Solved

Windows 7 clients won't obtain DHCP address from the Windows 2003 domain controllder

Posted on 2010-11-24
31
3,251 Views
Last Modified: 2012-08-14
Windows 7 clients won't obtain a DHCP address from the Win 2003 domain controller. When the IPv4 protocol is set to 'Obtain an IP address automatically' it gets assigned an alternate ip and then cannot connect to the internet or domain resources. IPv6  is unchecked and I am pointing to our DNS servers in the DNS configuration. If I assign a static IP on our domain, then all works well.

XP clients do not have a problem. I have tried more than one Win 7 client and the same problem occurs.

What is the fix for this? I have looked read many blogs on this and other web sites, but nothing has pointed a way to a fix.
0
Comment
Question by:maripro
  • 12
  • 6
  • 3
  • +4
31 Comments
 
LVL 7

Expert Comment

by:celazkon
ID: 34209760
Hi, do you use any security software suite on the win7 box? If yea, check whether it is configured correctly. If not, check whether the network connection type is set as home of office network, since this sets the required windows firewall rules correctly.
Good luck
0
 
LVL 1

Expert Comment

by:chasefan31
ID: 34209795
Set the connection type as "work" to make it work correctly on a domain.  You could disable the firewall also to determine if it is interfering.
0
 
LVL 6

Expert Comment

by:RootsMan
ID: 34213298
What is the range of DHCP addresses defined on you server?
How many DHCP clients are on your LAN?
Is it possible that you're running out of available DHCP leases on your server?
0
 
LVL 7

Expert Comment

by:D_Vante
ID: 34214013
On an xp box try renew all to see if it can get a new ip

On win7. Try clearing the dns entries
0
 

Author Comment

by:maripro
ID: 34269884
I have a Win 7 Pro system out of the box. I joined my domain and it won't use the existing DHCP on my domain controller.  On Win 7 Pro system, System and Security, Windows Firewall tells me that some settings are managed by group policy (yes, and the existing configuration works for all XP systems). Below, the firewall settings it says, Domain networks: Not Connected, and Home or work network: Not Connected. The Win 7 systems was assigned a public address (even though it did join the domain), but cannot reach the internet or any system resources.

So what group policy do I need to change to control Win 7? The domain controllers work for all XP systems, so there appears to be something that needs to be added or altered, but WHAT?
0
 
LVL 7

Expert Comment

by:celazkon
ID: 34273970
Do you have some other win 7 machine, that you could join to your domain to see whether this problem is common for win 7 OS family, or if it arises only on your actual win 7 box?
0
 
LVL 6

Expert Comment

by:RootsMan
ID: 34274100
What is the range of DHCP scope of addresses defined on your server?
How many DHCP clients are on your LAN?
Is it possible that you're running out of available DHCP leases on your server?
0
 

Author Comment

by:maripro
ID: 34285220
We have three Win 7 machines on the network. If we assign a static IP address, all network resources are available to it. If, I try to use DHCP, the domain controller will  not give it an IP or allow it to have network resource (because it is given an alternate IP address that is not on the domain).

The scope of IP addresses available to DHCP is a class C, 128.170.nnn
This is not a problem of running out of available DHCP leases.

Any other ideas?
0
 
LVL 6

Accepted Solution

by:
RootsMan earned 250 total points
ID: 34287921
You could try running the Wireshark packet sniffer to see if the PC is sending a request "DHCPDISCOVER" for an IP address, and getting a reply "DHCPOFFER" from the DHCP server.
Make a note of the MAC address of the PC in question and filter on that MAC address.

After you start a capture with Wireshark, do an ipconfig /release and then ipconfig /renew.
0
 
LVL 13

Expert Comment

by:IT-Monkey-Dave
ID: 34287951
Is DHCP Conflict Detection enabled on the DHCP server?
0
 
LVL 13

Assisted Solution

by:IT-Monkey-Dave
IT-Monkey-Dave earned 250 total points
ID: 34287977
http://social.technet.microsoft.com/Forums/en-US/winserverNIS/thread/07a26080-5b37-410d-85c7-e131cc678efe

Scroll just past the halfway point and find a post by "Harry Hi" with a whole bunch of DHCP problem solutions for Win7.  I'd quote it here but it's quite lengthy and I don't want to steal someone else's work.  :)  Anyway there are some good suggestions there.
0
 

Author Comment

by:maripro
ID: 34297475
OK, the posts at the site you suggested were helpful together with packet capture. I have turned on DHCP Conflict Detection on the DHCP server. The DHCP server logs show repeated attempts to renew the lease to the Win7 computer every second or so, without end and no resolution. The Win7 computer will not accept the lease IP, but does not reveal why.

