<div>
When it was 8.8.8.8 ipconfig showed the DHCP server to be the DC and nothing else. &nbsp; That's what's so confusing to me. &nbsp;I'll try the detection tool and list what I find.
</div>


<div>
I think there is another DHCP source that is showing up. &nbsp;I included a few screenshots. &nbsp;.1 is the gateway (Cisco ASA) configured by another vendor but is supposed to have DHCP turned off. &nbsp;<br />
.1 is showing up as a rogue source.<br />
<br />
The other strange thing is the 'authorized source' listed is 192.168.2.5 which was the old IP scheme and address of the server. &nbsp;The subnet had to be changed to 172.25.101.x for vendor / remote reasons. &nbsp;It has worked fine after and the change was done a few months ago. &nbsp;But why is the authorized IP still showing the old IP address??<br />
<br />
Screenshot is of ipconfig/all from a client, and the rogue detection result.<br />
<a href="https://filedb.experts-exchange.com/incoming/2016/04_w15/1089692/DHCPresults.JPG" target="_blank" class="file-inline" title="DHCPresults.JPG (40 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>DHCPresults.JPG</a><br />
<a href="https://filedb.experts-exchange.com/incoming/2016/04_w15/1089693/V1.JPG" target="_blank" class="file-inline" title="V1.JPG (73 KB)"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M67.508 468.467c-58.005-58.013-58.016-151.92 0-209.943l225.011-225.04c44.643-44.645 117.279-44.645 161.92 0 44.743 44.749 44.753 117.186 0 161.944l-189.465 189.49c-31.41 31.413-82.518 31.412-113.926.001-31.479-31.482-31.49-82.453 0-113.944L311.51 110.491c4.687-4.687 12.286-4.687 16.972 0l16.967 16.971c4.685 4.686 4.685 12.283 0 16.969L184.983 304.917c-12.724 12.724-12.73 33.328 0 46.058 12.696 12.697 33.356 12.699 46.054-.001l189.465-189.489c25.987-25.989 25.994-68.06.001-94.056-25.931-25.934-68.119-25.932-94.049 0l-225.01 225.039c-39.249 39.252-39.258 102.795-.001 142.057 39.285 39.29 102.885 39.287 142.162-.028A739446.174 739446.174 0 0 1 439.497 238.49c4.686-4.687 12.282-4.684 16.969.004l16.967 16.971c4.685 4.686 4.689 12.279.004 16.965a755654.128 755654.128 0 0 0-195.881 195.996c-58.034 58.092-152.004 58.093-210.048.041z"/></svg>V1.JPG</a>
</div>


DHCPresults.JPG

V1.JPG

<div>
tmoon, it looks like 101.1 is the problem. I would verify that DHCP is turned off on that machine. The authorized DHCP server info is what's being picked up in AD. Just your server to see if there is still reference to the old IP scheme. Does the AD server still have the old IP assigned to one of it's interfaces, so that it still shows up in DHCP &amp;&nbsp;DNS?<br />
<br />
MO
</div>


<div>
Only has 2 interfaces. &nbsp; One is disabled but had 1.6 listed.<br />
The active NIC did have DNS set to its loopback which I changed to the actual IP. &nbsp;I know there is some controversy over this but I think nowadays its common place to use the IP instead.<br />
<br />
I couldn't find any reference to the old server IP 2.5. &nbsp;I did find some old DNS records using the old subnet which I deleted.<br />
<br />
A quick registry search revealed only one key that had the old server IP listed. &nbsp;The key was:<br />
HKEY_LOCAL_MACHINE\SYSTEM\<wbr />CurrentCon<wbr />trolSet\se<wbr />rvices\{AF<wbr />4BC64C-955<wbr />A-4379-87C<wbr />F-802C846B<wbr />FD7A}\Para<wbr />meters\Tcp<wbr />ip.<br />
<br />
I did not change or delete this at this time just to be safe.<br />
<br />
I emailed the support company for the Cisco ASA to disable any DHCP and check to see why it was accidentally turned on.
</div>


<div>
Great call. &nbsp;I believe it did boil down to a rogue DHCP server on the network even though the broken clients listed the correct DHCP server.<br />
Thanks for the help!
</div>


