DHCP handing out incorrect IP addresses

reindeerauto
reindeerauto used Ask the Experts™
on
Somehow very intermittently my DHCP server is handing out IP addresses that have no scope setup in DHCP. My servers are all on a 192.168.2.X network and all are static IP's but for some reason my DHCP server is handing out 192.168.2.X IP's to computers randomly. How do I fix this issue and find out what is causing it to happen?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018

Commented:
Have you checked to make sure that there is only one DHCP server on the network? And also that no unauthorized devices are connected to the network? I've seen some very strange things happen because of things that weren't supposed to be there....
Tyler BrooksNetwork & Systems Administrator

Commented:
When one of your systems gets an IP address in the range (that isn't supposed to) run ipconfig/all which should tell you the IP address of the DHCP server handing out the address. Best way to start is to confirm that you don't have some rogue DHCP server on your network.
reindeerautoSystems Administrator

Author

Commented:
I did and Ipconfig /all and it is showing the other domain controller as the DHCP server that handed out this address but it is not setup as a DHCP server and does not have the role as one either.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

reindeerautoSystems Administrator

Author

Commented:
I see the DHCP Client is running in the services but there is no service for DHCP server. How do I correct this issue to make it stop handing out IP addresses?

Commented:
To prove it's this server, you can have one client that always gets an IP address (ipconfig /release and ipconfig /renew). You will see it stops gettin g an IP address the moment you momentarily disconnect the server.
Now you're 100% sure it's this server, and you'll probably have to try to find a software component that's causing the DHCP hand outs.

Use in admin cmd shell:
netstat -abn

The program AFTER the line (w.x.y.z is the IP address of the server)
w.x.y.z.:67
Is the real dhcp server.
reindeerautoSystems Administrator

Author

Commented:
Kimputer, when I did the (ipconfig /release and Ipconfig /renew) it got the correct IP from the correct DHCP server. What other software component can cause a server to act as a DHCP server, especially when it does not have the service installed?
Paul MacDonaldDirector, Information Systems

Commented:
Does the "other DC"s IP address end in .1?  In either case, it's fine for any machine to be a DHCP client.  We're looking for a DHCP server.

Is your current DHCP server also one of your domain controllers?  Or do you some other machine or device acting as a DHCP server?

In the DHCP Management utility, right-click on DHCP at the top of the tree in the left-hand pane, then select "Add Server..." and see if there are any DHCP servers in the list of servers you don't recognize.
reindeerautoSystems Administrator

Author

Commented:
Paul,

Yes the other DC's IP does end in .1 and yes my current DHCP server is also a Domain Controller however it has been this way for 9 years and this is the first time it has done this.

I looked in DHCP Management utility and it does not show any other servers when I click on the "Add Server"
"Yes the other DC's IP does end in .1"
It is fairly typical for the router or firewall to have an IP address that ends in .1.  No reason it can't work properly otherwise, though.

Are you certain that the IP address doesn't point to your router?

If there were conflicting IP addresses you'd expect to see a number of errors.  Just to be sure, ping the .1 server from a workstation, disconnect the server, and then ping again.  It won't be conclusive if the ping fails (the conflicting device may not respond to pings), but it will be if the ping succeeds.

I'm skeptical that there is such an IP conflict, but should be easy enough to confirm.

You could also disconnect both servers (the proper DHCP server as well as the .1 one) and run IPConfig /release IPConfig /renew and see if anything responds.
Paul MacDonaldDirector, Information Systems

Commented:
'Yes the other DC's IP does end in .1"
Is there any chance someone has installed a new router on the network recently?  Even if it's not routing, but only being used for WiFi?  Because I'd wager that's the problem.  I'd double down on that wager if your network uses "192.168.0.x" as its address space.

Let me take this opportunity to suggest you change the IP address of your DC to something other than ".1", regardless of what else you do/find.
reindeerautoSystems Administrator

Author

Commented:
My computers are on a 192.168.1.X network and my servers are on a 192.168.2.X network. The incorrect IP's being handed out are from the .2.X network from a DC that is not set as a DHCP server. All of the PC's getting incorrect IP's are on a physical connection so WiFi would have nothing to do with it. My wireless network is on a 192.168.9.X network and my layer 3 switches all have 192.168.1.X IP addresses. This just started happening about 2 weeks ago so I am not sure what is going on.

I have done IP scans and don't see anything with matching IP's.
Paul MacDonaldDirector, Information Systems

Commented:
"My computers are on a 192.168.1.X network and my servers are on a 192.168.2.X network."
What do you use to route between the two networks?

"so WiFi would have nothing to do with it."
I'm not suggesting this is a WiFi issue.  I'm suggesting someone configured your router and turned on the DHCP capability in it.  Or they replaced it with a new one that had DHCP turned on all ready.  The IP address of this router may just happen to be the IP address of the DC in question, so it looks as if the DHCP request is being fulfilled by the DC when it's actually being fulfilled by the router.

I may be wrong.
reindeerautoSystems Administrator

Author

Commented:
So looking closer at the (Ipconfig /all) on the computer getting the wrong IP it is even showing my default gateway IP the same as the DHCP server.
That is sounding more and more like there is another device with the .1 address that is doing DHCP.  Disconnecting both servers and requesting another address through DHCP should be fairly conclusive.

Alternatively, go to a machine that has received the "wrong" DHCP information and run arp -a.  That should show you the MAC address of the .1 device.  Compare it to the MAC address of the .1 server.
Paul MacDonaldDirector, Information Systems
Commented:
"it is even showing my default gateway IP the same as the DHCP server."
This is what I'm saying:
"I'm suggesting someone configured your router and turned on the DHCP capability in it.  Or they replaced it with a new one that had DHCP turned on all ready.  The IP address of this router may just happen to be the IP address of the DC in question, so it looks as if the DHCP request is being fulfilled by the DC when it's actually being fulfilled by the router."

Find that (new?) router and turn off DHCP in it.
reindeerautoSystems Administrator

Author

Commented:
Ok problem is solved thank you all for your help. We have a few pieces of equipment (Grandstream) plugged into our network that convert analog Polycom conference phones into digital and one had gone bad and was randomly handing out this IP. Turned it off and the problem has been corrected.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial