Solved

Network dropping out, duplicate SBS 2011 server DHCP

Posted on 2013-01-29
25
963 Views
Last Modified: 2013-02-04
Hi had a few update issues with SBS 2011 server but fixed it then suddenly all users drop off network.

Server connects to wall socket and creates network and router connects to wallsocket and I can get Internet access on the server.

All users slowly dropped out, connected to different switches and wall sockets.

Any ideas? Pushed 46 updates through previously, could they have caused it?
0
Comment
Question by:ronnie10165
  • 11
  • 5
  • 5
  • +2
25 Comments
 

Author Comment

by:ronnie10165
ID: 38830262
I am reading a lot about recent Windows updates and IPv6
We have it disabled
0
 

Author Comment

by:ronnie10165
ID: 38830488
See multiple dhcp address
Tagserver is meant to be 192.168.16.2

Anyone?

Client IP Address      Name      Lease Expiration      Type      Unique ID      Description      Network Access Protection      Probation Expiration      Filter Profile
192.168.16.11      LT04.tag.local      2/2/2013 7:42:29 AM      DHCP      0050b64abd86            Full Access      N/A      None
192.168.16.12      LT03.tag.local      2/2/2013 8:25:41 AM      DHCP      00266ca11268            Full Access      N/A      None
192.168.16.13      LT03.tag.local      2/2/2013 8:25:47 AM      DHCP      4ceddee8d552            Full Access      N/A      None
192.168.16.14      TAGSERVER.tag.local      2/6/2013 4:52:05 PM      DHCP      RAS            Full Access      N/A      None
192.168.16.15      TAGSERVER.tag.local      2/6/2013 4:55:45 PM      DHCP      RAS            Full Access      N/A      None
192.168.16.16      TAGSERVER.tag.local      2/6/2013 4:55:45 PM      DHCP      RAS            Full Access      N/A      None
192.168.16.17      TAGSERVER.tag.local      2/6/2013 4:55:45 PM      DHCP      RAS            Full Access      N/A      None
192.168.16.18      TAGSERVER.tag.local      2/6/2013 4:55:45 PM      DHCP      RAS            Full Access      N/A      None
192.168.16.19      GRAPHICS2-PC.tag.local      2/6/2013 5:34:35 PM      DHCP      5404a6191f18            Full Access      N/A      None
192.168.16.20      SamsungOffice      Reservation (inactive)      None      00159983d54e      Samsung CLX 6220 FX      Full Access      N/A      None
192.168.16.21      TAGSERVER.tag.local      2/6/2013 4:55:45 PM      DHCP      RAS            Full Access      N/A      None
192.168.16.22      TRACY-LAPTOP.tag.local      2/2/2013 7:21:46 AM      DHCP      e89d8709ae29            Full Access      N/A      None
192.168.16.23            2/2/2013 7:27:02 AM      DHCP      980c82cf65a7            Full Access      N/A      None
192.168.16.24      amb-server.      2/4/2013 7:12:13 PM      DHCP      90e6ba545b6c            Full Access      N/A      None
192.168.16.25      DESIGN1.tag.local      1/30/2013 8:25:05 AM      DHCP      5404a6191f26            Full Access      N/A      None
192.168.16.26      SALESDESK1.tag.local      2/2/2013 3:55:24 PM      DHCP      c44619a751ad            Full Access      N/A      None
192.168.16.27      Admins-iPad.tag.local      2/2/2013 1:56:14 PM      DHCP      f41ba17eed15            Full Access      N/A      None
192.168.16.28      LT05.tag.local      2/5/2013 12:57:38 PM      DHCP      00266ca98e82            Full Access      N/A      None
192.168.16.29      FLETCHER-LAPTOP.tag.local      2/1/2013 10:49:33 AM      DHCP      ea9d878f3925            Full Access      N/A      None
192.168.16.30      SamsungGraphics      Reservation (inactive)      None      00159983d54b            Full Access      N/A      None
192.168.16.31            2/1/2013 4:02:05 PM      DHCP      5855ca76e714            Full Access      N/A      None
192.168.16.32      iPhone.tag.local      2/2/2013 3:51:02 PM      DHCP      40b3951c948a            Full Access      N/A      None
192.168.16.33      LT08.tag.local      2/4/2013 11:12:32 AM      DHCP      4cedde116c5d            Full Access      N/A      None
192.168.16.34      graphics-pc.      2/2/2013 9:28:36 AM      DHCP      001d6049ab25            Full Access      N/A      None
192.168.16.35            2/6/2013 4:55:38 PM      DHCP      e0f84776dfc6            Full Access      N/A      None
192.168.16.39      LT06.tag.local      2/3/2013 3:12:47 AM      DHCP      00266c8a2011            Full Access      N/A      None
192.168.16.40      SamsungSales      Reservation (inactive)      None      00159983d543            Full Access      N/A      None
192.168.16.43      LT02.tag.local      2/2/2013 7:38:08 AM      DHCP      00266ca992d8            Full Access      N/A      None
192.168.16.59            2/2/2013 5:01:54 PM      DHCP      74e2f54a4386            Full Access      N/A      None
192.168.16.60      SamsungDespatch      Reservation (inactive)      None      0015999e2709            Full Access      N/A      None
192.168.16.68      Life.tag.local      1/30/2013 12:11:26 PM      DHCP      04f7e44fd06f            Full Access      N/A      None
192.168.16.69      WNDR4500.tag.local      2/2/2013 7:35:11 AM      DHCP      74440150665e            Full Access      N/A      None
192.168.16.71      WNDR4500.tag.local      Reservation (active)      DHCP      2cb05d30bf6c            Full Access      N/A      None
192.168.16.72      LT02.tag.local      2/6/2013 4:58:36 PM      DHCP      4ceddef6450f            Full Access      N/A      None
192.168.16.73      iPhone.tag.local      2/2/2013 7:46:14 AM      DHCP      34c059924bbc            Full Access      N/A      None
192.168.16.75      SALESDESK1.tag.local      2/2/2013 9:22:19 AM      DHCP      206a8a102a92            Full Access      N/A      None
192.168.16.145      iPod-touch.tag.local      2/2/2013 5:45:57 PM      DHCP      70568125b0f5            Full Access      N/A      None
0
 

