XP wireless client not receiving DHCP settings

I have many wireless XP clients that connect to the network via wireless access points using WPA2, AES, and 802.1x authentication using PEAP-MSCHAP V2. The clients are set to validate server certificates and are configured to trust the local root CA. All of the wireless configuration settings and certificate deployment is done through Group Policy.

Most of the XP clients connect to the wireles network as expected, however we have had many occasions when a client will authenticate but fails to obtain DHCP settings. I have observed the flow of traffic between the client and the DHCP server using wireshark and it appears that this only happens when there is a poor quality wireless signal - the client struggles to authenticate, with many packets exchanged, eventually succeeds but then DHCP requests are sent to the DHCP server, which the server also receives, but the responses are not received by the client. I suspect it is the signal quality because as soon as the client is placed close to an access point the authentication process is completed quickly, and the DHCP process is also completed successfully.

Has anyone else had the same issues? Is there any way of improving the clients chances of success of obtaining DHCP settings as we don't want to use static network settings?
Who is Participating?
Fred MarshallConnect With a Mentor PrincipalCommented:
If you don't have 20dB SNR then you will surely see problems and at 15-20dB quite a bit of variation.  So, if you're operating a computer with 17dB SNR then it may work some of the time and lead to a lot of frustration.  Best to avoid that with accepable SNR.  Numbers may vary but I'm sure you get the idea.  This is *not* an exact thing but close enough for discussion purposes.  In your situation it's essential to know what the numbers are I should think.

In my reference to settings there's nothing magic here so you won't be surprised with this:

I would not suggest one security type over another in this regard.  I don't have any statistics that would lead to a conclusion.  You should use the highest level that your human and computer environment will tolerate.

The settings I mentioned were:

Type of security: WEP, WPA-PSK, WPA2-PSK, WPA-Personal, etc. etc.  it seems that every interface mfr. has their own idea of what this list should be.  Some newer interfaces appear to be able to figure it out all by themselves and all you have to do is say "yes".  With older interfaces you may have to try a few things to get the AP and the computer interface to agree as the terms do vary for their respective settings.

Also, which interface software are you using?  There will/could be the interface mfr's software (i.e. Intel, Atheros, Broadcom, etc.), the computer mfr's software (Dell, HP, Lenovo, etc.), and MS Windows.
The tradeoff seems to be that the interface mfr GUI will be nicer than Windows but that Windows is almost surely to work.  In some cases I've had to disable Dell software in order to get things to work.  How I wish for a standardized interface without the seemingly endless variation in what each company comes up with!!

Type of encryption: TKIP, AES?

The passphrase.  They should be complicated to avoid hacking.  If you use a typical approach then you do this but either remember them or write them down and then type them in manually.  It's the typos that get you here and it's sometimes really hard to convince yourself that you've made a mistake.   What I have taken to doing is use random 63-character passphrases and enter them using copy and paste.  Hardest to hack and no typos.  

I've had situations where I've had to try 1/2 dozen times before I got it right when I was typing in the passphrases.  That puzzled and frustrated me but that's my experience.  Sometimes you have to delete the profile and just start over as often the profiles can't be edited completely or renamed or ......

But this seems to not be your issue in this case...  maybe in some of them??

Obviously if a laptop connects completely one place and not another is a signal issue.  Don't forget that SNR varies with "N" as well as "S".  So it can be that one location is noisier even though the signal level is still what would be OK in a quieter location.  Electromechanical machines generating electromagnetic noise fields, microwave ovens, portable telphones are all possibilities.
Erk333Service Delivery ManagerCommented:
if the hardware of the clients is fairly standardized (as far as WLAN nics) i would confirm that all are using the same protocol ( A, B, G, N), or the best one that is supplied by your access points.

that and you might match the link speed (10, 100, half, full, etc...) of the NIC's to that of your switch(s) instead of 'auto'
x3manAuthor Commented:
Hi Erk333

All clients are using 11g

All switches are set to auto negotiate as are the clients.
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

Erk333Connect With a Mentor Service Delivery ManagerCommented:

hmm...well, if the goal is to improve addressing (or communication in general) i would take switches and nodes off auto (hard setting is really best practice) but that can be alot of work

other than that only thing i can think of is changing dhcp server to unicast response.  see link:

and i assume youve updated the affected laptops nic drivers and such
Fred MarshallPrincipalCommented:
It sure sounds like the pool of addresses has been used up.
The IP address assignments are via "leases".  So, a computer need not be present or turned on to be using up an address via the lease it received.  This can cause a degree of confusion when one "knows" that there are only so many computers connected at any one time.

How many addresses are in the DHCP pool?
What is the lease time?  (For a more or less static situation, I'd use 8 hours.  For more dynamic situations, I'd use less - maybe 2 hours).  I believe the computers will refresh their individual leases in half that time.  So, if the leases are short and aren't refreshed, they will run out and make those addresses available for assignment.
How many computers are "involved"?  i.e. there all the time, coming in and out, etc.?
x3manAuthor Commented:
Thanks for input guys.

