Link to home
Start Free TrialLog in
Avatar of maripro
mariproFlag for Afghanistan

asked on

Windows 7 clients won't obtain DHCP address from the Windows 2003 domain controllder

Windows 7 clients won't obtain a DHCP address from the Win 2003 domain controller. When the IPv4 protocol is set to 'Obtain an IP address automatically' it gets assigned an alternate ip and then cannot connect to the internet or domain resources. IPv6  is unchecked and I am pointing to our DNS servers in the DNS configuration. If I assign a static IP on our domain, then all works well.

XP clients do not have a problem. I have tried more than one Win 7 client and the same problem occurs.

What is the fix for this? I have looked read many blogs on this and other web sites, but nothing has pointed a way to a fix.
Avatar of celazkon
celazkon
Flag of Czechia image

Hi, do you use any security software suite on the win7 box? If yea, check whether it is configured correctly. If not, check whether the network connection type is set as home of office network, since this sets the required windows firewall rules correctly.
Good luck
Avatar of chasefan31
chasefan31

Set the connection type as "work" to make it work correctly on a domain.  You could disable the firewall also to determine if it is interfering.
What is the range of DHCP addresses defined on you server?
How many DHCP clients are on your LAN?
Is it possible that you're running out of available DHCP leases on your server?
On an xp box try renew all to see if it can get a new ip

On win7. Try clearing the dns entries
Avatar of maripro

ASKER

I have a Win 7 Pro system out of the box. I joined my domain and it won't use the existing DHCP on my domain controller.  On Win 7 Pro system, System and Security, Windows Firewall tells me that some settings are managed by group policy (yes, and the existing configuration works for all XP systems). Below, the firewall settings it says, Domain networks: Not Connected, and Home or work network: Not Connected. The Win 7 systems was assigned a public address (even though it did join the domain), but cannot reach the internet or any system resources.

So what group policy do I need to change to control Win 7? The domain controllers work for all XP systems, so there appears to be something that needs to be added or altered, but WHAT?
Do you have some other win 7 machine, that you could join to your domain to see whether this problem is common for win 7 OS family, or if it arises only on your actual win 7 box?
What is the range of DHCP scope of addresses defined on your server?
How many DHCP clients are on your LAN?
Is it possible that you're running out of available DHCP leases on your server?
Avatar of maripro

ASKER

We have three Win 7 machines on the network. If we assign a static IP address, all network resources are available to it. If, I try to use DHCP, the domain controller will  not give it an IP or allow it to have network resource (because it is given an alternate IP address that is not on the domain).

The scope of IP addresses available to DHCP is a class C, 128.170.nnn
This is not a problem of running out of available DHCP leases.

Any other ideas?
ASKER CERTIFIED SOLUTION
Avatar of RootsMan
RootsMan
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Is DHCP Conflict Detection enabled on the DHCP server?
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of maripro

ASKER

OK, the posts at the site you suggested were helpful together with packet capture. I have turned on DHCP Conflict Detection on the DHCP server. The DHCP server logs show repeated attempts to renew the lease to the Win7 computer every second or so, without end and no resolution. The Win7 computer will not accept the lease IP, but does not reveal why.

I captured packets using Wireshark. It confirms what I see in the DHCP server logs, a repeated request cycle, over and over. However there are no DHCP Denials, as the post web site suggests. The cycle is:
1. DHCP Discover from Win7
2. DHCP Offer from Server
3. DHCP Request from Win7
4. DHCP ACK from the Server

This four command request and response cycle continues each second and is never resolved. What is going on here? The post(s) are saying this is not a Windows issue, but possibly a network equipment problem. However, since there is no DHCP denials, I think this may be something different. Any ideas on what to do next?

The end result is that the Win7 computer won't access the internet or any network resources. The Win7 machine is assigned an IP addrss outside the domain.

I would try to turn OFF the checksum for Rx & Tx on the network card on win7 machine. This can be done in the device manager on the advanced tab of the network controller properties dialog.
Is the IP address offered to the Windows 7 PC in the "DHCP Offer from Server" packet correct for your LAN?

What is the IP address least time set to on the server?

Avatar of maripro

ASKER

@ RootsMan - IP address offered to Windows 7 PC in "DHCP Offer from Server" is correct for our LAN. Where do I find "IP address least time set to on the server"?
Avatar of maripro

ASKER

@ celazkon: I turned OFF che checksum for Rx and Tx on the network card for the win7 computer. The Win7 box still refuses to accept the x.x.x.123 lease. Network activity shows that there are no transmission packets from the Win 7 machine, but Win7 receives packets.

Wireshark shows the same DHCP sequence described earlier. I decided to assign the static IP x.x.x.123 to the Win7 computer and now it can access network resources and the internet.

I am going to try to connect Win7 directly to the DHCP server with a crossover cable as suggested in one of the blogs. This will help identify if the source of the problem lies in network gear.

