DHCP scope issue

Hi everyone,

We have a Server running Server 2003, SP2 with DHCP.  The scope is currently defined from to  We only have about 60 client computers that are using the DHCP ip addresses.

The problem that I am having right now is that the DHCP scope ip addres are not being used properly. DHCP ip leases as follows: to to to to

As you can see there are many ip addresses skipped in the DHCP ip leases.  As a result, I am getting warning messages on the server that it is running out of available ip addresses.  Please note that I am not able to ping any missing ip addresses (I assume they are not in use).

1. How can I make sure the DHCP utilizes the ip addresses properly without skipping?

Thanks for all your help in advance.
Have happy holidays!
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I have seen DHCP servers hand out IP addresses in random order before.  What you should be looking at is the lease duration and making sure that the clients are actually releasing their IP addres when they are not on the network.  If, for instance, the clients are laptops which get a lease and then are removed from the network abruptly the lease will be active until the duration has expired thereby holding up an IP address for a computer that is not around.  If your clients are stable (not disconnecting from your network) and you are still running out of leases check your statistics on the server and look for irregularities such as an inordinate number of DHCPRequests.  Also make sure your DHCP server binding is set to the proper nic if it is multi-homed.

Hope this helps!
RomoloIT Pro, Projects, Mentor, TrainerCommented:
I would not have though you would be running out of IPs as the lease is normally only 8 days then renews and that IP releases..

Do you have any reservations to MAC addresses?

Is your lease 8 days .... ?

This should not be a problem for you unless many other devices were connecting and using IP's

BeerTimeAuthor Commented:
Thanks, the lease duration for DHCP client is: 8 days and we have over 95% desktops that are always on the network.  The DHCP binding is pointing to the correct nic card.  please see the DHCP statistics below:

Rowby Goren Makes an Impact on Screen and Online

Learn about longtime user Rowby Goren and his great contributions to the site. We explore his method for posing questions that are likely to yield a solution, and take a look at how his career transformed from a Hollywood writer to a website entrepreneur.

BeerTimeAuthor Commented:
No reserved MAC address for this scope.
Krzysztof PytkoSenior Active Directory EngineerCommented:

what about excluded IP addresses, do you have them configured in scope?

BeerTimeAuthor Commented:
No, there is no exclusion.
Krzysztof PytkoSenior Active Directory EngineerCommented:
OK then. Try to reconcile DHCP database first. Open DHCP console, select scope and click on it right mouse button, choose "Reconcile" and then "Verify" button

Check what happens.


What is the subnet mask assigned?
BeerTimeAuthor Commented:
Thanks, I've tried to reconcile and getting "the database is consistent"
The subnet mask assigned is

I think the main problem to the DHCP scope is caused by RAS server we have for VPN connection.

The RAS - DHCP scope is defined as follows: to /24

What I've noticed is that some of the RAS clients that are using the DHCP scope defined on another server for internal clients to /24  Also, some of the internal clients are using the DHCP scope defined for RAS on another server.

Q: How can I keep RAS clients separate from internal DHCP scope and vice versa?

Q: Does it cause any issues if I just deactive the existing internal DHCP scope, and re-create another similar scope so the IP addresses can be properly used in an incremental order (without skipping any IP addresses as I mentioned in my original post)?

Krzysztof PytkoSenior Active Directory EngineerCommented:
AD1) you have to define on DHCP server exclusion pool for RRAS, and on RRAS define static addresses from to pool instead of pointing to DHCP server.

AD2) You will loose all DHCP database leases, and you will need to enable IP address conflict detection, because few clients can receive the same IP. But of course you can do that, just only remember to enable address conflict detection.

If you need assistance, let me know.


Define other Scope of private IP's for RRAS server (2nic required) and use the route add eg:
BeerTimeAuthor Commented:
Thanks Krzysztof! can you give me more info on AD1..?
currently the RRAS is defined with to with an exclusion of to so it should only use 19 ip addresses.  How can I assign static ip to the RAS clients without knowing who will connect via VPN?

The internal DHCP server is defined with to
If the DHCP server is handing out 100-250 then all you need to do is define a range of addresses that will be handed out by the RRAS server you really don't need to have a seperate scope set up for this.  You can do this in the RRAS conole if I remember correctly by rt clicking on the server name and hitting the Properties dialog box and the going to the IP tab.  You can then choose to let DHCP take care of the IP addresses or enter a static range of addresses. (see pic)  If you let RRAS grab from DHCP it just takes a block of addresses even though it may have not handed them out.  That may be why you have holes missing in your list of leases.

Let us know if you need anything else. RRAS IPs
BeerTimeAuthor Commented:
Thanks for the quick response! I will try your suggestion and let you know if I run into any issues.  Thanks!
Krzysztof PytkoSenior Active Directory EngineerCommented:
Yup, this is the correct way described by Fingo :) But you have to ensure that given static IP pool is out of your DHCP pool or you have to set up on DHCP server exclusion range for those VPN IPs

BeerTimeAuthor Commented:
Thanks Krzysztof. Just to be clear, if the DHCP scope is to and I want RRAS to use from to;

Do I need to exclude to from the DHCP range because it is used by RRAS? or am I missing something? (All servers static ip address are not included in the DHCP scope)

Thanks for your help.
Krzysztof PytkoSenior Active Directory EngineerCommented:
Hi, yes you should exclude this pool. Because DHCP server doesn't know that it should not issue these addresses. When someone connects over VPN then you want to be sure that DHCP doesn't issue the same IP address to other PC in your network to prevent IP address conflict. So, exclude range to on DHCP and everything will work fine :)

BeerTimeAuthor Commented:
That's good! Thanks again for your help.
Krzysztof PytkoSenior Active Directory EngineerCommented:
You're welcome :)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BeerTimeAuthor Commented:
Thanks for all your help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.