NIC drivers have been updated. Changing auto negotiate settings is not an option I'm afraid. Too much work and too many other devices using it.

Not convinced that changing the DHCP server to unicast will improve things. Like I said originally it appears that the issue relates to signal quality - I can see the client struggle to authenticate, and fail to receive the dhcp response. Yet when i try in an area with good coverage the authentication and DHCP process completes without any problems. It looks like changing the default time out value for the DHCP process is not possible, otherwise that could improve things by giving the client a chance to receive responses from DHCP.

It's definitely not related to lack of available IP addresses in the current address pool - there are more than enough spare, and like I said, the issue is resolved when the wireless signal improves. Unfortunately upgrading the wireless infrastructure is not an option.

Some of the laptops suffer from this issue more than others e.g. the Atheros NICs seem to fare much better. Again suggests signal quality issues?
bbaoIT ConsultantCommented:
does a reboot or restart help??

BTW, i don't mean this is a solution. this is for troubleshooting only. :)
x3manAuthor Commented:
No, rebooting doesn't make any difference.
Fred MarshallPrincipalCommented:
One can imagine that signal quality could be an issue for DHCP depending on the amount of handshaking required, etc.  But then, this just means that there's a signal quality issue overall - so that's the place to look.  It seems a little odd that you've been able to pinpoint it down to DHCP but then that would be the *first* opportunity for failure wouldn't it?

Is the network secured?  Often one gets a "connection" but only at the "radio" level and then DHCP fails because the security settings are wrong.  Often the software doesn't tell you this and looks like the computers are "connected".  I've often had to try multiple times to get the security right and end up with an IP address all while the radios were "connected" just fine.  If the interfaces are from different manufacturers then the software may well be different and setup for security different - one needing more detailed information than another, etc.  Don't discount this possibility.  

I don't expect one computer to act the same as another on a wireless network.  You seem to be saying the same thing.  

Wireless networks are a bit frustrating because of signal strength being so variable.  You might try using NetStumbler on a laptop so you can better see SNR, etc. and get an idea of how signal levels vary.  If the SNR isn't 20dB or better then it will or can be marginal.  I wouldn't recommend trying to live at 15dB and less than that is surely going to be unsatisfactory.

Solutions include: more robust access points (i.e. power level)  and better antennas at both ends.
Antenna solutions are generally better than increases in power as increases in power don't yield all that many dB.  6dB is a 4X change in power level.
x3manAuthor Commented:
Thanks fmarshall

DHCP is usually the point of failure for the laptops - however we have also had a few laptops that fail to authenticate and so are refused access. Again this is variable and the same laptop has connected when relocated to a strong signal area.

I agree it is frustrating! The network was originally using WPA-PSK, and while it certainly wasn't perfect, we did have more success with connectivity. I would not be happy if we had to move back to this level of security due to connectivity issues.

I have used NetStumbler to get a picture of the signal quality across the network. I can't remember the exact SNR but it was less than satisfactory. The SNR was low in some areas and high in others, and different during different times of day (people going home etc.). Many hours have already been spent trying to optimise AP location, power levels, channels etc without any real improvements to reliability.

I am interested to know what settings you are referring to when you say "had to try multiple times to get the security right and end up with an IP address all while the radios were "connected" just fine.  If the interfaces are from different manufacturers then the software may well be different and setup for security different - one needing more detailed information than another". All the laptops are using XP SP3 and the Windows XP Wireless Zero Configuration service so aren't the security settings all the same? Are you referring to using the NIC manufacturers management software? Or are you referring to the advanced properties of the device itself?
RikeRConnect With a Mentor Commented:

DHCP is a broadcast message and are usually transmitted at a lower data rate. Since distance from AP degrades the datarate DHCP will fade out earlier then Unicast traffic. If the system allows you cab increase the broad/multicast Tx rate. Not sure if this will work. Alternativily oerform a site-survey using free tools like Ekahau's heatmapper (use google to find the link).

In general: DHCP issues are known at the edges of a wireless network.
x3manAuthor Commented:
Thanks everyone

There's some interesting points to consider. Particularly concerning data rates, broadcast and unicast etc. I'll have a look at setting the DHCP server to respond with unicast responses - see what effect, if any, that has.

It looks likely that the most successful way of improving connectivity would be to upgrade and improve the wireless AP infrastructure. However like I said before, that is unlikely to happen, hence the reason I asked if there is any other option to improve connectivity.

Thanks again to all who replied.
x3manAuthor Commented:
Just for info. I tried setting the DHCP server to respond with unicast responses as described in the links, and this slowed down the DHCP process for the XP clients even more - wired and wireless. As soon as I removed the setting DHCP started working again. Although the wireless clients often still have problems as mentioned above...
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.