Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

BAD_ADDRESS in DHCP on a Server 2003 environment

Posted on 2011-09-16
8
Medium Priority
?
976 Views
Last Modified: 2012-05-12
I have a flat network running DHCP on a Server 2003 box. Just this week, I have been noticing my DHCP pool filling up with "BAD_ADDRESS" entries. These, obviously, have prevented users from logging on to the network. Wireshark lists some entries stating "Gratuitous ARP for 192.168.1.xxx - IP is already in use".  I have a mixture of XP and 7 computers in the environment. Like I said, this problem has just started recently and needs to be resolved ASAP. We also have Symantec Endpoint and VIPRE antiviruses in our environment. We also have a WatchGuard XTM505 on the perimeter.

Thanks in advance for any help with this issue!
0
Comment
Question by:jhaysbns
  • 5
  • 3
8 Comments
 
LVL 32

Expert Comment

by:aleghart
ID: 36552354
Step 1 - get rid of the 192.168.1.x numbering.  Same for 192.168.0.x

-- they are the two most common numbering schemes, and the default for 99% of all the routers, firewalls, WAPs, etc. out there.  Also, your home users will be bringing in their desktops & iPhones with the residual address from home (192.168.1.x).  And, your VPN users will have conflicts with routes determining what is local and what is remote.

I kept having errors with address in use, booting other computers off, or loss of DNS resolution all because of the shared numbering scheme with another network.
0
 
LVL 32

Expert Comment

by:aleghart
ID: 36552360
You can also look for other DHCP servers with an overlapping scope.  Could be your wireless router, VPN appliance, or a rogue WAP.

DHCPLOC
http://technet.microsoft.com/en-us/library/cc759117(WS.10).aspx

0
 

Author Comment

by:jhaysbns
ID: 36552996
I agree with you on the scope, but unfortunately, this is a school and that's a little more of an undertaking than we can handle at this moment.

Only one of our servers acts as the DHCP, but we do have a wireless router in the cafeteria that could have been unplugged or "altered". It's on a 50.x network but there's always that possibility that DHCP got activated somehow. I will check it out first thing in the morning and report back.

Thanks for the reply.
0
Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

 
LVL 32

Expert Comment

by:aleghart
ID: 36554720
A school...a rogue wireless access point is highly possible. Could be a staffer or student.  Little Apple units are the size of a deck of cards...it might be overlooked as a charging plug.

If you're serving DHCP to _all_ authorized devices, changing the scope should be simple.  Might take a reboot if some appliances and updating any links hard-coded with IP address instead of host name.  But, not something I'd want to tackle as people are getting settled into the beginning if a session.
0
 

Accepted Solution

by:
jhaysbns earned 0 total points
ID: 36555349
We found the problem - it took a little time but we tracked it down.  The school is 3 campus locations connected via fiber and through process of elimination we took a campus at a time and turned all systems and watched the DHCP server. For two of the three locations we received no errors but once we went to the third and turned on the systems we flooded the DHCP server with Bad Addresses.  We started to eliminate systems and tracked it down to 2 "re purposed" PC's in the library.  When we removed them from the wire, the DHCP server behaved fine.  When we reintroduced them, the server flooded with bad addresses.  We took the two system to a different campus (to make sure we could reproduce the problem) and no matter where we plugged them in they flooded the server with bad addresses and would not obtain an address.  

We even tried disabling the on board nic's on these systems and used a USB nic to try to get them working -- it didn't matter, something with these two systems is shorted out and causing interference on the network.  We finally removed them, fired up all the campus locations and everything is working fine.

Thanks to all who added comments, we were at a point were we felt we were missing the obvious and had to post on EE to see if you all could help us track down the problem.

Not sure how to award points -- suggestions?
0
 
LVL 32

Expert Comment

by:aleghart
ID: 36555439
You can choose your own answer as the most correct.  It would be archived for others to see in the future, an possibly help them.   Most people will go to the answers marked "accepted" first, then the assists.

While other suggestions are valid, your own solution was the best.
0
 
LVL 32

Expert Comment

by:aleghart
ID: 36555440
You can choose your own answer as the most correct.  It would be archived for others to see in the future, an possibly help them.   Most people will go to the answers marked "accepted" first, then the assists.

While other suggestions are valid, your own solution was the best.
0
 

Author Closing Comment

by:jhaysbns
ID: 36708052
We found our own problem so we are accepting our own answer.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
Learn how to PXE Boot both BIOS & UEFI machines with DHCP Policies and Custom Vendor Classes
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses
Course of the Month11 days, 20 hours left to enroll

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question