Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 397
  • Last Modified:

DHCP issues after imaging PCs

Windows Server 2003, GhostCast Server 11, Windows XP

We recently ghosted about 100 new computers with an image we have been using for about a year without an issue.  However, with these new computers they are showing up in our DHCP server with blank names.  The wierd thing is that after ghosting them they were changed to static IPs, but they are still showing up on DHCP server as leased even though you cannot ping that address.  If I delete them they just come right back.  I tracked the PCs down by the MAC and checked the bios setup and don't see anything different, wake on lan(off) or anything.  It's like the DHCP server cached the leased address during the ghost process and won't let them go.  Any ideas?

TIA
0
NDaZone
Asked:
NDaZone
1 Solution
 
Darius GhassemCommented:
Did you run NEWSID on systems to get a NEWSID?

Are the MAC addresses the same?
0
 
nsx106052Commented:
I would either run NEWSID or change the computer name after imaging.  
0
 
wsutton74Commented:
When finalizing your image, once you have your default profile set, run Sysprep with the Generalize option and shutdown option and then make the image. This will ensure that the computer is unique on your network when you deploy the image.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
NDaZoneAuthor Commented:
I was told that ours is setup to automatically assign a new SID, but I will check them.  And all the computers were renamed after imaging.
0
 
NDaZoneAuthor Commented:
I verified that the computer SIDs are different.
0
 
NDaZoneAuthor Commented:
All the computers have static IPs, different computer names and different SIDs.  However, their MAC addresses still show up in DHCP as blank names with the IP address that they were ghosted with.
0
 
discgmanCommented:
Did you check the arp table on the dhcp server. We had a problem here where the server wasnt releasing the arp table mac addresses. It would hang onto them which then was messing with the scope and the computers trying to talk to other servers.
0
 
NDaZoneAuthor Commented:
I looked at the arp table and there were a few of those computers in there as dynamic entries.  I cleared the arp table and even specifically deleted by IP and they still keep showing up in the DHCP leases.  I thought you were on to something with that one.
0
 
discgmanCommented:
Have you tried creating reservations in the scope instead of doing the static ip addresses?
0
 
NDaZoneAuthor Commented:
And that is the main issue.  We don't have statics in the DHCP scope, the client LAPTOPS are the only ones on DHCP (all desktops are static).  We have a lot of laptop users that move around between this office and others so it would be impossible to reserve IPs.  We keep running out of addresses already, but only because of these blank leases.  When a laptop user can't get on the network I go in and delete these and they're in.
0
 
discgmanCommented:
Leases are retained in the DHCP server database four hours after expiration.
This grace period protects a client lease in case the client and server are
in different time zones, the individual computer clocks are not
synchronized, or the client computer is off the network when the lease
expires. Expired leases are included in the list of active leases and are
distinguished by a different icon.

By default, the cleanup cycle occurs every 60 minutes. You can adjust the
duration of the default grace period after which an expired lease is marked
for deletion by editing the following key in the registry:

Here we go:

So you can remove the 4 hour grace period:
HKLM\System\CurrentControlSet\Services\DHCPServer\Parameters\LeaseExtension
Value Type: DWORD
Value Data: time in minutes

And make the cleanup interval smaller:
HKLM\System\CurrentControlSet\Services\DHCPServer\Parameters\DatabaseCleanupInterval
turn it to half (1e)
0
 
NDaZoneAuthor Commented:
That is true, but we have been having this issue for weeks now.  Every time I delete them they come right back after about ten minutes, most of the time renewing the lease with the same IP address.  However I cannot ping that IP address.  It's like the DHCP server receives the request and issues out an IP address but the client never obtains it because they are configured statically.

Back to your examples for future reference.  I have the registry entry for cleanup but not the grace period, is that one that should exist or one that needs to be created?

Thx
0
 
NDaZoneAuthor Commented:
One more note, if I telnet in to the clients default gateway, Cisco, and show arp....they show up in there as the same non-existing MAC-to-IP addresses as in DHCP.
0
 
discgmanCommented:
Remember to backup your registry anytime you make any changes and do so at your own risk!

Yes you can create this dword entry, then change the value time to adjust. See if that makes any difference in how the laptops are connecting to the network.
0
 
NDaZoneAuthor Commented:
Found the issue finally.  The new Dell computers we sent out have a hidden Wake on LAN feature.  during the POST you have to hit F2 to get into the Power Management/Remote wakeup features.  We turned it off in there and now our "Ghost" DHCP addresses are gone.

Discgman, giving you half the points just for sticking it out with me and helping.  Thanks man!!
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now