Any other suggestions welcome.  This problem is grinding....
Avatar of Davis McCarn
Both Vista and 7 will refuse to accept an ip address that is already in use by an active connection.  The test is to set things back to automatic, open network connections, then disable and enable the network connection.
Avatar of maripro

ASKER

As suggested, I set network adapter settings back to get an automatic IP from DHCP. Rebooted the computer, opened network connections, disabled then enabled the network connection. Same results with the Win 7 computer assigning a non-domain IP. No internet connectivity and no access to network resources.  

The detailed blogs I followed earlier suggested the problems were not with Windows, but other network gear. Any other ideas?

 


Did you also try to connect the Windows 7 box directly to the DHCP server with a crossover cable?
"Both Vista and 7 will refuse to accept an ip address that is already in use by an active connection"

Did we determine if conflict detection is enabled on the DHCP server?
Avatar of maripro

ASKER

I connected the Windows 7 box directly to the DHCP server with a crossover cable. The results were the same and Windows 7 computer assigns itself a non-domain IP. Conflict detection is enabled on the DHCP server.

So let's review:

--Win 7 client makes it's request to the DHCP server.
--DHCP server offers an unused IP to Win7 computer (I am sure of this, since I've removed the lease before starting, and verified).
--Win 7 client gets an acknowledgement from the DHCP server as seen in Wireshark packet.
--Win 7 client does not accept the DHCP issued IP, but rather comes up with its own (169.xxx) and won't get to the Internet or see any domain resources.
--DHCP assigns the lease and records it in it's database, however subsequently it attempts to renew the lease every second as see on the server side logs.

Are there any logs or clues to look for on the client, since it looks like client is having a problem and not the server?  What could be going on here?
Who made these systems?
Did they come with any preinstalled antivirus/security software that may still be lurking in the backgroud (meaning it didn't uninstall correctly)?
Do you have access to a regular D-Link/Belkin/Netgear/etc. router so you could see if the system refuses it's DHCP too?
Is there something strange in the DNS/DHCP configuration on the servers?

Short of a common infestation or failed uninstall of a security package, I have never had problems with DHCP in Win7, nor does it seem to be a common problem.
On the Windows 7 box, try deleting the network interface from device manager and then reboot.

If that doesn't work, try uninstalling Internet Protocol v4, reboot, then install IPv4.

If that doesn't work, try installing a separate NIC and see if the new NIC has the same problem.

Avatar of maripro

ASKER

There is no security software on the Dell box.  I connected the computer to a regular Linksys box (off the domain) and it did NOT get a DHCP issued IP. Woahhh! So, I restored Windows 7 OS to it's original state to start from scratch. Plugged Windows 7 computer into a regular Linksys box and got an DHCP issued IP. OK, at least this makes sense.

I set the network location to 'Work' and plugged Windows 7 computer into my domain. It connected, gave it a DHCP address in my domain and can get on the Internet. However it is still in the default 'WORKGROUP' and I had not "joined the domain" and could not get network files. In Network and Sharing Center, it shows computer is connected to my 'domain name' and below it says 'Work network'. Next I turned off the Windows Firewall and in System and Security\System, I joined my domain. Now in Network and Sharing, it says 'Domain network' below my 'domain name'. I can get at all the resources now on this box.

I still have another two Windows 7 systems where it will not take the DHCP issued IP and takes the alternate non domain IP. The DHCP renews occur once per second. I now have a workaround, but I don't know is Windows Firewall or startup response is the issue. These are out-of-the box DELL computers with Windows 7 Pro pre-installed.

Thank you for the suggestions as it seemed to be a combination of still puzzling events.
It is not Windows firewall!  Even M$ is smarter than to block DHCP.
On one of the other systems, click Start and, in the search box, type CMD<CTRL-SHIFT-ENTER> which will open an elevated CMD window.  In it, type:
netsh winsock reset
netsh winsock reset catalog
netsh interface ip reset C:\interface-resetlog.txt
netsh interface reset all
netsh firewall reset
Reboot.

If that doesn't get it, change the system back to non-domain, then go to the device manager, delete the network card, and reboot to redetect it.
Avatar of maripro

ASKER

Argggg ....totally frustrated now. The Windows 7 box did not survive a reboot. In Network and Sharing Center, where it shows computer is connected to my 'domain name' and below it says 'Work network',  after reboot it says 'Unidentified network' and below it says 'Public network'. The problem has returned!

The docs say to go to Network and Sharing Center and choose a location. There is no where to get it back to the domain location or even to a work location.

Is this a domain issue and GPOs interfering somehow?  Why won't the Win 7 accept an IP that it had before and reverts to a non-domain IP.  If I assign a static IP, everything works fine. Crazy M$ again.

@DavisMcCarn - tried running script that did not have any effect
"netsh interface reset all" had an error, the reset all netsh ran.  
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of maripro

ASKER

Awarded points to information that led to a work around solution.