Need help tracking down a DHCP conflict

Need some help in tracking down an IP conflict that I have.  DHCP servers are Windows 2016 servers (setup in a failover scenario) but I have a MacBook that has had this happen twice in the last month.  He will get a popup saying:

Another device on the network is using your computer's IP address (10.3.110.204).  

I'm not sure if this IP was for his wired connection or his wireless but only seems to affect his MacBook.  With DHCP servers there shouldn't really ever be IP conflicts (unless someone adds a static IP which I don't think this is the case here - it could be but I doubt it).  In DHCP servers, logs don't show anything...

Anyway at this point to track down what grabbed the .204 IP?
vianceadminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Fred MarshallPrincipalCommented:
I often use NetScanner 6.2.1 which you can find easily enough to download.
It will scan the network, list IP addresses, names and MAC addresses among many other things if you want.
If you get lucky and get the name then the quest may be over.
If all you get is the MAC address then you can decipher to the manufacturer at least.

Other things to do:
- Look for another DHCP server.  A commodity router, perhaps connected for wireless service, could do it.
- Don't assume there are no static addresses - consider where one might be.  e.g. a printer.
- Consider that the problem rather implies that the MacBook does have a static address.  Maybe it's a secondary address assignment.
- Why would "your computer" have a particular IP address otherwise?  Otherwise you could release the DHCP lease and renew it - presumably with a new address.
- UNLESS the DHCP server has reserved/assigned or allocated addresses per MAC address.  Does it?
masnrockCommented:
Another device on the network is using your computer's IP address (10.3.110.204).
Are wired and wireless on the same subnet? You never mentioned whether this is the case.

With DHCP servers there shouldn't really ever be IP conflicts (unless someone adds a static IP which I don't think this is the case here - it could be but I doubt it).  In DHCP servers, logs don't show anything...
If someone set their IP address as something in the DHCP range, it wouldn't show up in the DHCP server logs.

Have you tried to do ARP lookups when the Mac isn't connected? That should help you a bit.
nociSoftware EngineerCommented:
Are there multipe DHCP servers?  AP next to the Windows servers.
Maximize Customer Retention with Superior Service

The IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more to help build customer satisfaction and retention.

JohnBusiness Consultant (Owner)Commented:
Somebody may have hooked up a router and created a rogue DHCP server. That has cause this more than once.

Fred's scanning suggestion is good. I use Advanced IP Scanner (Famatech).
Owen RubinConsultantCommented:
Check both wired and wireless setting. Make sure you do not have a duplicate assignment, if any, on pre-assigned fixed IP addresses. Make sure the Mac is actually set to DHCP and not a fixed address.

I have seen Macs switch from wired to wireless where both MAC address were assigned to have the same IP so they get a conflict.

But I agree with others, look at the IP address that the Mac has and see what the DHCP server has assigned it to.

I have also seen this because the Mac believes time is left on the lease and sometimes just does not request a new DHCP address, but the server has given it out already.  If you switch off the Mac network and back on again, it should correct. You can also go into networking settings advanced and force a renter if IP address.
nociSoftware EngineerCommented:
If you have managed switches you can see on what port the MAC address with the IP address 10.3.110.204
is sent.  On the switch something aloc: Show mac or show cam tables.
you can get the address when sending a ping and then look at the ARP table.
arnoldCommented:
Double check the DHCP servers exclusions to make sure you do not have a scenario where two DHCP servers could issue the same IP.
Second make sure the lease time you have set is not too long.
Third check to make sure the Mac is using DHCP to get its IP and it is not set to a static Ip that is still being issued.

Often, the error should reflect the MAC address of the device that is in conflict.

if you have the MAC address of the device in conflict..
The difficulty in tracking is that you have to look for the device (ip) when the conflict occurs.

The other option. If the IP is random .... Exclude this IP from allocation, but block it from accessing external sources...sources outside its LAN segment...
Shaun VermaakTechnical SpecialistCommented:
If you just want to automatically resolve this, you can enable conflict resolution on the DHCP server

PowerShell
Get-DhcpServerInDC |% {Set-DhcpServerSetting -ComputerName $_.dnsname -ConflictDetectionAttempts 2}

Open in new window

vianceadminAuthor Commented:
Enable conflict resolution on the DHCP server?  Is that just a setting?

