Issues with Internet Connection with PC on DHCP


We have a DHCP environment where the PCs are loosing internet connection randomly, and the only way to resolve the issue is to give them a static IP.

I have tried different scenarios but the static is only one that works.

Re-installed the NIC driver both intel and Broadcoms
Reserved the IP to the Machine in DHCP
Reduced the Lease time on the IP
Tried the advanced setting on certain NICs eg green energy settings etc.

All have failed to resolve the issue, so if you can help with this please let me know.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RantCanSr. Systems AdministratorCommented:
Is it possible you have a rouge DHCP server on your network?
Zephyr ICTCloud ArchitectCommented:
Besides a rogue DHCP server ...

When the PC looses Internet connection, does it still have an IP-address? Does it help if you do an IPconfig /renew at that time?
What type of environment do you have? Server? Active Directory? Are the proper DNS servers and gateways setup in the DHCP server?
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

YellowbusTeamAuthor Commented:
Rogue DHCP highly unlikely, how can test for one?

The environment is a DC with AD DNS and DHCP on the same box.

When the internet connection drops we still have an IP and its registered on the DHCP, i cant ping the gateway etc but can still talk to internal shares and other devices.

Zephyr ICTCloud ArchitectCommented:
I don't think it's DHCP, since DHCP would only do this at the moment it's in its half-life. For example, you have a lease of 8 days for your clients, after 4 days the client will check if the DHCP is still there, if it can find the DHCP it will keep the IP for the remaining 4 days, if it can't reach the DHCP server at the time of the check, it will send out a request on the network for another DHCP server. Since you still have an IP when you check at the time of the issue I think something else is going on ... You can still reach devices on the internal network so ...

It seems like it's loosing (the route to) the gateway ... Is it a direct connection to the gateway or is there a device inbetween?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
YellowbusTeamAuthor Commented:
Thanks for the comment, there are passive switches in this environment that are patched in into a patch panel.

The DHCP lease was set for 1 day i have now changed this to 7 days.

There is also a next generation firewall that controls internet connections via login which is synced to AD.

Zephyr ICTCloud ArchitectCommented:
Low DHCP leases are only interesting if you have a lot of "moving" clients, like people coming in one day and leave the next ... If you have more stationary devices you are better with a long lease... 7 days is fine.

At the time a client looses the Internet connection, can you still resolve DNS names like or something similar?

If you renew the ip with "ipconfig /renew" is the problem solved? Or disconnect the network interface and reconnect for example?

It is happening random yes? It's not all (or a lot of) clients together, it's always 1 client?
YellowbusTeamAuthor Commented:

We cant resolve anything outside of the LAN nor can we ping external websites.

If i renew the IP i get the exact same IP back when i /release then /renew and this doesn't resolve the problem.

Sometimes it will work if i go to device manager and uninstall the driver then scan for hardware changes which reload the driver.

Some days it happens to 1Random client other day maybe 2 or 3 times during the day, some say that the internet connection is intermittent goes off for 15-20 minutes then comes back.
Is the gateway router a cisco router?  Is there a fixed number of people who can connect to the internet at any one time, or does the number fluctuate?  I had this issue a while back and the issue was actually the number of licenses we had available on our router.  We got a new cisco router replaced and the licensing was for the wrong number of licenses.  At anyone time, only 10 people could get to the net.
Zephyr ICTCloud ArchitectCommented:
Interesting question from LB1234... Might be something to check.

Regarding the next gen firewall, it syncs with AD... Did you check the logs at the time the client looses the connection by any chance? Was there something to see? Does the firewall perhaps block the ip-address of the client and it only works again after the client receives a new one? Or if you give the client the same ip-address as a fixed address would it work... probably not.
Is the DHCP server handing out addresses in the right subnet?  You will have to do a packet trace on the gateway to see if the packets are at least getting there from the DHCP assigned clients.
YellowbusTeamAuthor Commented:
Hi LB123,

The router in question is a Cyberoam CR35iNG as far as i am aware its not licensed per user just licensed for the definitions for spam etc.

With regards to the firewall i will have to get support from the vendor.

The Subnet is the standard

To do  a packet trace do i use tracert(gateway IP)?

Thanks for the comments people!

Zephyr ICTCloud ArchitectCommented:
A packet trace would involve something like "sniffing" the traffic, usually some software solution is used for this, a well known example is Wireshark.

Now you need to place the tracer/sniffer in between the firewall/router and the client, usually this is a switch. But it's not just plugging it in a port, the port should be configured as a monitor port so you can see all the traffic coming over it, or configure it to monitor just one port.

This would be a good way to see what happens with the tcp/ip traffic on the network, but you'll need to know what to look for, or at least know that what you see is ok or not... So it might be a little over the top at this moment, depending on how comfortable you feel with it.

Maybe there's an IDS module on the firewall that gets triggered now and then and shuts the client of from going outside, albeit being it temporarely... That's why it would be interesting to see if there's something in the logging of the firewall.
If the router has a switch port, you might want to try directly connecting one of the problem DHCP clients to it.  If no switchport, then afterhours, disconnect the LAN interface from whatever's plugged into it, and plug in the problem DHCP client (you'll need a crossover cable), ping the WAN interface, ping public IP, then ping URL DNS name.
This is curious. The gateway router absolutely should not care how the clients are getting the IP address, so to me isn't a logical addressing issue.  When you provide the static IP, are you giving the host the same IP address that was previously assigned with DHCP or a new one?
YellowbusTeamAuthor Commented:
The host gets a new IP outside of the DHCP range, interesting thing i have notice on the gateway is that these machines IPs are getting flagged up as DOS Attacks, so have spoken to the vendor and they said this would cause the gateway to drop the connection. Now we have RMM software on all machines which i suspect is the culprit.

For now i would say we have the cause i just need to find a resolution.

But i will share out the points as you guys have been really helpful :)
Glad it's heading in the right direction!  Definitely recommend you get familiar with WireShark and play around with it.  It's essential.  In this case, you could've used a packet tracer on the gateway itself if it had that functionality, but in either case, you'd have known whether or not the packets from the problem DHCP clients were even reaching the gateway at all, or whether they were being dropped once they arrived.  If the latter, then of course, it leads you to start looking at the router's config.  Good luck!
Lastly, in terms of your router config, you might want to turn off packet inspection for outbound traffic altogether.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.