I'm running a school network and ran out of local IP-addresses. So I created a new DHCP scope 192.168.x.x with 255.255.0.0 as subnetmask. Everything work well except that every now and then an IP-address doesn't work. The workstation gets an IP which seems to be legit (192.168.3.43) but Internet is not working and the server (192.168.100.2) can not be pinged (timed out) Strangely enough other IP-addresses can be pinged (192.168.100.10) The only thing I can do is put the bad IP-address in the reservations with a non existing mac-address forcing the DHCP-server to give the workstation anather IP-address. Any ideas why this happens??
Something else has stolen the address? Is there a rogue DHCP server on your network someplace?
When you get 'Bad Address' appear, this is related to two DHCP servers or two DHCP scopes.
Conflict detection should be set to 1 or 2 (on both servers). You will still get 'Bad Address' appearing, but this is by design.
Edit: I suspect the reason(s) some workstations cannot surf the web is due to a DNS problem. Are the Forward and Reverse DNS entries setup for your new scope?
You are fast guys!
There is only one DHCP-server active on the domain. Within DHCP only one scope is active (I de-activated the old one and then deleted it)
As for DNS: I recently setup the Reverse DNS entry for the new scope because I discovered a lot (hundreds) of errors (31:DNS update failed) in the DHCP server log. The errors were gone but my the bad IP-addresses were not :-(
DNS and DHCP are on the same server. Is that a possible cause of the problem? And how to check for rogue DHCP-servers?
DNS and DHCP on the same server is absolutely fine, no problems there.
If there is a rogue DHCP server, it's typically a router or an access point creating the problems.
Realistically a visual inspection of each room is probably the quickest method - especially at the end of the day when most workstations should be shutdown.
Then I would check your access points for any configuration problems. It depends whether or not the problem is isolated to wireless or it affects both wired and wireless workstations.
When the bad address isn't given to your client PC, can you ping it, or does it appear in any arp-tables anywhere?
TBH if it were a second DHCP server you would probably see the issue more often (it sounds like it is limited to a handful of addresses?), I would start by looking for hosts that might be squatting on those addresses with a static IP.
I had a similar thing here, i disabled IPv6 on my servers network cards...
IPv6 is not available on win2003 SE. And the error occurs on wireless and wired connections.
In the arp-table the IP-address (ending with 3.43) is listed as a static IP-address. Even after I remove it from the reservations in DHCP.
The macaddress differs from the macaddress of the workstation the IP-address is given to. I'll go and see if I can find the device with the listed macaddress.
To be continued......
MAC_Find: Vendor/Ethernet/Bluetooth MAC Address Lookup and Search <-- find out the manufacturer from the MAC - might help narrow it down.
Also, try pointing nmap at it for an OS fingerprint?
Thank you. I'll try both suggestions and report back here..