established between them both.

In my new Win 2K3 domain I have one server that is the DC, DNS and DHCP server (the new 10.1.8.x DHCP server). This server also runs my DMS software.

I've installed an upgrade to my SQL-based DMS on another of the new servers.

On my third new server, I plan to install Exchange Server 2003 (this will be another adventure!!).

I've created the computer and user accounts on the new domain manually (there are only about 80). I'll install our network printers and then begin migrating users over to the new domain (I'm still working out the logistics of that feat).

After I've migrated files from the old servers, I'll gradually decommission them and take them offline.

That's the plan - sorry for the digression!



0
 
NJComputerNetworksCommented:
Ok...  I think you should disable your Windows NT DHCP service and use the Windows NT.  Do this after hours so you can test the result.  If the result is bad, re-enable DHCP on the NT server.
0
 
pfcvtAuthor Commented:
Sounds like a good general plan.

I should bring up the fact that this problem began before I added the Windows Server 2003 server.

Do you think then, that perhaps the Win 2K3 DHCP server may be better suited to properly support DHCP on my given infrastructure?

Or in other words, perhaps the problem all along was the NT DHCP server?

What about Port Mirroring? I mentioned earlier that I found a reference to port mirroring being a possible reason why DHCP may not function properly. The wall jack (and so the switch port) that I've been using to test was mirrored to another switch port. I have since disabled it.

I did test one of the laptops on another jack and I did duplicate the problem (no DHCP just an APIPA address) but I can't say if it was really a good objective test. I would say that 98% of my testing has been on the port-mirrored jack.

I'll see how things boot from this jack in the morning now that I've removed the mirroring.

That's the trouble with these intermittent problems. I thought that I had solved this issue so many times only to find out that it pops up again!

One quick (and probably dumb) question.

If I disable the NT DHCP server, am I correct to assume that it will not cause problems for any currently logged on users? I would think that it would only be used at the initial login when an IP address is requested.

I should be able to shut off the NT DHCP server and have all of my 10.1.4.x users work merrily along. When they reboot, they'll just get 10.1.8.x IP addresses from the Win 2K3 server, right?

Thanks.


0
 
TheCleanerCommented:
If I disable the NT DHCP server, am I correct to assume that it will not cause problems for any currently logged on users? I would think that it would only be used at the initial login when an IP address is requested.
======

When their DHCP assignment expires they will try to renew it, not get a response and then register a new address with the 2k3 server.
0
 
pfcvtAuthor Commented:
That's what I thought.

Thanks.
0
 
NJComputerNetworksCommented:
I would also point all computers over to your Windows 2003 DNS server.  Any static entries created in your NT Windows DNS server should be recreated on your Windows 2003 DNS.  (You probably don't have any unless you have unix machines or something in your environment.)

DHCP Scope options:

Router: 10.1.1.1
DNS Servers: 10.1.10.3
Domain Name: abc123.local
WINS/NBT: 10.1.10.3    <--- might as well get wins replication working between your NT WINS and 2K3 WINs too.
WINS/NBT Node Type: 0x8


0
 
pfcvtAuthor Commented:
Well, both of my test laptops received their IP address on bootup this morning. As this has happened in the past, I'm not willing to claim victory just yet. I'll be doing a number of restarts through the day to try to test further.

It's possible that removing Port Mirroring from the switch port may have solved the problem.

I'll post again to follow-up as the day goes on.

In the meantime, I'll work out a plan for implementing your suggestions regarding my network.

As for the points, I'd like to see what happens over the next day or so with IP address allocation before closing this issue and assigning the points.

Thanks again for everyone's help to this point.
0
 
NJComputerNetworksCommented:
ok...good luck
0
 
pfcvtAuthor Commented:
Well, I thought that I was all set after removing the Port Monitor from the switch port. Yesterday, everything worked fine. As has been the nature of this problem, today is another story.

I'm back to the same situation.

1. After logging in, I receive a "Limited or No Connectivity" message in the icon tray.
2. The laptop has an APIPA address.
3. ipconfig /renew times out with "unable to contact your DHCP server"

The Event Log shows the following:

Application Log
7:51 EventID: 1054 (this is when I turned on the laptop)
7:53 EventID: 15
9:05 EventID: 1054 (this is when I actually logged on to the laptop)

System Log
7:51 EventID: 1003 Source: dhcp
7:52 EventID: 1007 Source: dhcp
7:52 EventID: 5719 Source: Netlogon
7:52 EventID: 11197 Source: dnsapi
8:04 EventID: 11050 Source: dnscache

I have not yet implemented the suggestions made by NJComputerNetworks - I hope to do this on Sunday and then see what happens Monday and Tuesday of next week.

In the interim, I'll investigate the Event Log messages. I'm also going to set up one of my two test machines in another office (i.e., and thus another switch port) just to see what happens.

Thanks again.

0
 
pfcvtAuthor Commented:
Over the weekend, I took down the NT DHCP server. All DHCP clients are pointing to the Windows Server 2003 DNS server. The Windows Server 2003 DNS server is set to forward to our ISP's DNS servers.

So far, the results are positive. I've had no significant trouble with client machines renewing their IP addresses. DNS queries are being resolved.

I'm not sure about your comment NJComputerNetworks, regarding getting WINS replication working between my NT WINS and 2K3 WINS.

I don't have a WINS server on the Win 2K3 side. I didn't think I needed one. I was planing on leaving the NT WINS server running until I have no more NT servers and the then just disable it.

I'll split the points on this one 400 - NJComputerNetworks and 100 to TheCleaner.

Now, can someone tell me how to award / split points? :-)



0
 
pfcvtAuthor Commented:
OK, I figured out the points thing.

Sorry, I went 450 / 50 on the points.

Thanks guys.

0
 
NJComputerNetworksCommented:
"I don't have a WINS server on the Win 2K3 side. I didn't think I needed one. I was planing on leaving the NT WINS server running until I have no more NT servers and the then just disable it."  ... your probably right, you probably don't need WINS..  However, if you run older applications in your environment that require WINS, you may want to add this service.  I usually keep running WINS in my environments...why?  Just because this service requires little to no maintenance...and very little overhead is placed on the server running WINS...  So, I normally keep this on.
0
 
pfcvtAuthor Commented:
A good point. Thanks.
0
All Courses

From novice to tech pro — start learning today.