Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Unknown RAS IP addresses reserved on Windows 2008 server (RAS NOT INSTALLED OR USED !)

Posted on 2010-11-18
11
Medium Priority
?
1,239 Views
Last Modified: 2012-05-10

Our Windows 2008 server is showing a number of IP addresses reserved in the DHCP scope for RAS connections, they all show the NAME as the FQN of the server. We don't use RAS as our router handles remote VPN traffic and IP allocation.

Can someone shed some light on this as the scope gets full pretty quickly !  I can delete the reservations and they come back shortly after, I'm stumped !
0
Comment
Question by:Andrew Lee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 9

Accepted Solution

by:
losip earned 1000 total points
ID: 34163102
Are you sure that you don't have the Network Policy and Access Services role installed (with the RAS feature enabled)?
0
 

Author Comment

by:Andrew Lee
ID: 34163182
Hi,

We've got

AD Domain services
DHCP Server
DNS Server
File Services
Web Server (IIS)
Windows Server Update Services

installed
0
 
LVL 9

Expert Comment

by:losip
ID: 34163242
And RRAS is not installed on any other server which could be getting addresses from that one?  Although, I would expect the Name to be the FQDN of the RAS server, not the DHCP server.  Another possibility: could the router be erroneously getting its IP addresses from the DHCP server (by broadcast) instead of from its own pool?
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 

Author Comment

by:Andrew Lee
ID: 34163292
Hi,

Its a draytek 2820n router, the remote pptp is set to assign 10.100.0.223 upwards, DHCP scope on server is : 10.100.0.31 - 200, subnet 255.255.255.0

No other server on the network, this box is a Windows 2008 server with Exchange 2007 installed, 64bit

Intrestngly the IP's are now showing in DHCP anymore, I have had some strange goings on with wireless modules and some devices picking up DHCP in the production enviroment,

I suggest leaving this for a day and I'll monitor see if the RAS entries pop back up,
0
 
LVL 9

Expert Comment

by:losip
ID: 34163367
Any device on the 10.100.0.0/24 subnet will broadcast out when it wants an IP address. As you've described the network, either the Draytek or the Windows server may reply to such a Discover packet and offer an address out of their allocated range.  

I'm not sure whether this scenario is valid with the Draytek but, if a device calling in on the VPN wants an address, it may be that it can get it either from the router itself or from the server following a broadcast from the VPN termination onto the 10.100.0.0 subnet.  Therefore, either DHCP server may issue leases.
0
 

Author Comment

by:Andrew Lee
ID: 34163377
Hi,

No DHCP on the draytek its turned off, the VPN isnt assigning addresses to general network traffic from my knowledge of the draytek, its assigned on a per tunnel / connection basis
0
 
LVL 9

Expert Comment

by:losip
ID: 34163422
Yes, I appreciate that devices on the LAN will ONLY get addresses from the server but I was referring to VPN clients's addresses which SHOULD come from the router.  When they make a connection, is it possible that the Draytek broadcasts on the LAN interface (to itself and any other DHCP server that will listen) so that a connected VPN client may get an address from the server instead of the router?  It''s more a suggestion than a concrete theory due to my lack of knowledge of the internals of the Draytek.
0
 
LVL 5

Assisted Solution

by:q2q
q2q earned 1000 total points
ID: 34163705
They draytek has few ways of giving ip addresses for those who dial in
1) using its own dhcp (Lan > general settings > on the right hand side)
2) using a range when dhcp is disabled ( VPN  and  remote access > ppp general setup > on the right hand side)

These two options would not get addresses from your servers dhcp pool
3) dhcp relay server option (Lan > general settings > on the right hand side)
this will passthrough to your server, hower in all my experiance I have not seen a draytek pre-allocate addresses.

I would expect your server is doing this becuase the servers "routing and remote access" service is started. and has been configured (admin tools > routing and remote access) to use pptp or dial up connections. If you dont need this disable the windows service  "routing and remote access" and it will be fine.
If this works you can then open the panel (after restarting the service) delete the server from the console.
0
 

Author Comment

by:Andrew Lee
ID: 34163796
Hi

option 2 above set for draytek to allocate address

thats the strange thing routing and remote access IS STARTED but I can't be stopped (dependant services), its NOT showing in ROLES or ADMINISTRATIVE TOOLS though, its never something thats been used !
0
 
LVL 5

Expert Comment

by:q2q
ID: 34163862
Yes its crazy, its like microsoft want people to use it and just install and set it up for us.
If I were you I would use dhcp relay rather then option 2 as it ensures you dont get clashing addresses. The only downfall is that if your server is off you will need to asign yourself a static address to get it.
0
 

Author Comment

by:Andrew Lee
ID: 34163920
Can't set the DHCP relay unless DHCP is enabled on the router which we don't want, had two clashing DHCP servers before, not pretty !

Also can't remove the start address from ppp config draytek complains its invalid having nothing in there

So far no issues today, I've made a couple of other changes not covered in this thread to do with getting certain people to NOT connect certain kit which asks for DHCP, they've been assigning static addresses and so far so good, thanks all for assistance on this though, going to keep question open for a couple of days whilst monitor the situation, if its resolved I'll divy the points up

Cheers
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question