Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

DHCP Address not being given by Domain Controller

Posted on 2015-02-24
9
Medium Priority
?
95 Views
Last Modified: 2015-03-11
We have a multi-domain organisation that has multiple DC's. One of these DC's (in Manchester) does the DHCP for all of the connected sites except one; the Cardiff site that contains a second DC for a second Domain.

We have successfully migrated each of the satellite locations on that second Domain to pick up DHCP from the Manchester DC but pick up DNS from the Cardiff DC. This works fine and has been running without issue for months.

However, due to the ending of an ISP contract, we wanted to stop the Cardiff DC supplying DHCP addresses to machines in the Cardiff site and have them pick up those addresses from Manchester instead on a line set up with our new ISP. So, we set up a valid DHCP scope in Manchester, switched off the DHCP Service in Cardiff.... and nothing happened.

Our ISP can see the DHCP requests being made by the machines in Cardiff and can see them hit the Router in Manchester and be sent to the Manchester DC - but that's it. They never see a response from the Manchester DC to DHCP requests from the Cardiff site!

All other sites request DHCP from Manchester and get an almost instant response, but we just can't get it working from Cardiff. As a temporary measure, we are assigning DHCP from the Cardiff Router instead in order to get rid of the defunct network connection.

Does anyone know of a reason why our DC would simply refuse to assign DHCP addresses to the Cardiff site alone? The DHCP range set up is the same as was set up in Cardiff - and is the same as we are assigning from the Router. All of the settings seem to be right, but it just won't do it and we're not sure why. Clearly the requests are being sent to the Server as our ISP has followed the requests that far, so the problem must be with the DC itself somewhere - but it works everywhere else?????

Confused!
0
Comment
Question by:winstalla
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 36

Expert Comment

by:Kimputer
ID: 40627891
I'm still suspecting nothing is arriving at the DC. For every DHCP request, it's logged. I bet if you open the DHCP logs, you will NOT see the requests (usually starting with RENEW).
If you really see the requests (identifiable by mac address), followed by NACK, it means your server refused it. But I highly doubt it, and therefore, it's blocked by a switch or a router. Could be your hardware, meaning it's "your fault", could be a router from the ISP, meaning it's "their fault". A bit difficult to tell right now.
For now, until it's solved, just put a simple DHCP server on the second site (have a range that's excluded from the DC DHCP), even a simple PC will do (I usually use Dual DHCP DNS Server from SourceForge.net if I need some quick testing).
0
 

Author Comment

by:winstalla
ID: 40627899
I have checked the Logs. One of the machines that attempted to get a DHCP Address (this was last week!) has the result below in the Log:
30,02/18/15,11:10:27,DNS Update Request,192.168.1.171,FS-LAP-ICT-PJ2.FSL.local,,,0,6,,,
10,02/18/15,11:10:27,Assign,192.168.1.171,FS-LAP-ICT-PJ2.FSL.local,D067E53CC917,,2020114998,0,,,

Open in new window


I assume that this means that the Server attempted to assign the IP Address 192.168.1.171? If so, this address was never given to the machine and the ISP never saw the attempted assignment being sent from the Server.
0
 
LVL 36

Expert Comment

by:Kimputer
ID: 40627909
Wow that's strange, it means the request came, was SENT OUT, but THEN blocked somewhere along the way. Now the difficult part is still, who/what blocked the ACK packet from the DHCP server. The only way to do that is to follow the physical route from the server to the laptop at the other side, and for every section, check if the packet is still there (needs managed router, and a seperate PC with Wireshark).  To make it simple, do the packet sniffing on the cable that plugs into the ISP/router. If the ACK packet is still there, it's means it's being filtered by the ISP, and you can do nothing at all.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 34

Expert Comment

by:it_saige
ID: 40628316
I have a few questions:

Are these locations on a different subnet?
Has the ISP configured a DHCP relay agent on their router?
Are there any VLAN's in play here?
Is the scope for the Cardiff site configured correctly (has the scope option 003 for the Cardiff router)?

-saige-
0
 

Author Comment

by:winstalla
ID: 40628351
To answer IT_SAIGE:
All routes are on a 255.255.255.0 subnet (192.168.1.x and 192.168.77.x)
I can only assume that the ISP has configured a DHCP relay if it works for all of the other sites (some 30-odd sites get DHCP from Manchester)
No VLAN's anywhere.
We certainly believe that the scope is correct - it does have Option 003 for the Cardiff Router.
0
 
LVL 34

Expert Comment

by:it_saige
ID: 40628366
Do you have the capability to setup port monitoring on the switch that your DHCP server is connected to?  If you do, any chance that you can perform a packet sniff using Wireshark (or any other available packet sniffers)?  You will want to monitor the traffic on both sides (one in Cardiff and the other in Winchester).  I would initially setup to just monitor the ports that a test computer and the DHCP server are attached to.  Just to ensure that the packets are being sent and received on both sides (could potentially be the client where the DHCP client service is acting a little flaky).

-saige-
0
 

Accepted Solution

by:
winstalla earned 0 total points
ID: 40649031
Looks like we're going to have to Wireshark and we've not got a machine in Cardiff to do this at the moment. In the interim, the Cisco Switch in Cardiff is supplying DHCP and it seems to be working. So, a workaround - if not a particularly useful one!

Thanks to everyone who tried to help with this!
0
 
LVL 34

Expert Comment

by:it_saige
ID: 40649103
If possible, when you get this figured out could you post back with the root cause and resolution?

Thanks,

-saige-
0
 

Author Closing Comment

by:winstalla
ID: 40658240
A poor workaround - nothing more.
0

Featured Post

 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question