we have a w2k8 r2 server running a dhcp server with a scope of private ip addresses. All of them are reservations. All worked well until a fortnight ago. Since then, we got between two and five "bad address" entries every workday. We had to delete these entries and setup the reservation again. Then the clients get their address again. First we thought of a rogue dhcp server, but that isn't the case.
With wireshark we can see a DHCP DECLINE packet from the client. So the clients think, their address is already in use. But that is not true. None of our clients is multi-homed nor is the server. The only common thing we could recognize: all clients are Dell Latitudes E4300 and E6400 with Windows7 SP1 and it happens in the morning when people start work and after the lunch break. Possibly it has something to do with energy saving mode and the network interface. But we could not prove it until now.
Has anyone experienced something like that? Thanks in advance.