DHCP problems - help needed

[witch]

In one of my schools, I have a 2003 server with about 80 clients, most of which are Windows 7.
Over the last couple of months, we have been seeing issues with computers getting on to the network - there have been more and more cases where computers seem to log on OK - no error messages - but they end up logged on locally. The netbooks have been much more trouble, and it has got to the point where the teachers don't trust them and don't use them as about half of the class can't log on at any one time.
I have investigated and have found that sometimes a computer cannot pick up an IP address from DHCP. But then if the machine is rebooted, it DOES pick up one fine - or maybe it needs rebooting a couple of times but then is fine. I can't really do anything about it as it isn't permanent (and anyway, I dont know what to do!)
Can anyone tell me why this might be happening and what I can do about it?
The DH wants me to free up some time to be with a class logging on to the netbooks so I can see, and fix the issue.
Help!

[soveryapt]

This may seem like a daft question, but what AntiVirus do you use? I know some of them disable the network to run a quick boot scan which can effect things. We have to use Sophos for our LEA to be happy (or rather it's included in the price of everything else, so the school won't pay for anything else) and I get it alot where the card has been disabled and the computer doesn't get a full DHCP connect, but then when I log off and back on it all seems to be connected.

Food for thought at least. :-)

[witch]

We use ESET which I find very good, generally.But maybe there is something I can disable on the server? I seem to remember something to do with ESET is disabled on my 2008R2 server in my other school but I dont know what or why or even when.

[Michael]

I presume you've tried basics like stopping/restarting the DHCP server service?

Have you checked how many IPs are free in your scope? If you've run out, in theory you would get problems like you describe.

Have you tried restarting your switches and wireless access points?

Are wireless devices 'attempting' to connect to other wireless networks in the area, particularly any unsecure wireless networks?

I suppose the other possibility is the DHCP Server database is corrupt. It does happen, but it's pretty rare to be honest.

[witch]

I have just found this thread: Intermittent DHCP Problem, drving me mad!
but I can't follow the answers - at least not the bits about the switches. I havent ever talked to my switches!
I have stopped and started the DHCP server and it seems to help for a bit but then the same thing happens. I have restarted the switches with no luck but not the WAPs as yet - what would affect them all then?
There are a couple of unsecured wireless networks around but ours is at the top of the connection list - is there some way I can make sure the netbooks only ever try and connect to ours?
The other thing that may or may not be relevant is that even on connected machines, which are definitely OK, and they are properly on the network with full internet access, shared drives, the lot, there is an exclamation mark on the network status icon, it says 'no internet' even though there is. This is the same whether they are connected via cable or wireless.
We definitely haven't run out of IP addresses

[Michael]

Restarting switches and wireless access points is recommended time to time as it can resolve problems. They're computers in their own right feeding other computers

Have you checked how many free IPs are in your DHCP scope? If you're low or have zero free, you would get problems like you describe theoretically.

I have seen the exclamation mark appear typically if there are DNS problems, or you use a proxy.

How many switches do you have at this school? There's a possibility also one or more are faulty. Have you tried plugging in a laptop directly into the switch(es) to see what happens?

[witch]

We do use a proxy. So does that mean that the yellow exclamation mark isn't a problem?
We have about 40 free IP addresses at present. We have three main switches (the Server, ITsuite and WAPS are all connected to one of the three - there are a couple of little switches elsewhere but only the odd machine is connected)
and I have plugged a laptop in to all of them with no issues - BUT then again the issues are intermittent so how would I know they were OK!
I haven't heard any issues re the teacher's laptops - but they have reserved IPs

[plexer]

Anything in the logs on a client?

Ben

[witch]

Not that I can see

[glennda]

Are you able to get any logs from the Wireless? My wireless intercepts the broadcasts and directs it to the DHCP server could be worth a punt!

[m25man]

Turn off STP if you have it enabled on your switches.
Check your wireless AP's encryption preferences, avoid using WPA/WPA2 mixed modes, default to one or the other and try forcing the AP's to AES rather than TKIP
All of these can affect DHCP success or failure rates, none of which are a recommended fix just a diagnostics aid.

The compatability issues between hardware vendors and WPA/WPA2 and TKIP/AES are well known with Apple devices particularly notorious for it, but I have seen it with plenty of others.

I can get 100 devices all wanting to connect to my wireless LAN within a few minutes of each other and your experiences are pretty typical of what we used to see until we decided to lock it down to g/n WPA2 and AES only.
Obvoiusly this means some legacy devices are left out in the cold so it's not the answer for all situations but wireless especially, it's hard without the right tools to actually see if it's a wifi or DHCP issue.

STP on switches especially with wireless APs attached needs careful monitoring I have seen STP blocking ports as the same MAC address appears across two adjacent AP's.
STP is only needed to block redundant links until needed, but school NM's continue to use it as a defence against outlet abuse (you should be using ACLs instead) if a wireless client appears to broadcast a DHCP request across multiple AP's STP will shut the port down until its happy again the result is no IP address or a very confused MAC table until it gets refreshed.
If you must, use RSTP instead.

All of the above assumes that the latest firmware and drivers are installed everywhere and your DHCP clients work normally if hardwired to the same switch as the DHCP server?

[roymorden]

This is usually used for group policy problems but should prevent the problem of local logons.
"Always wait for the network at computer startup and logon to the computer."
This setting is located under Computer Configuration\Administrative Templates\System\Logon in the Group Policy Object Editor
Troubleshooting Group Policy Problems: Group Policy
HTH
Roy

[witch]

@glennda -where would I look for these logs?
@m25man - as I said earlier, I don't know how to contact my switches and have no idea if I have STP enabled - where/how would I look? Encryption modes all the same on all the netbooks - the odd laptop may have a different mode but fewer than in my other school and I see no issues there
And, unfortunately 24 of the 33 IT suite computers which intermittently suffer, are hardwired to the same switch as the DHCP server, as are four of the WAPS
@roymorden - thanks but this is already set - has been for about a year, unfortunately.

Thanks for all your help

[SYNACK]

@witch - what brand/model of switches are they, this will help determine how to get into them.

The no interent icon is not a concern if you can still get to the internet. It just means that the OS itself is not able to find a path out to the internet which could be due to dodgy config upstream.

Can you do a "ipconfig /release" then "ipconfig /renew" in an elevated (run as administrator) command prompt to make sure that one of the problematic ones picks up a new address once the link is active.

[glennda]

As @SYNACK said it all depends on which wireless you have - I would guess on the controller interface.

Also its not tied to just one AP is it?