Solved

DHCP Pool modified.  By itself?

Posted on 2011-03-09
7
513 Views
Last Modified: 2012-05-11
Hey experts,

Had a really strange issue yesterday that brought me down to my knees for a better part of the day and was wondering if anyone had run into this before or would have some guidance for me to track down the cause.

My DHCP server tweaked out and changed its pool from issuing:

10.228.3.1 - 10.228.3.254
255.255.0.0
-TO-
10.228.0.1 - 10.228.0.254
255.255.255.0

The other thing I noticed is the static IP I set to my server also changed its subnet to 255.255.255.0

I'm not sure when this all started happening but all hell broke lose when I did an entire network reboot (clients included) after out T1 went down.

I tried doing a Malwarebytes scan and come up with nothing but I'm not ruling out malware just yet.
0
Comment
Question by:Cruizectrl
7 Comments
 
LVL 77

Expert Comment

by:arnold
ID: 35089558
You have a single Class C 10.228.3.2-10.228.3.254 while your netmask is 255.255.0.0.
It is unlikely that it changed by itself.  Someone else must have changed it.
You can use netsh dhcp to change and load  a different configuration.
If you have auditing enabled on your system, you can look at the system/security/DHCP  log to see who and when it changed.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 35089633
Is this SBS 2008 or 2011? The wizards will do this to you as it does not support anything but a /24 ( 255.255.255.0) subnet.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 35089644
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 1

Author Comment

by:Cruizectrl
ID: 35092490
Thats exactly whats strange...  

I used a single class C because I wanted all my clients using 3.xxx, servers and printers are set static with 1.xxx and 4.xxx ect and its been leasing that way from 2003 all the way through my sbs 2008 upgrade 2 years ago.  I'm the only Admin so nobody changed it.  and it changed BOTH subnet and put the range using 0.1 - 0.254.

I was also under the impression that once you have it running.  You're unable to change the subnet mask (since it was greyed out when I looked at it).  So I wound up having to delete the pool and make a new one from scratch.

(Shrug)
0
 
LVL 77

Accepted Solution

by:
Rob Williams earned 500 total points
ID: 35095146
Class B subnets or subnet masks are not supported by SBS 2008 unfortunately, and it is documented. The wizards when you set the server up should have warned you, unless you avoided the wizards. They will on a clean install but not certain on a migration. The BPA, which is always a good idea to run, will also warn you.
http://www.microsoft.com/downloads/en/details.aspx?familyid=86a1aa32-9814-484e-bd43-3e42aec7f731&displaylang=en

Regardless a few people have reported SBS 'automagically' changing it on your behalf. It can happen under various conditions, one being the Fix My Network wizard, but I believe in many other situations as well. It can be a major interruption while you locate and fix the problem.
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 36283843
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

792 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question