Solved

DHCP Problem

Posted on 2008-10-09
16
317 Views
Last Modified: 2012-05-05
I have come across a problem at one of our sites.
The Server is running 2K3 SP2, it is the DC and is also running DHCP and DNS on the server. There is a Single NIC in the server.
The problem we are having is that the pc's on the domain are picking up addresses but we are unable to ping anything from these pc's, this is not on all pc's all the time but seems completely random. The ip address' that they are getting are all correct, in the DHCP range, right subnet mask, gateway and DNS servers etc.
I found in the DNS host records a reference to the server with a different address which has been deleted.
Hope you can help with some suggestions
0
Comment
Question by:latheal
  • 4
  • 3
  • 2
  • +4
16 Comments
 
LVL 14

Expert Comment

by:dfxdeimos
Comment Utility
Have you attempted to delete and re-create the DHCP scope? I would go through and quadruple check all the settings involved. When you notice that a PC has gotten one of these "bad addresses", have you tried to set the PC statically to the same address?
Also, have you tried to reset your switch to factory defaults?
0
 
LVL 11

Expert Comment

by:loftyworm
Comment Utility
Need to find the bad address.  My bet is on an IP conflict.

I would find a bad system, find its IP, turn bad system off, on antoher system do a nbtstat -A x.x.x.x.  This should give you the machine name of the offending IP, and see if it is set statically.  If NOT then ther eis an issue with DHCP.

Interesting problem, I am curious to see what you find.
0
 

Expert Comment

by:Trumpeteer
Comment Utility
1) when a rogue DHCP server is detected on the network, W2K3 DHCP servers will stop providing addresses
2) You can set the ping verification to avoid IP conflicts in the DHCP server properties on the advanced TAB
3) Check on the machines which cannot ping whether the IP address is actually coming from your DHCP server. The IP address of the DHCP server is listed when executing "ipconfig /all" on the DHCP client

b.t.w. running DHCP on a DC with DNS updates enabled can be a security issue, unless you put an "ordinary user" in the DNS dynamic update credentials in the same Tab as 2.

Hope this helps...
0
 
LVL 11

Expert Comment

by:Zuhir Elgmati
Comment Utility
did you restart the DHCP service from the DHCP console ?
0
 
LVL 14

Expert Comment

by:dfxdeimos
Comment Utility
Loftyworm raises a very valid point, I would move in that direction.
You are sure there are no other DHCP servers on the network?
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
I am going out on a limb and guess that you have Windows Firewall enabled, (or some other firewall like ISA), that is blocking ICMP traffic on some of these computers.

How to enable ICMP in windows firewall:
http://nic.phys.ethz.ch/readme/164

ICMP for ISAserver:
http://www.isaserver.org/tutorials/Configuring_ISA_Server_for_Incoming_Ping_Responses__By_Dieter_Rauscher.html


0
 

Expert Comment

by:Trumpeteer
Comment Utility
And a new brainwave: is your DHCP server multihomed or configured with multiple IPaddresses on one NIC? If you have multiple subnets connected you might run into clients getting the wrong IP for the "fysical" subnet... Everything seems fine, but actually your gateway is not on your subnet causing network unavailability.

two tests:
1) ping DHCP server
2) ping gateway

if both work, you must have a good connection. If only the DHCP server replies and the gateway doesn't, you have a "physical network" error. If the gateway responds and the DHCP server doesn't, the DHCP server is down or a local firewall on the DHCP server prohibits ICMP replies.

good luck!
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 

Author Comment

by:latheal
Comment Utility
Right the DHCP seems to be ok, we have had a look around and DNS seems to have multiple Host (A) records where an IP address  is assigned to multiple systems which means they cannot connect.
Any ideas?
0
 

Expert Comment

by:Trumpeteer
Comment Utility
When the lease time is larger than the DNS scavenging times, you will end up with multiple reverse entries. Multiple forward entries in DNS with the same IP addresses still point into the direction there is a rouge DHCP server...

Please take notice of the registration time apposed to the lease time. When you have a very short DHCP lease time and workstations move around quickly, there might be DNS entries with what seem to be conflicting IP addresses. In fact these clients had these addresses sequentially.
0
 

Author Comment

by:latheal
Comment Utility
I'll have a look and see, just getting the details of the wireless AP's as the only other server on site is not running DHCP. Maybe one of the AP's has dhcp running. I'll let you know.
0
 
LVL 38

Expert Comment

by:ChiefIT
Comment Utility
You might be running into the same problem I was running into a while back:
http://www.experts-exchange.com/Networking/Protocols/DHCP/Q_22847336.html
0
 

Author Comment

by:latheal
Comment Utility
Right then the problem of pc's not connecting to the Domain persist, the DHCP and DNS duplicates seem to have disppeared.
What is happening now is on 2 fronts, randomly a pc will not connect to the DC, you can log on locally, the pc has all the correct ip address etc needed and can get out onto the internet, but will not connect/ping the DC which is where the data/shared drives are, the only way I have found so far to fix this is to give the pc a static IP and restart, then remove the Static IP and get a new IP.

The second problem is wireless, there are Dell D620's and Tosh A100's that will not see any of the many (and newly installed netgear wireless AP's), this is a real problem and we have tried many things to sort this, including, uninstall and reinstall the wireless cards on the laptops, disable, reenable, a seperate usb wireless adaptor. The problem is totally random and will affect a laptop one day and then the next it will be fine.

Hope someone has some ideas, the next step being discussed is to reimage the DC, hiwch I really don't want to do
0
 

Author Comment

by:latheal
Comment Utility
OK then sorry for the Huge delay in getting back here, bit too busy at the moment.

Right the DHCP and DNS problem seems to have been resolved, we removed and re-set up both and we haven't seen that problem again.

The problems with the wireless were driver related, the D620's we got updated drivers and that was easy. the blasted Toshiba's came with a recover cd that had a very new driver and when  had a look on their site it didn't seem to exist, so downloaded the "older" driver and installed that, hey presto!!

Thanks to all for your help
0
 

Accepted Solution

by:
ee_auto earned 0 total points
Comment Utility
Question PAQ'd, 500 points refunded, and stored in the solution database.
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

If you have a multi-homed DNS setup in windows, you can have issues with connectivity to the server that hosts the DNS services (or even member servers of your domain if this same DNS server is a DC). This is because windows registers all of its IPs…
Learn about cloud computing and its benefits for small business owners.
This video discusses moving either the default database or any database to a new volume.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now