DHCP issu
I have a 2008R2 DC which is also a DHCP server. I am having an issue where the server keeps running out of IPs in the scope as well as handing out IPs that are already in use even though I have conflict detection enabled as well as a lease time of one day. Don't know what's going on.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Running out of IPs: what are you seeing in the list of IPs in the DHCP server? Are multiple IPs being given out to the same computer? This should be easy to identify.
Giving out already-used IPs: have you confirmed (ipconfig /all) on the workstations with duplicate IPs that they are getting them from the DC? There's a chance of a rogue DHCP server causing the problem.
Giving out already-used IPs: have you confirmed (ipconfig /all) on the workstations with duplicate IPs that they are getting them from the DC? There's a chance of a rogue DHCP server causing the problem.
I have a 2008R2 DC which is also a DHCP server.
If you can help it, there are a couple of reasons not to do this but mostly from a security point of view its just bad practice. A DHCP server requires little to no resources, you can run it on very low spec hardware, so I myself would say there is almost no possible way to justify putting a DHCP server on a DC.
Don't know what's going on.
Make sure the clients are getting leases from the same DHCP server. You can check on the clients. Also ensure all your DHCP logging is enabled. If you use something like Splunk or ELK you can send your DHCP logs into these platforms to get a visualisation of what is occurring and enable easier searching of your logs.
ipconfig /all | find /i "dhcp server"They should all be getting their leases from the same DHCP server. A less time of 1 day seems like a short period unless you have a large volume of transient clients (think a guest wireless network, free access customer WiFi network, etc.). For fixed clients (desktops, servers, etc.) a lease time of 7-8 days is more suitable, but its up to your preference. There isn't really a reason otherwise for a very short lease period.
I have conflict detection enabled
Do your DHCP clients go to sleep or get removed from the network? Conflict detection only works when the clients are online (the DHCP server is just pinging the IP). But conflict detection only really helps when people are statically assigning IP addresses or you have a rogue DHCP server on the network. If conflict detection is detecting a conflict, the addresses will start switching to BAD_ADDRESS for the client name.
ASKER
Is there a way of detecting a rogue dhcp server?
A TCPDUMP or Wireshark capture is probably the best way to look for a rogue DHCP server
Detecting a rogue DHCP server:
Running ipconfig /all (or use the fancier version suggested by Learnctx: ipconfig /all | find /i "dhcp server") on computers with conflicting IP addresses and see what they have listed for the DHCP server that they used. If you find an IP address other than the one you expect, you've got another DHCP server out there.
Running ipconfig /all (or use the fancier version suggested by Learnctx: ipconfig /all | find /i "dhcp server") on computers with conflicting IP addresses and see what they have listed for the DHCP server that they used. If you find an IP address other than the one you expect, you've got another DHCP server out there.
You can either delete it and start over if you have documentation of all the scopes, or you can try to repair it...
https://www.pelegit.co.il/repairing-dhcp-database/