In this case, I think the user had both a wired IP and a wireless IP so even if it did kick him off of (let's just say the wireless connection had 10.3.110.204) wireless, he still had a wired connection so the only reason he knew he had an issue was because of the popup.  It's not a huge deal but just makes me wonder how the DHCP server would have given out the .204 IP if it had already given it out to something else.  

Lots of good suggestions...Couple of things to note:
1.  No rogue DHCP server on the network - if so, I'd have a lot more IP conflicts
2.  Ran ARP lookup on switches and the .204 IP that is given out now was not the one that tried to take it 2 days ago (laptop that has it now wasn't even on the network when the conflict happened).  To Arnold's point above, you have to look for the device (ip) when the conflict occurs.
3.   Lease time is set to 3 days - should I shorten that?  We are a fairly small office but laptops/wireless/phones are all on the same subnet and get IP's from the DHCP server.  In the last 6 months since I upgraded the DHCP servers to server 2016, I have only had two IP conflicts - both on this same MacBook.
Fred MarshallPrincipalCommented:
That It's the same (and only?) computer that has this problem then one would certainly want to look carefully at how it's set up.
I might compare the lease time between what the DHCP server has and the lease time that the computer has.  That might lend some insight.
More likely, in my mind, is that the computer is setting the IP address itself.  Call that static or manual or whatever....

You say:
I upgraded the DHCP servers to server 2016
So, there are multiple DHCP servers??  That would be a problem I should think.

In a mostly-filled environment with plenty mobile devices, I generally suggest setting the DCHP lease to 4-8 hours in order to free up unused addresses.  If a device departs the site, it won't renew its lease at half the lease time.  Then, at the end of the lease time, the address should be released.  
Worst case: a device will automatically renew its lease just before departing.  Then the address will be held (unused) for the entire lease time as the DHCP server knows nothing better to do.
Best case: a device will depart the site just prior to half the lease time from the last lease renewal.  Then the address will be held (unused) for half the lease time.
So, by setting the lease time shorter, you shorten the time between best case and worst case.  That may be some advantage if things are very tight and you're trying to understand what's going on.
vianceadminAuthor Commented:
Yes, in Server 2016, you can have "redundant/failover" DHCP servers.  So in this case, I have two servers running DHCP and I setup failover so they know about each other...
JohnBusiness Consultant (Owner)Commented:
No rogue DHCP server on the network - if so, I'd have a lot more IP conflicts

If you are certain this is not the case, then what I have seen (and has been mentioned above) is computers (normally laptop computers) with a Static IP address.

I have also seen DCHP reservation go wrong. That is DHCP reservation may have duplicate reservations for the same IP address.  Solve this by deleting all offending reservations and making new ones.
Shaun VermaakTechnical SpecialistCommented:
Enable conflict resolution on the DHCP server?  Is that just a setting?
Yes
Owen RubinConsultantCommented:
Do you have assigned IPs to certain MAC address set up on the DHCP servers? (Reserve addresses)? Macintosh will not have the same MAC address for wired and wireless, so they should get different IPs unless, as I said above, you have static IPs set on the Macintosh itself or you have assigned multiple MAC addresses to get the same IP, which does not seem to be th case.  

Is this still happening? Could this have been a one off error because of extended lease times. I agree with Fred, 4 to 8 hours on a lease time, esp and finally if you have a lot of devices coming on and off the network.
vianceadminAuthor Commented:
Can't imagine that someone would have assigned a static IP (most normal end users don't know how to do this).  No reservations setup in DHCP.  

Owen, it has happened twice on this Mac in the last 6 months - no issues otherwise.  Might just be an issue with this one Mac...
Owen RubinConsultantCommented:
Possibly, and I've seen my own MacBook Pro do this on occasion.  Usually it won't let go of the last IP address after not using it for a while (longer than my lease time) and while I get that message, it still usually works. But a quick Settings->Network->Advanced->TCP/IP press renew and the problem goes away. I've never been able to find out why it does that on occasion.  I also note it went away when I switched to a Cisco router and DHCP server off of a Microsoft server. Maybe Apple just being problematic with anything Windows. :-)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.