Author Comment

by:ronnie10165
ID: 38831785
Seems that from the server I can ping static IPs - printers etc but not dynamic IPs

Is there anyone out there?
0
 
LVL 76

Expert Comment

by:Alan Hardisty
ID: 38833047
You don't want to disable IP v6 period.

What are the all the IP Settings for the server NIC?

How many NIC's installed / active on the SBS 2011 server?
0
 
LVL 14

Expert Comment

by:BlueCompute
ID: 38833162
Does this "duplicate SBS 2011 server DHCP" refer to an error you're seeing in the event log? It sounds like you might have DHCP enabled both on the router and on the server - if so disabling it on the router's the correct answer.
0
 
LVL 14

Expert Comment

by:BlueCompute
ID: 38833165
There entries:
192.168.16.14      TAGSERVER.tag.local      2/6/2013 4:52:05 PM      DHCP      RAS            Full Access      N/A      None
192.168.16.15      TAGSERVER.tag.local      2/6/2013 4:55:45 PM      DHCP      RAS            Full Access      N/A      None
192.168.16.16      TAGSERVER.tag.local      2/6/2013 4:55:45 PM      DHCP      RAS            Full Access      N/A      None
192.168.16.17      TAGSERVER.tag.local      2/6/2013 4:55:45 PM      DHCP      RAS            Full Access      N/A      None
192.168.16.18      TAGSERVER.tag.local      2/6/2013 4:55:45 PM      DHCP      RAS            Full Access      N/A      None
Are just the IP addresses the RRAS service has reserved to give to VPN clients.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 38833395
what DHCP errors are reporting?

do you have the scope options setup in DHCP?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 38833536
As BlueCompute has stated, those DHCP reservations are for RRAS and your VPN (remote access) pool.

Make sure you have enough IP addresses in your scope to cover all your internal clients and at least 20 more.  RRAS reserves blocks of 10 addresses at a time and if you are running (or have ran) out of leases then people don't renew their current IPs.

You can also check Event Logs on the client and server to see what is logged and try to get an idea for us.
0
 

Author Comment

by:ronnie10165
ID: 38833673
I checked all workstations and somehow, during the updates maybe, all DNS and DHCP IPs were changed to the IP of the gateway. Flushed the DNS. Nothing happened. Reboot machine and , hey presto, back to normal.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 38833690
That tells me that your router has DHCP enabled.  You need to disable that so that the clients only get addresses from the SBS server.
0
 

Author Comment

by:ronnie10165
ID: 38833700
No I checked, it's disabled on the router
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 38833705
the scope options if setup wrong can point to the wrong DG.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:ronnie10165
ID: 38833940
Exactly the same time today, everything drops out again. I looked at DHCP and there are lots of duplicate IPs - see attachment. I checked modem again and DHCP is not enabled.
Thanks
bad-address.jpg
0
 