<div>
<div class="content wysiwyg-content">
Strange thing happening for the last week. &nbsp;This office has 1 Server 2008 domain controller, approx 20 Win 7 clients. &nbsp;The only recent change was a switch change to a 24 port Cisco Meraki to provide POE to a few AP's. &nbsp;The Meraki is in 'dumb mode' operating at layer 2 only. &nbsp;The other switch is a Netgear ProSafe GB layer 2 switch.<br />
A few days ago I was told that a few select users (approx 4) can't run a SQL based program where the database resides on the DC. &nbsp;Reboots sometimes fix and sometimes don't. &nbsp;<br />
I have noticed that when things arent working, the client still has internet access but just cannot properly run their main app off the server.<br />
When this error is happening I can ping things but not domain.local . &nbsp;Says cannot find host. &nbsp;Domain.local pings fine on a working PC.<br />
I noticed that an NSLOOKUP reveals that the DNS on the client box is set to Google 8.8.8.8<br />
IPCONFIG /ALL reveals that the DC is set as the DHCP server.<br />
Checked the DC DHCP settings and only the servers private IP is listed as the DNS server to hand out in scope options and server options.<br />
I can't find a reference to 8.8.8.8 in DHCP server settings anywhere.<br />
On the client box I can't find a reference to 8.8.8.8 anywhere in IP properties either. &nbsp;<br />
As a temp fix I have added the DC local IP to DNS IP settings on the client PC but left the IP to get automatically. &nbsp;This seems to correct the issue but it would be nice to get to the cause of it.<br />
Any ideas?<br />
Thanks.
</div>
</div>


Strange thing happening for the last week.  This office has 1 Server 2008 domain controller, approx 20 Win 7 clients.  The only recent change was a switch change to a 24 port Cisco Meraki to provide POE to a few AP's.  The Meraki is in 'dumb mode' operating at layer 2 only.  The other switch is a Netgear ProSafe GB layer 2 switch.
A few days ago I was told that a few select users (approx 4) can't run a SQL based program where the database resides on the DC.  Reboots sometimes fix and sometimes don't.  
I have noticed that when things arent working, the client still has internet access but just cannot properly run their main app off the server.
When this error is happening I can ping things but not domain.local .  Says cannot find host.  Domain.local pings fine on a working PC.
I noticed that an NSLOOKUP reveals that the DNS on the client box is set to Google 8.8.8.8
IPCONFIG /ALL reveals that the DC is set as the DHCP server.
Checked the DC DHCP settings and only the servers private IP is listed as the DNS server to hand out in scope options and server options.
I can't find a reference to 8.8.8.8 in DHCP server settings anywhere.
On the client box I can't find a reference to 8.8.8.8 anywhere in IP properties either.  
As a temp fix I have added the DC local IP to DNS IP settings on the client PC but left the IP to get automatically.  This seems to correct the issue but it would be nice to get to the cause of it.
Any ideas?
Thanks.

Strange DNS issue, Server 2008, Windows 7 clients

Windows Server 2008 and Windows Server 2008 R2, based on the Microsoft Vista codebase, is the last 32-bit server operating system released by Microsoft. It has a number of versions, including including Foundation, Standard, Enterprise, Datacenter, Web, HPC Server, Itanium and Storage; new features included server core installation and Hyper-V.

Windows Server 2008

The Dynamic Host Configuration Protocol (DHCP) is an auto configuration protocol used on IP networks and an extension of the Bootstrap Protocol. DHCP allows for computers to be configured automatically to communicate with each other over an IP network without the need for manual setup by a network administrator. The implementation of DHCP relies on a DHCP server to hand out network configuration information to DHCP-capable clients that request an IP address (and other information required or useful in communicating with other devices on an IP network). In addition to an IP address, common configuration information served over DHCP includes a default gateway, subnet mask and DNS sever(s).

DHCP

The Domain Name System (DNS) is a hierarchical, globally distributed system responsible for associating the name of a computer, service or other resource into an IP address for connecting to the Internet or a private network. Most prominently, it translates domain names to the numerical IP addresses needed for the purpose of computer services and devices worldwide.