Solved

Windows 2003 DHCP fills up with BAD_ADDRESS

Posted on 2012-03-12
17
627 Views
Last Modified: 2012-04-09
Hi experts :)

I have a serious problem with my DHCP Servers.

We just have move from site A to site B, this is the context.
We have 2 DHCP servers :

- The first one serving from 10.192.240.10 to 10.192.240.199 (mask 255.255.0.0)
- The second one serving from 10.192.241.10 to 10.192.241.199 (mask 255.255.0.0)

Since we have moved, the two scopes are filled in of BAD_ADDRESS.
This never appears before. It's very strange because the mac address corresponding to the BAD_ADDRESS are not coherent... eg :

10.192.240.40     BAD_ADDRESS     28f0c00a
10.192.240.41     BAD_ADDRESS     29f0c00a
10.192.240.46     BAD_ADDRESS     2ef0c00a
10.192.240.49     BAD_ADDRESS     31f0c00a

This is an exemple from the firs DHCP server. The second one experienced the same problem. As a consequence, when the scope is full, workstations can not connect to the network.

When I try to purge manualy the BAD_ADDRESS, they come back several minutes after...

Any idea ?

Thanks in advance for your help.

Vincent.
0
Comment
Question by:coolvince
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 11
  • 5
17 Comments
 

Author Comment

by:coolvince
ID: 37710687
Another precision : all BAD_ADDRESS are not pingable.
0
 
LVL 7

Expert Comment

by:frajico
ID: 37710702
Do you have any Cisco ASA with DHCP Relay enabled?

Are you sure you have the masks right? Should not be both 255.255.255.0?
0
 

Author Comment

by:coolvince
ID: 37710743
Hi Frajico,

No. I don't have any Cisco devices on my network. Switches are HP. Routers are Juniper.
Yes I'm sure of the subnets.

All nodes on the network are masked as 255.255.0.0 but we are using 10.192.240.x 10.192.241.x
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 

Author Comment

by:coolvince
ID: 37710755
The explication of the subnet is that before we had 2 physical sites A and B :

- A was 10.192.240.0 /24
- B was 10.192.241.0 /24

When A and B have merged, we only change the subnet mask to /16.
0
 
LVL 7

Expert Comment

by:Martin81
ID: 37712532
If you right click the scope and look at statistics do you see the number of Nacks increasing? If you do turning on conflict detection may help with that but if you can't ping the address maybe not. If the number of nacks isn't increasing reconciling the scope may help, right click the scope and choose reconcile.
0
 

Author Comment

by:coolvince
ID: 37713945
Hi Martin81,

I don't know for the Nacks because I've just made a test : I have turn off conflict detection (value to 0) and restarted the DHCP service. When I do that, there is no problem ! Workstation are able to retrieve Ip address and everything works fine !

It seems that the problem is on the Conflict detection, the value was at 5 before...

Since I've done that, there is no BAD_ADDRESS and no Nacks on the statistics.
In fact, the BAD_ADDRESS on the server when the value is 5 are not real IP address, there is no corresponding physical nodes...

Very strange behavior...
0
 

Author Comment

by:coolvince
ID: 37714664
Correction, the problem went back. :(
Resetting the Conflict detection value to 0 does not solve the problem.

Any help ?
0
 

Author Comment

by:coolvince
ID: 37716029
An update :

Some (not all) clients running Windows 7 have been unable to attain an IP address.
What actually seems to happen is the client computer gets an address for a few seconds and then goes back to looking for an address and this repeats endlessly. Each time the client gets a new address the DHCP server lists the address that the client had as a "BAD_ADDRESS". This eventually will fill up the entire scope of the DHCP server leaving no addresses...

???
0
 
LVL 7

Expert Comment

by:frajico
ID: 37716377
Check if there is any other DHCP server on the network with DHCPExplorer ....
0
 

Author Comment

by:coolvince
ID: 37716394
I can confirm there is not.
0
 
LVL 7

Expert Comment

by:frajico
ID: 37716445
Are you completely sure there are no toher DHCP server you don't know? I found on my network a DHCP Server working in a new equipment installed (not configured or misconfigured and connected to the network with a DHCO server enabled)

Have you any router or any equipment with ARP cache enabled? Disable it.
0
 
LVL 7

Expert Comment

by:frajico
ID: 37716453
Which Antivirus software do you have on the servers and  on the PCs? Symantec? Symantec Endpoint Protection, specifically the Network Threat Protection component could cause this.
0
 
LVL 7

Expert Comment

by:frajico
ID: 37716482
a very silly question (sorry for mention)... on the first DHCP server, did you explicit exclude the IP scope (IP range) served on the second DHCP server, and in the second server, did you explicit exclude the IP scope (IP Range) range served on the first server?
0
 

Author Comment

by:coolvince
ID: 37716650
Yes, I'm sure there are no other DHCP server on my LAN. I've turned off both DHCP servers and tried to request an IP from an XP machine that works fine, and no IP was delivered...

I have no exclusion ob any of my 2 DHCP servers as they are not serving the same IP range.
The first one serve 10.192.240.x /16 and the second one serve 10.192.241.x /16

I've read a lot of helpful information about new telephony equipment that have generated this behavior. I'm wondering if mine (a new one freshly installed) is properly configured refered to that problem.

By the way, i've also tried to reset all Wins database and deleted all dynamic A records in my DNS server. Since I've done that, the Windows 7 PC I used for tests can properly have a DHCP assigned IP ! This is not definitive but it seems to be better since that change. I have to wait to definitely be sure...

In fact, it serms that the client PC asked the DHCP for an IP, the Server gived the IP and the client PC finaly decline the IP ! But it seems to be declined because of the DNS registering that has not been successful...

I keep you posted. It's time to go home for me now ! ;)))
0
 

Author Comment

by:coolvince
ID: 37724134
Bad news... It goes on.

I had doubt about the HP NIC teaming on both DHCP servers so, I've dissolved the teaming but it goes on... :(((

The probleme is still present.

Any idea ?
0
 

Accepted Solution

by:
coolvince earned 0 total points
ID: 37806659
Ok, the problem is solved.
A bomb attack had completely destroyed the site ! :)))

No, it's a joke ! ;))) But the problem is solved. It was an unconfigured TOSHIBA photocopier that was plugged on the network !!!!!

You unplug the photocopier, problem is solved !
You plug it again, it goes on....

Cheers.
0
 

Author Closing Comment

by:coolvince
ID: 37822718
Because I've found by myself.
0

Featured Post

[Webinar] Learn How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question