LVL 14

Assisted Solution

by:BlueCompute
BlueCompute earned 333 total points
ID: 38834152
Apologies for the rather generic advice, but I would recommend running the Fix My Network wizard and also the SBS 2011 Best Practices Analyzer (available here: http://support.microsoft.com/kb/2673284).  Any errors there would be a good place to start.
0
 
LVL 17

Expert Comment

by:WORKS2011
ID: 38834750
what type of router, check how the interface is configured and look for the entry "ip address dhcp (in bold below). There is plenty on the internet how this type of config can cause the DHCP server to create bad ip addresses.

interface GigabitEthernet0/1
description
ip address dhcp
ip inspect SDM_LOW out
ip virtual-reassembly
ip tcp adjust-mss 1452
no ip mroute-cache
duplex auto
speed auto
0
 

Author Comment

by:ronnie10165
ID: 38838807
Hi

I bought a new router and got internet working inside the building, turned off dynamic dhcp and tested the network. Bombarded with duplicate IP messages. I can see machines being given an IP outside of the scope of the server.

Virus?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 38839159
You have a rouge dhcp server on your network - either a router or wireless router.

I suggest you start a physical survey to see what the deal is.
0
 
LVL 14

Assisted Solution

by:BlueCompute
BlueCompute earned 333 total points
ID: 38839311
If you run ipconfig /all on the client machines then you will see where they are getting their DHCP addresses from.
0
 
LVL 51

Accepted Solution

by:
Netman66 earned 167 total points
ID: 38839493
While that might be the case, it sounds like there is a wireless router attached to the network that is acting as a bridge and giving out addresses in the same subnet - so effectively, you'll still see an IP in that subnet.  

If the switches are capable, you really should implement BPDU Guard on all access ports so that any switch plugged into the network will disable the port it's connected to and prevent this from happening.
0
 

Author Comment

by:ronnie10165
ID: 38839505
Thanks Netman66 and BlueCompute, I will turn everything off then bring clients on one at a time. Very good !

Two other strange issues is that with just the server and the router turned on, I cannot ping the router from the server? Also if I ping from the server (192.168.16.2) it returns results as 127.0.0.1 which is IIS right?

Thanks for your continuing help.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 38839717
Make sure (if the server has more than one NIC connected) - that the primary one is at the top of the binding order and that you have configured them correctly.  Multi-homing a DC is not impossible, but it needs to be done properly.

You also want to make sure that only your DNS server is listed on any NIC inside your network.  You configure Forwarders within your own DNS server to send queries to your ISP or another internet DNS server for anything it isn't Authoritative for.  If you have the root zone (.) in your DNS then it defaults to using the Root Hints servers - which is prone to problems.  You can safely delete this (.) zone and setup your Forwarders to get internet resolution.
0
 

Author Comment

by:ronnie10165
ID: 38849908
Hi

Thanks to everyone. I fixed it eventually.

I had 2 wireless routers that got fried in our storms and reset to factory settings, giving out IP addresses. The server stopped giving out IPs because it saw IPs being allocated elsewhere.
Apparantly this crazy logic is default in SBS 2011.
So I turned off the wireless routers and the network came back. It was a good feeling!

Anyway so that was it.

Cheers
Ian
0
 

Author Comment

by:ronnie10165
ID: 38849911
The key issue was knowing that SBS would stop giving out IPs
0
 
LVL 14

Expert Comment

by:BlueCompute
ID: 38851312
That'll always happen Ronnie - 2 DHCP servers on the same network causes ambiguity at best, as when PCs connect there's no way of determining which DHCP server they'll get their lease from. SBS (and Windows in general) is smart enough to detect other DHCP servers on the network and disables it's own DHCP server to prevent issues - the routers aren't smart enough to do it themselves, and Windows can only disable it's own, rather than the remote one. Just thought I'd explain why Windows uses the logic that it does, glad you got this working :)
0
 

Author Comment

by:ronnie10165
ID: 38853009
Thanks Bluecompute,  I appreciate what you say.

Given that you can change router setting from SBS control panel, you'd think it would be able to tell you that your router's giving out IPs !!
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

The problem of the system drive in SBS 2003 getting full continues to be an issue, even though SBS 2008 and SBS 2011 are both in the market place.  There are several solutions to this, including adding additional drive space or using third party uti…
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now