|
Home > Archive > CCNP > August 2002 > DHCP Server on NT Server 4.0
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
DHCP Server on NT Server 4.0
|
|
| beenframed 2002-08-08, 7:52 am |
| I originally posted this in a MCSE forum but since I feel I may have exhausted all efforts on the NT side of things, I am curious to see if anyone thinks this could be a problem on my Cisco switches.
I have a DHCP Server on a NT 4 Server that is no longer giving out IP addresses. Nodes logging into the network are getting errors saying the domain is unavialble. I have stopped and started the DHCP service multiple times on the servers. Clients are getting addresses in the 192.168.0.0 subnet. My DHCP scope is 10.x.x.x. Event log on the server shows errors that the DHCP server issued a NACK to MAC address xxxxxxxxxxx with 192.168.0.1 -something like that - The network is basically switched with Cisco 2900 switches and there are no hubs.
One other note: If I assign them an address manually they have no problem accessing the network.
Any help..
Thanks - BF
__________________
BeenFramed | |
|
|
| akarklins 2002-08-09, 10:07 am |
| Hello,
Have you checked the obvious? Even though you stopped and started the service is the scope active. For NT 4.0 an active scope appears as a yellow bulb and an inactive looks gray.
Why do you have two subnets, i.e. 10.x.x.x and 192.x.x.x ? Are these on the same network segment? If so this creates excessive collusions and not recommended. If the DHCP design spans over a wan or different subnet then you can start to look at other router related issues. For example open ports 137 and 138 with ip helper, wins on local subnet, bridging (not the best), bootp devices, duplicate ips, access-lists and more.
Good Luck | |
| beenframed 2002-08-09, 12:03 pm |
| yes, I do have a yellow bulb and I probably should've noted that some pc's are able to get ips from DHCP but not all. It's very random - Some W2K machines some win98 machines - Also- having checked most of the obvious stuff my dhcp pool is 60-40 (60% active, 40$ unleased)
My original post said:
Clients are getting addresses in the 192.168.0.0 subnet. My DHCP scope is 10.x.x.x.
I don't have 2 subents, my dhcp scope is in the 10.x.x.x network. I don't have a subnet or dhcp scope for the 192.168.0.0 network but nodes are picking up addresses from the 192.168.0.0 network. The server as in my original post:
Event log on the server shows errors that the DHCP server issued a NACK to MAC address xxxxxxxxxxx with 192.168.0.1 -
is logging that event to the event log. Which tells me that the server is negotiating with the nodes trying to recieve addresses but not leasing them an ip from 10.x.x.x scope. It's like the server is saying "well for whatever reason dhcp doesnt want to give you an IP so here take an address from the 192.168.0.0 network"
still fighting this problem..
I have rebooted all my switches, thinking something may be cached. | |
| maxmax79 2002-08-09, 12:26 pm |
| The 192.168.x.x address are from the automatic private IP addressing fearute in windows. If a client is configured to receive an IP from DHCP server but can not contact one, then it will assign itself an IP in the 192.168.x.x network so the PC can contine the boot process. It sounds like the problem is somewhere in you network hardware. Are all the pc's with the 192.168.x.x IP's conected to the same switch/router/hub?? | |
| lenee 2002-08-09, 12:39 pm |
| we had a similar problem in our office one day. When i checked the ip on workstations it was 0.0.0.0. so i knew the DHCP server was not leasing addresses.
So we checked the scope?
Everything was fine.
Then we restarted the service?
Still no luck.
So we brought down all the workstations and rebooted the server. Ever since then things have been fine.
I don't think ur getting automatic private ip addressing. That is in Win2k and above plus its in the 169.something.0.0 subnet.
