Solved

BAD_ADDRESS in DHCP on a Server 2003 environment

Posted on 2011-09-16
8
961 Views
Last Modified: 2012-05-12
I have a flat network running DHCP on a Server 2003 box. Just this week, I have been noticing my DHCP pool filling up with "BAD_ADDRESS" entries. These, obviously, have prevented users from logging on to the network. Wireshark lists some entries stating "Gratuitous ARP for 192.168.1.xxx - IP is already in use".  I have a mixture of XP and 7 computers in the environment. Like I said, this problem has just started recently and needs to be resolved ASAP. We also have Symantec Endpoint and VIPRE antiviruses in our environment. We also have a WatchGuard XTM505 on the perimeter.

Thanks in advance for any help with this issue!
0
Comment
Question by:jhaysbns
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 32

Expert Comment

by:aleghart
ID: 36552354
Step 1 - get rid of the 192.168.1.x numbering.  Same for 192.168.0.x

-- they are the two most common numbering schemes, and the default for 99% of all the routers, firewalls, WAPs, etc. out there.  Also, your home users will be bringing in their desktops & iPhones with the residual address from home (192.168.1.x).  And, your VPN users will have conflicts with routes determining what is local and what is remote.

I kept having errors with address in use, booting other computers off, or loss of DNS resolution all because of the shared numbering scheme with another network.
0
 
LVL 32

Expert Comment

by:aleghart
ID: 36552360
You can also look for other DHCP servers with an overlapping scope.  Could be your wireless router, VPN appliance, or a rogue WAP.

DHCPLOC
http://technet.microsoft.com/en-us/library/cc759117(WS.10).aspx

0
 

Author Comment

by:jhaysbns
ID: 36552996
I agree with you on the scope, but unfortunately, this is a school and that's a little more of an undertaking than we can handle at this moment.

Only one of our servers acts as the DHCP, but we do have a wireless router in the cafeteria that could have been unplugged or "altered". It's on a 50.x network but there's always that possibility that DHCP got activated somehow. I will check it out first thing in the morning and report back.

Thanks for the reply.
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
LVL 32

Expert Comment

by:aleghart
ID: 36554720
A school...a rogue wireless access point is highly possible. Could be a staffer or student.  Little Apple units are the size of a deck of cards...it might be overlooked as a charging plug.

If you're serving DHCP to _all_ authorized devices, changing the scope should be simple.  Might take a reboot if some appliances and updating any links hard-coded with IP address instead of host name.  But, not something I'd want to tackle as people are getting settled into the beginning if a session.
0
 

Accepted Solution

by:
jhaysbns earned 0 total points
ID: 36555349
We found the problem - it took a little time but we tracked it down.  The school is 3 campus locations connected via fiber and through process of elimination we took a campus at a time and turned all systems and watched the DHCP server. For two of the three locations we received no errors but once we went to the third and turned on the systems we flooded the DHCP server with Bad Addresses.  We started to eliminate systems and tracked it down to 2 "re purposed" PC's in the library.  When we removed them from the wire, the DHCP server behaved fine.  When we reintroduced them, the server flooded with bad addresses.  We took the two system to a different campus (to make sure we could reproduce the problem) and no matter where we plugged them in they flooded the server with bad addresses and would not obtain an address.  

We even tried disabling the on board nic's on these systems and used a USB nic to try to get them working -- it didn't matter, something with these two systems is shorted out and causing interference on the network.  We finally removed them, fired up all the campus locations and everything is working fine.

Thanks to all who added comments, we were at a point were we felt we were missing the obvious and had to post on EE to see if you all could help us track down the problem.

Not sure how to award points -- suggestions?
0
 
LVL 32

Expert Comment

by:aleghart
ID: 36555439
You can choose your own answer as the most correct.  It would be archived for others to see in the future, an possibly help them.   Most people will go to the answers marked "accepted" first, then the assists.

While other suggestions are valid, your own solution was the best.
0
 
LVL 32

Expert Comment

by:aleghart
ID: 36555440
You can choose your own answer as the most correct.  It would be archived for others to see in the future, an possibly help them.   Most people will go to the answers marked "accepted" first, then the assists.

While other suggestions are valid, your own solution was the best.
0
 

Author Closing Comment

by:jhaysbns
ID: 36708052
We found our own problem so we are accepting our own answer.
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wondered why you had to use DHCP options (dhcp opt 60, 66 or 67) in order to use PXE? Well, you don't!
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question