Domain server filling ip pool with its own ip!?!?!?

[Bannon]

Something is strange with my DHCP server. it fills up the address pool with its own ip everytime the machine reboots. It has only 1 nic card and is the only pc on the network with a static ip.

Has anyone ever seen this?

I know its a bit heavy. its running the domain,dns,dhcp,exchange2k,sql server 2k. what can I say. the company is hard up for cahs. it does have a gig of ram though and only controls 8 workstations.

 

[GlenJohnson]

Set up a monitor and see if the nic's sending out bad broadcasts, or just replace the nic and see what happens. Good luck. Glen A. Johnson
Microsoft Certified Professional
glen@nellsgiftbox.com


"The fruit derived from labor is the sweetest of all pleasures."
Luc de Clapiers, Marquis of Vauvenargues (1715-1747); French moralist.

 

[trimelater]

Is your server obtaining an address for itself. Why not use a static ip address?

Trimelater

 

[JimHorton]

I have the same thing, and I have static IP. It's a Win2k Server with dhcp set up, and it has a static IP. I have a Dlink router, which also has DHCP set up and it also has a dozen 'phantom' mac's to which it's give ip's.

So I've got both dhcp's fighting to hand out a dozen addresses to...who? A hacker? My router has the basic NAT, and I have no dmz set up or virtual servers set up, otherwise I've kept the defaults from dlink.

If I renew the router ip, those addresses remain still there, but if I reset the dlink, they go away...for a day I'm guessing, then they're back. I try to judge by the expire time when they were granted, and maybe after a few more times I'll pinpoint it to something, but the last lease I saw for all these 'phantom' macs, I calculated that it was given about 2 pm today, while I was at the office (this is my home system). Other stuff on the network are my kid's machines--2 linux boxes, and 2 win98 boxes. Possibly Samba on the Linux boxes get's an ip for each share?? I wouldn't think so...and I've checked all the macs on my system, and these that show up in dhcp are not mine.

So any info would be greatly appreciated.
--Jim

 

[gwcann]

Yes check your NIC for bad packets. only one NIC right?
Your NIC is static, correct? (shoudl have been forced to install DHCP, but not if you have more than one NIC. If multiple NICS then multiple static IP's are necessary.

Better yet, in the time it takes to capture packets you can replace the NIC if you can afford the downtime.
Still broke then:
Recreate your scope, but that probably won't fix it.
then remove DHCP service, make sure you delete the DHCP directory in the SYSTEM32 directory. Reinstall DHCP and make the scope.

 

[claytony]

If I read your posting correctly, both your DLINK router and server have DHCP running? If so, I would disable it in the router - you can only have one authoritive DHCP server on the same range. Two will create IP addressing conflicts resulting in lost leases, etc which could be the cause of multiple assignments you are seeing in DNS.

Make sure your DHCP configuration excludes the range of IP's your are reserving for static IP addresses for your server/router/etc.

 

[JimHorton]

claytony,
Thanks for replying. I've already got the address ranges exclusive, though I had the impression that multiple dhcp servers could exist, and that just the first one to respond was the one to actually assign the address. I will disable one of them though, because I don't need them both--before I installed the router, the win2k box was the firewall, and I just left dhcp on.

However, the strange part is still the fact that these addresses have macs (in the routers dhcp list) that are not belonging to any of my hardware--I've checked the cablemodem, router, all the nics, even the ppp's, and no matches. I don't see a mac field in win2k's dhcp--but it does show it's own internal (static) ip as the owner for the dozen extra assignments in it's dhcp, while the router doesn't show an 'owner' ip, instead it shows the mac, which is that unknown mac I mentioned. I'll see what happens when I disable the win2k dhcp.
--Jim

 

[claytony]

You can have multiple DNS servers, multiple WINS servers, but you can only have multple DHCP servers if the IP ranges for which they are assigning addresses do not overlap, you then have to do some things to make sure they both don't try to give an address to the same machine.

It sound like your router was assigning addresses to external points, that is my guess at this point. The problem with that is that it essentially gives those points access inside your network if this is the case.

 

[GlenJohnson]

However, the strange part is still the fact that these addresses have macs (in the routers dhcp list) that are not belonging to any of my hardware "Rouge dhcp server?" Glen A. Johnson
Microsoft Certified Professional
glen@nellsgiftbox.com


"You can't stop the wind. But you can build windmills".
Dutch Proverb.

 

[JimHorton]

I'll have to check my Dlink settings, but I thought it wouldn't allow dchp to the wan, only the lan. I would assume that's the default, and I know I didn't set any unsafe non-defautls. The good news is that (to the best of my knowledge (according to win2k's audit logs, which I have set to show success/failure on login) no one but me has logged onto that box; the win98 boxes are a different story...
--Jim