I do feel however that you have another DHCP server activated somewhere out there. Do you have a LAN Modem, Access Point, Access Server...anything that has a DHCP Service on it. I'm sure if u probe u'll find it.If u do disable it. | |
| maxmax79 2002-08-09, 12:44 pm |
| lenee is right about the automatic IP addressing it is 169.254.x.x network...my bad.
 | |
| akarklins 2002-08-09, 12:45 pm |
| Hello again,
First the auto ip feature is:
The Internet Assigned Numbers Authority (IANA) has reserved 169.254.0.0-169.254.255.255 for Automatic Private IP Addressing. As a result, APIPA provides an address that is guaranteed not to conflict with routable addresses.
for windows 2000 and up.
Do you have any other firewalls or network internet appliances the could be providing the dhcp service? 192.168.xxx.xxx looks like a possible other dhcp server is there.
Anything else that uses a bootp?
Are all users on the same subnet?
How many hubs/ switches in this network?
If some of the hosts can reach the dhcp, try doing a release and renew (winip and ipconfig) What kind of client 95/98 2K etc
You can setup a network monitor on NT4 to capture ip packets to the dhcp server from any host. The general broadcast is all FF's. | |
| chodan 2002-08-12, 9:49 am |
| sounds like a rogue dhcp server possibly.
Maybe a ghost server or someone could have activated it by mistake on your firewall. | |
| beenframed 2002-08-12, 11:55 am |
| I dont think it's a rogue server thats out there. The nodes are receiving the addresses from the DHCP server. (DHCP Server with a scope configured for the 10.0.0.0 network.
++++++++++++++++++++++++++++++
+++++++++++++++
Event Type: Warning
Event Source: DhcpServer
Event Category: None
Event ID: 1011
Date: 8/12/2002
Time: 11:01:13 AM
User: N/A
Computer: MLSNYS03
Description:
The DHCP server issued a NACK to the client (524153200000E8673E8D000012000
000) for the address (192.168.200.13) request.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 52 41 53 20 00 00 e8 67 RAS ..èg
0008: 3e 8d 00 00 12 00 00 00 >......
r
++++++++++++++++++++++++++++++
+++++++++++++++
Although, I have checked the rest of my servers and none of them are running DHCP.
Thanks for your comments.. | |
|
| Just a thought, do you have ICS or NAT running on your network? This could be where you the clients are pulling the 192.168.x.x addresses from. | |
| akarklins 2002-08-12, 12:55 pm |
| This is from Microsoft on error 1011
Summary
This article describes how to configure Dynamic Host Configuration Protocol (DHCP) servers with split scopes.
More Information
You can implement split scopes, create identical scopes, and exclude opposite portions of the address range on each DHCP server. For example, assume that there are two DHCP servers: DHCPServerA and DHCPServerB. Both servers serve the 192.168.1.0 subnet, where the host addresses is between 192.168.1.1 and 192.168.1.254. In this example, the scope is split in half.
On DHCPServerA, create a scope with a start address of 192.168.1.1 and an end address of 192.168.1.254, and then create an exclusion from 192.168.1.127 to 192.168.1.254.
On DHCPServerB create the same scope: the start address 192.168.1.1 and the end address 192.168.1.254. Then, create an exclusion from 192.168.1.1 to 192.168.1.126.
A scope can also be divided between more than two servers in a similar way using the preceding guidelines.
If you create two Microsoft (MS) DHCP servers with the same scope without any exclusions, you can cause each DHCP server to send a NACK request from the opposite DHCP server. This configuration may result in clients that are unable to obtain leases, or clients that take very long periods of time to obtain leases.
You can confirm this behavior by examining Event Viewer for event 1011. Also, the DHCP Audit log lists any corresponding DHCPNACK entries.
NOTE: Incorrectly configured split scopes are only one possible cause of a DHCPNACK message. | |
| akarklins 2002-08-12, 12:58 pm |
| Try reload ing your service pak.
I fixed a flakey could not ping routers problem this morning by reloading the service pak.
Give it a try.
