Can't Ping Internet on DHCP Address
I have a 2016 Windows Essential server. I was onsite the other day and noticed that, although my laptop would obtain an IP address, I couldn't not browse the internet or ping anything on the Internet. The name would resolve and show the IP address DNS had provided, but the ping would time out. I also couldn't ping by IP to the internet. I could ping devices on the local network.
I then noticed the same issue on a computer I was adding to the network. The IP's I obtained were 192.168.10.107 and 192.168.10.109.
I gave both computers a static IP and the same gateway (Watchguard firebox, managed by an outside vendor) and DNS (DNS is the 2016 server) and was fully functional with the use of these static IP's. The IP's I assigned were 192.168.10.233 and 192.168.10.234
The DHCP scope on the 2016 Essentials server is 192.168.10.50-150 with Subnet mask of 255.255.255.0, gateway is 192.168.10.1 and DNS is 192.168.10.4 (the 2016 server)
There were approximately 48 leases out. At one point I got the computer I added to the network to obtain a different IP, which I believe was something below .100 and it worked fine thereafter. I dont know if the fact that it was below the .100 mark was why it worked, or just coindence.
So I was hoping someone might be able to enlighten me on what it may be that is causing me a problem. I wonder if there is some limitation on the 2016 Essentials server as to how many leases it will give out that have full functionality, although I haven't found anything that specifically says that it would limit DHCP in this way. If that's the case, I can either put some devices as static (i.e., phones, POS workstations) and that would free up about 20 IP's, or use another device as a DHCP server.
I wanted to use the Windows server as the DHCP server though, in case it's true that it is best practice and that it helps with AD functionality.
To sum it up,
1. No Internet functionality with new devices that connect via DHCP.
2. Devices that are currently on the network have full functionality. It may be noteworthy to mention that these devices have an IP below .100 in a scope that is 192.168.10.50-150
3. New devices have full functionality if setup with a static IP.
*** in regards to note 2. I actually haven't "tested" each device that was currently on the network, but I'm assuming they work properly because no one has mentioned an issue. This could be deceiving though because some devices are POS, which don't use the internet, others are phones or iPads.
I then noticed the same issue on a computer I was adding to the network. The IP's I obtained were 192.168.10.107 and 192.168.10.109.
I gave both computers a static IP and the same gateway (Watchguard firebox, managed by an outside vendor) and DNS (DNS is the 2016 server) and was fully functional with the use of these static IP's. The IP's I assigned were 192.168.10.233 and 192.168.10.234
The DHCP scope on the 2016 Essentials server is 192.168.10.50-150 with Subnet mask of 255.255.255.0, gateway is 192.168.10.1 and DNS is 192.168.10.4 (the 2016 server)
There were approximately 48 leases out. At one point I got the computer I added to the network to obtain a different IP, which I believe was something below .100 and it worked fine thereafter. I dont know if the fact that it was below the .100 mark was why it worked, or just coindence.
So I was hoping someone might be able to enlighten me on what it may be that is causing me a problem. I wonder if there is some limitation on the 2016 Essentials server as to how many leases it will give out that have full functionality, although I haven't found anything that specifically says that it would limit DHCP in this way. If that's the case, I can either put some devices as static (i.e., phones, POS workstations) and that would free up about 20 IP's, or use another device as a DHCP server.
I wanted to use the Windows server as the DHCP server though, in case it's true that it is best practice and that it helps with AD functionality.
To sum it up,
1. No Internet functionality with new devices that connect via DHCP.
2. Devices that are currently on the network have full functionality. It may be noteworthy to mention that these devices have an IP below .100 in a scope that is 192.168.10.50-150
3. New devices have full functionality if setup with a static IP.
*** in regards to note 2. I actually haven't "tested" each device that was currently on the network, but I'm assuming they work properly because no one has mentioned an issue. This could be deceiving though because some devices are POS, which don't use the internet, others are phones or iPads.
DrDave242
It sounds like there may be a filter on the firewall blocking outbound traffic from devices within a certain IP range. I don't know why that would be there, but you should check with the folks who manage the firewall to see if that's the case.
ASKER
Thanks DrDave.
Good idea. I"m going to send off an email right now to ask. I wish I would have changed from DHCP and programmed Static with one of the IP's I had received from DHCP, that didn't work.
Good idea. I"m going to send off an email right now to ask. I wish I would have changed from DHCP and programmed Static with one of the IP's I had received from DHCP, that didn't work.
Let us know how it goes with the network team.
My first thought was perhaps the gateway IP wasn't being set correctly, but as long as it is the same when you set it manually, that shouldn't be the problem.
Another trick is to try a tracert command to an IP address and see how far it gets before it fails. I'm just thinking another problem could be that DHCP is passing some incorrect proxy information or something like that.
Good troubleshooting steps so far, anyway. Ping by IP is always a good test, because it eliminates DNS as part of the problem.
By the way, I edited your topic for clarity. It just helps to ensure the right Experts see you question.
My first thought was perhaps the gateway IP wasn't being set correctly, but as long as it is the same when you set it manually, that shouldn't be the problem.
Another trick is to try a tracert command to an IP address and see how far it gets before it fails. I'm just thinking another problem could be that DHCP is passing some incorrect proxy information or something like that.
Good troubleshooting steps so far, anyway. Ping by IP is always a good test, because it eliminates DNS as part of the problem.
By the way, I edited your topic for clarity. It just helps to ensure the right Experts see you question.
ASKER
Outside vendor says that he doesn't see anything that would be causing me an issue.
Other IP's in the scope work fine so it isn't a gateway issue
I did do a tracert and if I remember right it timed out from the start
I'll be back onsite soon and will try to set my static ip for that of what the DHCP server issued me (.107) and see if it works. Of course I'll check the network first to verify that there isn't a .107 out there.
If it does work I believe that eliminates the Firewall as the problem.
Other IP's in the scope work fine so it isn't a gateway issue
I did do a tracert and if I remember right it timed out from the start
I'll be back onsite soon and will try to set my static ip for that of what the DHCP server issued me (.107) and see if it works. Of course I'll check the network first to verify that there isn't a .107 out there.
If it does work I believe that eliminates the Firewall as the problem.
Wireshark may come in handy if the static IP address test is inconclusive.
Using the same static IP as DHCP was giving you is a good idea. Check all the DHCP server options as well and see if anything else looks wrong. Also check IE setting under Internet Options tab, Connections to see if that information is changing between static and DHCP.
ASKER
I went onsite and found that .101-.110 would not work if programmed as a static.
For now, I've excluded that range from DHCP
While testing I got "duplicate on network for .102, but can't ping it and it doesn't show in Belarc advisor
For now, I've excluded that range from DHCP
While testing I got "duplicate on network for .102, but can't ping it and it doesn't show in Belarc advisor
Did somebody already mention a rogue DHCP? I kind of wonder if that could still be happening. If you do an IPCONFIG /ALL, one of the things it will tell you is what address granted the lease.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.