Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DHCP showing a lot of entries with long MAC address each

Status
Not open for further replies.
libroos

libroos

Technical User
Feb 16, 2001
195
SG
Hi all,

My company has two DHCP Servers (Domain Controllers). One fine day, noticed that all of the wireless clients could not login (authenticate). After investigation, noticed that
the wireless LAN DHCP scope has run out.
e.g.

I did a reconciliation and noticed a lot of "inconsistencies" on DHCP Server A.

IP ADDRESS NAME UNIQUE ID
172.6.20.31 172.6.20.31 3130efc011033248873000
172.6.20.32 172.6.20.31 3130efc011033248871233100
172.6.20.33 172.6.20.31 3130efc0110332488712393200
172.6.20.34 172.6.20.31 3130efc0110332488712393300
172.6.20.35 172.6.20.31 3130efc0110332488712393400

I did a verify and the above entries shown up. I clicked on verify and subsequently went to address leases, did a refresh and can see these invalid entries. The name is the same as the IP addresses.

All the reminder DHCP IP entries are occupied by this long entries of 26 characters long.

Now I see inconsistencies in another DHCP Server. From time to time, I need to go in to delete this invalid entries.

Other DHCP scopes in both DHCP Server are experiencing this same symptoms.

Anyone experienced this before?

What I did:-
1. Booted both Servers in SAFE mode and performed full updated AV def scans // Results: No viruses found
2. Compact DHCP database on DHCP SERVER A, but still experienced same thing

Inconsistencies on the DHCP Servers is still around.

Anyone experienced this before?

This looks like a kind of DHCP attacks, else could be something keep on writing into registry, but could not be detected and when DHCP databases conpared against the registry entries, the records are thus updated into the DHCP database automatically becos' of comparison between DHCP Server and registries.

Rgds,
libroos


 
Sort by date Sort by votes
lease time: 5hrs. I've changed to 1hr, and done frequent refresh of DHCP lease after reconciliation and saw inconsistencies. I saw this inconsistencies in other scopes as well now.
 
Upvote 0 Downvote
Hi,

Did you solve this problem? I am seeing the same problem on my DHCP server.
Thanks,
 
Upvote 0 Downvote
Hi Mathidor,

Nope. Problem still not resolved. Currently monitoring it closely every day and performing manually reconcilliation,refresh lease and remove those long mac entries.

Pls post if u hv the solutions.

Thks.

Rgds,
libroos
 
Upvote 0 Downvote
This is what I have found so far:
It looks like the Unique ID field is the IP address in dotted-decimal formatted in ASCII as a C Null terminated string (31="1",30="0",2e=".", etc.).
 
Upvote 0 Downvote
Do you have a Windows RAS Server? It might be the RAS server leasing IP addresses for each of its RAS interfaces. I think it does this by default

HTH

Andy
 
Upvote 0 Downvote
Hi, I've started experiencing this issue as well. Has anyone found the solution?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pomazip
  • Locked
  • Question
Windows Server 2019 mac address issue
Replies
2
Views
578
pomazip
pomazip
ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
849
gbaughma
gbaughma
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
497
DrB0b
DrB0b
dpellegrini
  • Locked
  • Question
Website will load using hostname but not IP address
Replies
3
Views
804
mangentle
mangentle
mangentle
  • Locked
  • Question
What are the key advantages of using Microsoft Windows Servers for businesses?
Replies
1
Views
839
gbaughma
gbaughma

Part and Inventory Search

Sponsor

Back
Top