Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

BAD_ADDRESS in DHCP on a Server 2003 environment

Posted on 2011-09-16
8
Medium Priority
?
972 Views
Last Modified: 2012-05-12
I have a flat network running DHCP on a Server 2003 box. Just this week, I have been noticing my DHCP pool filling up with "BAD_ADDRESS" entries. These, obviously, have prevented users from logging on to the network. Wireshark lists some entries stating "Gratuitous ARP for 192.168.1.xxx - IP is already in use".  I have a mixture of XP and 7 computers in the environment. Like I said, this problem has just started recently and needs to be resolved ASAP. We also have Symantec Endpoint and VIPRE antiviruses in our environment. We also have a WatchGuard XTM505 on the perimeter.

Thanks in advance for any help with this issue!
0
Comment
Question by:jhaysbns
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 32

Expert Comment

by:aleghart
ID: 36552354
Step 1 - get rid of the 192.168.1.x numbering.  Same for 192.168.0.x

-- they are the two most common numbering schemes, and the default for 99% of all the routers, firewalls, WAPs, etc. out there.  Also, your home users will be bringing in their desktops & iPhones with the residual address from home (192.168.1.x).  And, your VPN users will have conflicts with routes determining what is local and what is remote.

I kept having errors with address in use, booting other computers off, or loss of DNS resolution all because of the shared numbering scheme with another network.
0
 
LVL 32

Expert Comment

by:aleghart
ID: 36552360
You can also look for other DHCP servers with an overlapping scope.  Could be your wireless router, VPN appliance, or a rogue WAP.

DHCPLOC
http://technet.microsoft.com/en-us/library/cc759117(WS.10).aspx

0
 

Author Comment

by:jhaysbns
ID: 36552996
I agree with you on the scope, but unfortunately, this is a school and that's a little more of an undertaking than we can handle at this moment.

Only one of our servers acts as the DHCP, but we do have a wireless router in the cafeteria that could have been unplugged or "altered". It's on a 50.x network but there's always that possibility that DHCP got activated somehow. I will check it out first thing in the morning and report back.

Thanks for the reply.
0
Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

 
LVL 32

Expert Comment

by:aleghart
ID: 36554720
A school...a rogue wireless access point is highly possible. Could be a staffer or student.  Little Apple units are the size of a deck of cards...it might be overlooked as a charging plug.

If you're serving DHCP to _all_ authorized devices, changing the scope should be simple.  Might take a reboot if some appliances and updating any links hard-coded with IP address instead of host name.  But, not something I'd want to tackle as people are getting settled into the beginning if a session.
0
 

Accepted Solution

by:
jhaysbns earned 0 total points
ID: 36555349
We found the problem - it took a little time but we tracked it down.  The school is 3 campus locations connected via fiber and through process of elimination we took a campus at a time and turned all systems and watched the DHCP server. For two of the three locations we received no errors but once we went to the third and turned on the systems we flooded the DHCP server with Bad Addresses.  We started to eliminate systems and tracked it down to 2 "re purposed" PC's in the library.  When we removed them from the wire, the DHCP server behaved fine.  When we reintroduced them, the server flooded with bad addresses.  We took the two system to a different campus (to make sure we could reproduce the problem) and no matter where we plugged them in they flooded the server with bad addresses and would not obtain an address.  

We even tried disabling the on board nic's on these systems and used a USB nic to try to get them working -- it didn't matter, something with these two systems is shorted out and causing interference on the network.  We finally removed them, fired up all the campus locations and everything is working fine.

Thanks to all who added comments, we were at a point were we felt we were missing the obvious and had to post on EE to see if you all could help us track down the problem.

Not sure how to award points -- suggestions?
0
 
LVL 32

Expert Comment

by:aleghart
ID: 36555439
You can choose your own answer as the most correct.  It would be archived for others to see in the future, an possibly help them.   Most people will go to the answers marked "accepted" first, then the assists.

While other suggestions are valid, your own solution was the best.
0
 
LVL 32

Expert Comment

by:aleghart
ID: 36555440
You can choose your own answer as the most correct.  It would be archived for others to see in the future, an possibly help them.   Most people will go to the answers marked "accepted" first, then the assists.

While other suggestions are valid, your own solution was the best.
0
 

Author Closing Comment

by:jhaysbns
ID: 36708052
We found our own problem so we are accepting our own answer.
0

Featured Post

Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A Cisco router can be configured as a DHCP Server. There are advantages and disadvantages in making your Cisco router work as DHCP Server. Almost all the features for windows DHCP can be configured on Cisco-based DHCP server. Some of the features me…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Want to learn how to record your desktop screen without having to use an outside camera. Click on this video and learn how to use the cool google extension called "Screencastify"! Step 1: Open a new google tab Step 2: Go to the left hand upper corn…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question