Solved

DHCP issues after imaging PCs

Posted on 2011-03-07
15
383 Views
Last Modified: 2012-05-11
Windows Server 2003, GhostCast Server 11, Windows XP

We recently ghosted about 100 new computers with an image we have been using for about a year without an issue.  However, with these new computers they are showing up in our DHCP server with blank names.  The wierd thing is that after ghosting them they were changed to static IPs, but they are still showing up on DHCP server as leased even though you cannot ping that address.  If I delete them they just come right back.  I tracked the PCs down by the MAC and checked the bios setup and don't see anything different, wake on lan(off) or anything.  It's like the DHCP server cached the leased address during the ghost process and won't let them go.  Any ideas?

TIA
0
Comment
Question by:NDaZone
15 Comments
 
LVL 59

Expert Comment

by:Darius Ghassem
Comment Utility
Did you run NEWSID on systems to get a NEWSID?

Are the MAC addresses the same?
0
 
LVL 12

Expert Comment

by:nsx106052
Comment Utility
I would either run NEWSID or change the computer name after imaging.  
0
 

Expert Comment

by:wsutton74
Comment Utility
When finalizing your image, once you have your default profile set, run Sysprep with the Generalize option and shutdown option and then make the image. This will ensure that the computer is unique on your network when you deploy the image.
0
 

Author Comment

by:NDaZone
Comment Utility
I was told that ours is setup to automatically assign a new SID, but I will check them.  And all the computers were renamed after imaging.
0
 

Author Comment

by:NDaZone
Comment Utility
I verified that the computer SIDs are different.
0
 

Author Comment

by:NDaZone
Comment Utility
All the computers have static IPs, different computer names and different SIDs.  However, their MAC addresses still show up in DHCP as blank names with the IP address that they were ghosted with.
0
 
LVL 9

Expert Comment

by:discgman
Comment Utility
Did you check the arp table on the dhcp server. We had a problem here where the server wasnt releasing the arp table mac addresses. It would hang onto them which then was messing with the scope and the computers trying to talk to other servers.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:NDaZone
Comment Utility
I looked at the arp table and there were a few of those computers in there as dynamic entries.  I cleared the arp table and even specifically deleted by IP and they still keep showing up in the DHCP leases.  I thought you were on to something with that one.
0
 
LVL 9

Expert Comment

by:discgman
Comment Utility
Have you tried creating reservations in the scope instead of doing the static ip addresses?
0
 

Author Comment

by:NDaZone
Comment Utility
And that is the main issue.  We don't have statics in the DHCP scope, the client LAPTOPS are the only ones on DHCP (all desktops are static).  We have a lot of laptop users that move around between this office and others so it would be impossible to reserve IPs.  We keep running out of addresses already, but only because of these blank leases.  When a laptop user can't get on the network I go in and delete these and they're in.
0
 
LVL 9

Expert Comment

by:discgman
Comment Utility
Leases are retained in the DHCP server database four hours after expiration.
This grace period protects a client lease in case the client and server are
in different time zones, the individual computer clocks are not
synchronized, or the client computer is off the network when the lease
expires. Expired leases are included in the list of active leases and are
distinguished by a different icon.

By default, the cleanup cycle occurs every 60 minutes. You can adjust the
duration of the default grace period after which an expired lease is marked
for deletion by editing the following key in the registry:

Here we go:

So you can remove the 4 hour grace period:
HKLM\System\CurrentControlSet\Services\DHCPServer\Parameters\LeaseExtension
Value Type: DWORD
Value Data: time in minutes

And make the cleanup interval smaller:
HKLM\System\CurrentControlSet\Services\DHCPServer\Parameters\DatabaseCleanupInterval
turn it to half (1e)
0
 

Author Comment

by:NDaZone
Comment Utility
That is true, but we have been having this issue for weeks now.  Every time I delete them they come right back after about ten minutes, most of the time renewing the lease with the same IP address.  However I cannot ping that IP address.  It's like the DHCP server receives the request and issues out an IP address but the client never obtains it because they are configured statically.

Back to your examples for future reference.  I have the registry entry for cleanup but not the grace period, is that one that should exist or one that needs to be created?

Thx
0
 

Author Comment

by:NDaZone
Comment Utility
One more note, if I telnet in to the clients default gateway, Cisco, and show arp....they show up in there as the same non-existing MAC-to-IP addresses as in DHCP.
0
 
LVL 9

Accepted Solution

by:
discgman earned 500 total points
Comment Utility
Remember to backup your registry anytime you make any changes and do so at your own risk!

Yes you can create this dword entry, then change the value time to adjust. See if that makes any difference in how the laptops are connecting to the network.
0
 

Author Comment

by:NDaZone
Comment Utility
Found the issue finally.  The new Dell computers we sent out have a hidden Wake on LAN feature.  during the POST you have to hit F2 to get into the Power Management/Remote wakeup features.  We turned it off in there and now our "Ghost" DHCP addresses are gone.

Discgman, giving you half the points just for sticking it out with me and helping.  Thanks man!!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now