I captured packets using Wireshark. It confirms what I see in the DHCP server logs, a repeated request cycle, over and over. However there are no DHCP Denials, as the post web site suggests. The cycle is:
1. DHCP Discover from Win7
2. DHCP Offer from Server
3. DHCP Request from Win7
4. DHCP ACK from the Server

This four command request and response cycle continues each second and is never resolved. What is going on here? The post(s) are saying this is not a Windows issue, but possibly a network equipment problem. However, since there is no DHCP denials, I think this may be something different. Any ideas on what to do next?

The end result is that the Win7 computer won't access the internet or any network resources. The Win7 machine is assigned an IP addrss outside the domain.

0
 
LVL 7

Expert Comment

by:celazkon
ID: 34299611
I would try to turn OFF the checksum for Rx & Tx on the network card on win7 machine. This can be done in the device manager on the advanced tab of the network controller properties dialog.
0
 
LVL 6

Expert Comment

by:RootsMan
ID: 34301143
Is the IP address offered to the Windows 7 PC in the "DHCP Offer from Server" packet correct for your LAN?

What is the IP address least time set to on the server?

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:maripro
ID: 34303384
@ RootsMan - IP address offered to Windows 7 PC in "DHCP Offer from Server" is correct for our LAN. Where do I find "IP address least time set to on the server"?
0
 

Author Comment

by:maripro
ID: 34306507
@ celazkon: I turned OFF che checksum for Rx and Tx on the network card for the win7 computer. The Win7 box still refuses to accept the x.x.x.123 lease. Network activity shows that there are no transmission packets from the Win 7 machine, but Win7 receives packets.

Wireshark shows the same DHCP sequence described earlier. I decided to assign the static IP x.x.x.123 to the Win7 computer and now it can access network resources and the internet.

I am going to try to connect Win7 directly to the DHCP server with a crossover cable as suggested in one of the blogs. This will help identify if the source of the problem lies in network gear.

Any other suggestions welcome.  This problem is grinding....
0
 
LVL 42

Expert Comment

by:Davis McCarn
ID: 34325603
Both Vista and 7 will refuse to accept an ip address that is already in use by an active connection.  The test is to set things back to automatic, open network connections, then disable and enable the network connection.
0
 

Author Comment

by:maripro
ID: 34339870
As suggested, I set network adapter settings back to get an automatic IP from DHCP. Rebooted the computer, opened network connections, disabled then enabled the network connection. Same results with the Win 7 computer assigning a non-domain IP. No internet connectivity and no access to network resources.  

The detailed blogs I followed earlier suggested the problems were not with Windows, but other network gear. Any other ideas?

 


0
 
LVL 6

Expert Comment

by:RootsMan
ID: 34340794
Did you also try to connect the Windows 7 box directly to the DHCP server with a crossover cable?
0
 
LVL 13

Expert Comment

by:IT-Monkey-Dave
ID: 34340882
"Both Vista and 7 will refuse to accept an ip address that is already in use by an active connection"

Did we determine if conflict detection is enabled on the DHCP server?
0
 

Author Comment

by:maripro
ID: 34352339
I connected the Windows 7 box directly to the DHCP server with a crossover cable. The results were the same and Windows 7 computer assigns itself a non-domain IP. Conflict detection is enabled on the DHCP server.

So let's review:

--Win 7 client makes it's request to the DHCP server.
--DHCP server offers an unused IP to Win7 computer (I am sure of this, since I've removed the lease before starting, and verified).
--Win 7 client gets an acknowledgement from the DHCP server as seen in Wireshark packet.
--Win 7 client does not accept the DHCP issued IP, but rather comes up with its own (169.xxx) and won't get to the Internet or see any domain resources.
--DHCP assigns the lease and records it in it's database, however subsequently it attempts to renew the lease every second as see on the server side logs.