Very important is your server multi-homed? | |
| akarklins 2002-08-12, 1:02 pm |
| DHCP Client May Fail with WinNT 4.0 SP2 Multinetted DHCP Server
The information in this article applies to:
Microsoft Windows NT Server 4.0
Microsoft Windows NT Server4.0, Terminal Server Edition
Symptoms
A DHCP client may fail to obtain a DHCP lease if multiple logical subnets exist and there is a Windows NT 4.0 Service Pack 2 (SP2) DHCP server on the network. Also, you may receive the following error message when you run the IPCONFIG /RENEW command:
Access Denied - Renewing Adapter "xxxx"
Prior to Service Pack 2, when multiple logical subnets existed, the DHCP client was able to receive the DHCPOFFER and send a DHCPREQUEST to the offering DHCP server. After applying Service Pack 2, the DHCP servers on other logical subnets issue a DHCPNACK, which forces the client to release the address and perform a DHCPDISCOVER again.
In addition to the above error message, you may receive the following event log messages:
On the Client
Event ID: 1006
Source: Dhcp
Type: Warning
Category: None
Description: DHCP service is shutting down. The following error
occurred: Access is denied.
On the Server
Event ID: 1011
Source: DhcpServer
Type: Warning
Category: None
Description: The DHCP server issued a NACK to the client (MAC Address of
the Requesting Client) for the address (Requested IP
Address) request.
Cause
Windows NT 4.0 SP2 DHCP servers issue a DHCPNACK to any DHCPREQUEST that does not appear to be valid for the subnet. This problem occurs when you are using multiple logical IP subnets (multinetting) and two DHCP servers on the same physical network are serving two different logical subnets.
For example, a client broadcasts DHCPREQUEST and receives ACK from server A and NACK from server B. Because there is no communication between server B and server A, server B is not aware of the existence of server A. If it does not send a NACK, then a client who has just moved to this network will never know that its old address is invalid.
Resolution
To resolve this problem, obtain the latest service pack for Windows NT 4.0 or Windows NT Server 4.0, Terminal Server Edition. For additional information, please see the following article in the Microsoft Knowledge Base:
Q152734 How to Obtain the Latest Windows NT 4.0 Service Pack
To workaround this issue, use one of the following:
Windows NT 4.0 SP2 includes the ability to create DHCP superscopes. After creating a scope and defining each logical subnet in a superscope, the DHCP server recognizes the DHCPREQUEST as valid and will not NACK the request.
For example, you have a multinet environment with the following DHCP servers on a single LAN:
192.168.10.1
192.168.20.1
192.168.30.1
On each DHCP server you must create a superscope with a minimum of one IP address from each of the 10.x, 20.x and 30.x scopes. Be sure not to duplicate IP addresses in the scopes.
-or-
Another possibility is to take advantage of the superscoping feature and create one DHCP server to serve all scopes.
For more information on superscopes, please see the following article in the Microsoft Knowledge Base:
ARTICLE-ID: Q161571
TITLE : Using DHCP "Superscopes" to Serve Multiple Logical Subnets
Status
Microsoft has confirmed this to be a problem in Windows NT 4.0 and Windows NT Server 4.0, Terminal Server Edition. This problem was first corrected in Windows NT 4.0 Service Pack 4.0 and Windows NT Server 4.0, Terminal Server Edition Service Pack 4. | |
| beenframed 2002-08-23, 8:19 am |
| OK - The problem has been solved, for those of you who suggested a rogue server running dhcp thanks - that got me looking in the right direction. After I came up with no servers running DHCP, I scanned the network for remote connections - Unfortunatly a lot of folks are now connecting remotley - When I recieved an address on the 192.168.0.0 network I found that I could ping 192.168.0.254 (There lies my problem) whatever device out there had that address was running DHCP - I sent an email out to a block of somewhat tech savy users of mine to see if anyone was running a home network with a 192.168.0.0 network. There was one, the hardware device broadcasting DHCP was a netopia dsl router/hub - it was just being used as a hub but DHCP broadcasting was never shut off. Turned off DHCP - problem solved.
Thanks for all posts- BF |
|
|
|
|