[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Unknown RAS IP addresses reserved on Windows 2008 server (RAS NOT INSTALLED OR USED !)

Posted on 2010-11-18
11
Medium Priority
?
1,242 Views
Last Modified: 2012-05-10

Our Windows 2008 server is showing a number of IP addresses reserved in the DHCP scope for RAS connections, they all show the NAME as the FQN of the server. We don't use RAS as our router handles remote VPN traffic and IP allocation.

Can someone shed some light on this as the scope gets full pretty quickly !  I can delete the reservations and they come back shortly after, I'm stumped !
0
Comment
Question by:Andrew Lee
  • 5
  • 4
  • 2
11 Comments
 
LVL 9

Accepted Solution

by:
losip earned 1000 total points
ID: 34163102
Are you sure that you don't have the Network Policy and Access Services role installed (with the RAS feature enabled)?
0
 

Author Comment

by:Andrew Lee
ID: 34163182
Hi,

We've got

AD Domain services
DHCP Server
DNS Server
File Services
Web Server (IIS)
Windows Server Update Services

installed
0
 
LVL 9

Expert Comment

by:losip
ID: 34163242
And RRAS is not installed on any other server which could be getting addresses from that one?  Although, I would expect the Name to be the FQDN of the RAS server, not the DHCP server.  Another possibility: could the router be erroneously getting its IP addresses from the DHCP server (by broadcast) instead of from its own pool?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:Andrew Lee
ID: 34163292
Hi,

Its a draytek 2820n router, the remote pptp is set to assign 10.100.0.223 upwards, DHCP scope on server is : 10.100.0.31 - 200, subnet 255.255.255.0

No other server on the network, this box is a Windows 2008 server with Exchange 2007 installed, 64bit

Intrestngly the IP's are now showing in DHCP anymore, I have had some strange goings on with wireless modules and some devices picking up DHCP in the production enviroment,

I suggest leaving this for a day and I'll monitor see if the RAS entries pop back up,
0
 
LVL 9

Expert Comment

by:losip
ID: 34163367
Any device on the 10.100.0.0/24 subnet will broadcast out when it wants an IP address. As you've described the network, either the Draytek or the Windows server may reply to such a Discover packet and offer an address out of their allocated range.  

I'm not sure whether this scenario is valid with the Draytek but, if a device calling in on the VPN wants an address, it may be that it can get it either from the router itself or from the server following a broadcast from the VPN termination onto the 10.100.0.0 subnet.  Therefore, either DHCP server may issue leases.
0
 

Author Comment

by:Andrew Lee
ID: 34163377
Hi,

No DHCP on the draytek its turned off, the VPN isnt assigning addresses to general network traffic from my knowledge of the draytek, its assigned on a per tunnel / connection basis
0
 
LVL 9

Expert Comment

by:losip
ID: 34163422
Yes, I appreciate that devices on the LAN will ONLY get addresses from the server but I was referring to VPN clients's addresses which SHOULD come from the router.  When they make a connection, is it possible that the Draytek broadcasts on the LAN interface (to itself and any other DHCP server that will listen) so that a connected VPN client may get an address from the server instead of the router?  It''s more a suggestion than a concrete theory due to my lack of knowledge of the internals of the Draytek.
0
 
LVL 5

Assisted Solution

by:q2q
q2q earned 1000 total points
ID: 34163705
They draytek has few ways of giving ip addresses for those who dial in
1) using its own dhcp (Lan > general settings > on the right hand side)
2) using a range when dhcp is disabled ( VPN  and  remote access > ppp general setup > on the right hand side)

These two options would not get addresses from your servers dhcp pool
3) dhcp relay server option (Lan > general settings > on the right hand side)
this will passthrough to your server, hower in all my experiance I have not seen a draytek pre-allocate addresses.

I would expect your server is doing this becuase the servers "routing and remote access" service is started. and has been configured (admin tools > routing and remote access) to use pptp or dial up connections. If you dont need this disable the windows service  "routing and remote access" and it will be fine.
If this works you can then open the panel (after restarting the service) delete the server from the console.
0
 

Author Comment

by:Andrew Lee
ID: 34163796
Hi

option 2 above set for draytek to allocate address

thats the strange thing routing and remote access IS STARTED but I can't be stopped (dependant services), its NOT showing in ROLES or ADMINISTRATIVE TOOLS though, its never something thats been used !
0
 
LVL 5

Expert Comment

by:q2q
ID: 34163862
Yes its crazy, its like microsoft want people to use it and just install and set it up for us.
If I were you I would use dhcp relay rather then option 2 as it ensures you dont get clashing addresses. The only downfall is that if your server is off you will need to asign yourself a static address to get it.
0
 

Author Comment

by:Andrew Lee
ID: 34163920
Can't set the DHCP relay unless DHCP is enabled on the router which we don't want, had two clashing DHCP servers before, not pretty !

Also can't remove the start address from ppp config draytek complains its invalid having nothing in there

So far no issues today, I've made a couple of other changes not covered in this thread to do with getting certain people to NOT connect certain kit which asks for DHCP, they've been assigning static addresses and so far so good, thanks all for assistance on this though, going to keep question open for a couple of days whilst monitor the situation, if its resolved I'll divy the points up

Cheers
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question