Are there any logs or clues to look for on the client, since it looks like client is having a problem and not the server?  What could be going on here?
0
 
LVL 42

Expert Comment

by:Davis McCarn
ID: 34359691
Who made these systems?
Did they come with any preinstalled antivirus/security software that may still be lurking in the backgroud (meaning it didn't uninstall correctly)?
Do you have access to a regular D-Link/Belkin/Netgear/etc. router so you could see if the system refuses it's DHCP too?
Is there something strange in the DNS/DHCP configuration on the servers?

Short of a common infestation or failed uninstall of a security package, I have never had problems with DHCP in Win7, nor does it seem to be a common problem.
0
 
LVL 6

Expert Comment

by:RootsMan
ID: 34359915
On the Windows 7 box, try deleting the network interface from device manager and then reboot.

If that doesn't work, try uninstalling Internet Protocol v4, reboot, then install IPv4.

If that doesn't work, try installing a separate NIC and see if the new NIC has the same problem.

0
 

Author Comment

by:maripro
ID: 34383095
There is no security software on the Dell box.  I connected the computer to a regular Linksys box (off the domain) and it did NOT get a DHCP issued IP. Woahhh! So, I restored Windows 7 OS to it's original state to start from scratch. Plugged Windows 7 computer into a regular Linksys box and got an DHCP issued IP. OK, at least this makes sense.

I set the network location to 'Work' and plugged Windows 7 computer into my domain. It connected, gave it a DHCP address in my domain and can get on the Internet. However it is still in the default 'WORKGROUP' and I had not "joined the domain" and could not get network files. In Network and Sharing Center, it shows computer is connected to my 'domain name' and below it says 'Work network'. Next I turned off the Windows Firewall and in System and Security\System, I joined my domain. Now in Network and Sharing, it says 'Domain network' below my 'domain name'. I can get at all the resources now on this box.

I still have another two Windows 7 systems where it will not take the DHCP issued IP and takes the alternate non domain IP. The DHCP renews occur once per second. I now have a workaround, but I don't know is Windows Firewall or startup response is the issue. These are out-of-the box DELL computers with Windows 7 Pro pre-installed.

Thank you for the suggestions as it seemed to be a combination of still puzzling events.
0
 
LVL 42

Expert Comment

by:Davis McCarn
ID: 34384479
It is not Windows firewall!  Even M$ is smarter than to block DHCP.
On one of the other systems, click Start and, in the search box, type CMD<CTRL-SHIFT-ENTER> which will open an elevated CMD window.  In it, type:
netsh winsock reset
netsh winsock reset catalog
netsh interface ip reset C:\interface-resetlog.txt
netsh interface reset all
netsh firewall reset
Reboot.

If that doesn't get it, change the system back to non-domain, then go to the device manager, delete the network card, and reboot to redetect it.
0
 

Author Comment

by:maripro
ID: 34397261
Argggg ....totally frustrated now. The Windows 7 box did not survive a reboot. In Network and Sharing Center, where it shows computer is connected to my 'domain name' and below it says 'Work network',  after reboot it says 'Unidentified network' and below it says 'Public network'. The problem has returned!

The docs say to go to Network and Sharing Center and choose a location. There is no where to get it back to the domain location or even to a work location.

Is this a domain issue and GPOs interfering somehow?  Why won't the Win 7 accept an IP that it had before and reverts to a non-domain IP.  If I assign a static IP, everything works fine. Crazy M$ again.

@DavisMcCarn - tried running script that did not have any effect
"netsh interface reset all" had an error, the reset all netsh ran.  
0
 

Assisted Solution

by:maripro
maripro earned 0 total points
ID: 34413117
OK, I've found a reasonable workaround after spending weeks on this problem. This technet post revealed that this is not just an isolated case, but a pitfall for at least several installations. I have found dozens of posts about this problem(s). The atttached post was most helpful. The last suggestion on the attached post works, but is a workaround. Using MMC, add local services and network services to the local administrators group. This works to fix the broken machines as well.

Another workaround is to assign a static IP, but there is no visibility with your DHCP server and managing your other machines. This is a poor choice.  The author of the post found a workaround by blocking inheritance of GPO in a new Active Directory OU. I did not want to go there.

I would like to know a permanent fix to this problem along with others I'm sure. So post it here if known.
0
 

Assisted Solution

by:maripro
maripro earned 0 total points
ID: 34413127
0
 

Author Closing Comment

by:maripro
ID: 34428922
Awarded points to information that led to a work around solution.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Learn about cloud computing and its benefits for small business owners.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now