Solved

SBS2003 rras How do you clear rras proactive caching of DHCP address

Posted on 2011-03-11
10
1,064 Views
Last Modified: 2012-05-11
Have changed DHCP scope - rras continues to allocate from old scope - apparently rras caches 10   IP address on setup - these need clearing to prevent VPNs getting old cached IPs.

Can not find any documentation on this other than the description on the allocation process.

Any suggestions?
0
Comment
Question by:Oggle
  • 6
  • 3
10 Comments
 
LVL 4

Accepted Solution

by:
Scovndrel earned 500 total points
ID: 35112533
Option 1: Deactivate (do not delete) the old DHCP scope, restart the RRAS service. It will get addresses from the new scope on service startup.

Option 2 (Short term, no guarantees it will keep doing this): Temporarily stop DHCP service on old server, restart RRAS. RRAS will obtain IP addresses from new server. Then start DHCP on old server. There are no guarantees it will keep doing so in the future.

If you're migrating away from the old DHCP server, just deactivate the scope but keep the server service running until the address leases are cleared out naturally.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 35113383
As per my blog:
http://msmvps.com/blogs/robwill/archive/2008/05/09/rras-dhcp-options.aspx
yes DHCP reserves a block of 10 IP's for VPN clients as soon as the first user connects. There is no need to delete these unless you have changed the DHCP scope. To delete, simply right click on each lease in the DHCP console and chose delete. As per the blog article, if you need to reduce the default block of reserved IP's you can do so via the registry.
0
 
LVL 4

Expert Comment

by:Scovndrel
ID: 35113399
If you simply delete the lease in DHCP manager and the scope is still active, you could have an IP address conflict. Deleting it from the DHCP manager does not tell the computer (or service) that leased it to let go of it. So RRAS might assign that address to a VPN user, and meanwhile another workstation may have leased that IP because you made it available by deleting it from the lease list.
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 35113513
As mentioned the only reason to delete would be due to a change in the scope in which case there would be no risk of a conflict.
0
 
LVL 4

Expert Comment

by:Scovndrel
ID: 35113534
If the scope was changed properly (deactivate it and let the leases move over to the new one), and the RRAS service was restarted, there would be no need to delete them. They RRAS service would release them, communicating that to the old DHCP server, and the leases would vanish from the list.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 77

Expert Comment

by:Rob Williams
ID: 35113580
I am not certain but I did not think the reserved leases would be deleted with a scope change. If so great.
0
 
LVL 4

Expert Comment

by:Scovndrel
ID: 35113630
That is the function of "deactivating" the scope instead of stopping the DHCP server service or deleting the scope. It allows the DHCP clients to do a "clean" transition. The server service is still able to answer requests, but since the scope is deactivated, it sends the requesting client a "nack" which tells the client "nope, you can't renew that address that you leased earlier". The client then releases that address and goes looking for another DHCP server. Since the client/server communication is still able to happen, the server processes the fact that the DHCP client released the address, and updates its database with that information. Then the IP disappears from the list.

If you stop the DHCP server service, or delete the scope, then a very different (and undesirable) thing happens. In that scenario, since the DHCP client cannot reach the DHCP server to talk about renewing, it holds onto that lease and keeps retrying the renewal, in shorter and shorter intervals, until the lease finally expires. THEN it drops the address and goes looking for another one. So it takes longer to transition, and you have no visibility on leased IP addresses.

It is remotely possible that RRAS handles this differently, but I don't think so. I have not seen anything that would support that possibility.
0
 
LVL 4

Expert Comment

by:Scovndrel
ID: 35113648
I suppose that deleting the IPs that were released by the RRAS server would also result in a "nack" being sent to the RRAS server eventually, but you would lose visibility on it, and it would take extra time for this to happen, and you might get an IP conflict in the meantime. Better to do it by deactivating the scope and restarting RRAS - or simply deactivating the scope and waiting for RRAS to figure it out by itself eventually (if you don't want to restart RRAS and drop VPN connections), without possibility of IP conflict.
0
 

Author Comment

by:Oggle
ID: 35116296
Hi,

Scovndrel has got it - I thought by rebooting the server would have the same effect - apparently not - I had also excluded the old scope (reccommended by another site) using a superscope however stopping and starting RRAS fixed the issue - Thanks
0
 
LVL 4

Expert Comment

by:Scovndrel
ID: 35116817
Rebooting a workstation doesn't trigger a release/renew of the IP address either. Little known facts. Glad you got it sorted.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
Because virtualization becomes more and more common, and, with Microsoft Hyper-V included in Windows Server at no additional costs, and, most server hardware nowadays is more than capable of running a physical Small Business Server (SBS) 2008 or 201…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now