Puzzling DHCP Problem

[djtech2k]

One of my people in the field just setup another 2003 DHCP server in my Domain. It is about the 30th DHCP server we have. They all work except this one. I am now looking at it myself. The scope settings look fine. I have uninstalled/reinstalled DHCP myself and set it all up myself just to be sure. It will NOT work. As a test, I setup tftpd32 to test if its my cisco switches. It worked fine. I immediately got an ip address. Just FYI, I am working on it remotely, so I have the 2nd NIC in the server plugged in and am using it as my DHCP client test when I make changes.

Anyway, since tftpd32 worked as a dhcp server my network must be fine. It is something with this server. All services are setup, IP settings look fine, and it IS authorized in AD. I am at a standstill on this one.

Any good ideas? My server is 2003 R2 SP1.

The only errors I see are the normal MSDTC erros that come in SP1. I just fixed one the other day, but cannot remember the service fix at the moment. I know its a matter of granting a certain account permissions to the MSDTC service, but that should not affect this I do not think.

Any ideas?

 

[djtech2k]

There are MANY weird things that happened with this. DHCP was installed/configured on a total of 3 different servers with little success. When I became involved, I did get it to appear to work for a while and hand out some IP's, but suddenly it stopped working. I had put in 1 scope and after a while I saw some leases being handed out. So, I setup the 2nd scope. After a while, no more new leases came out. Also, if you did a release and renew on the mahcines or started up a new machine, they would not get an IP. So, this appeared to stop working. We moved the setup to another server and it never handed out an IP.

In the end, because Monday morning was coming fast, we had to revert back to the original, OLD 2000 server. It worked fine.

I also had our network operations people involved and they said that the Cisco switches/routers looked fine. This location has a single VLAN with multiple subnets. We only configured 1 superscope containing 2 small scopes on this DHCP. It is very puzzling and is still not resolved.

Any ideas?

 

[Davetoo]

Is iphelper running on your Cisco switches?

I'm Certifiable, not cert-ified.
It just means my answers are from experience, not a book.

 

[djtech2k]

It is running, but I was told by our Cisco guys that because this location only has 1 vlan, iphelper was not needed.

 

[WhoKilledKenny]

Just FYI, I am working on it remotely, so I have the 2nd NIC in the server plugged in and am using it as my DHCP client test when I make changes.

Are both nics on differents subnets and did you assign default gateways on both nics? If so you could be having a problem with the servers routing table. You can only have one default route 0.0.0.0 - with two gateways set up it would confuse the issue on which gateway should be the default route.

We only configured 1 superscope containing 2 small scopes on this DHCP.

I have not had to set up a "superscope" on any LAN. Usually used in an ISP senerio. I would just set up a regular scope for each vlan. Depending on how you are doing your IP addressing.

Those this info doesn't provide a solution, they are suggestions to assist in troubleshooting the issue...

 

[djtech2k]

As of now, the server has 2 NIC's with 1 disabled. Since I had to work on it via RDP, I enabled the 2nd NIC with DHCP just to see if I could get an IP. It never worked so I disabled it again.

As for the superscope, I had it both ways. I tried it with just a scope and then under a superscope.

 

[djtech2k]

Also, since I had to have them stand up the old 2000 server again to get people running, is it even going to be possible for me to stand up this new DHCP server at the same time? I plan to setup a 10 IP scope on this new one so it will not affect the scopes in use on the old one. I am afraid that multiple DHCP's may be a problem or that the new DHCP will never hand out an IP because all clients go to the old one.

 

[crobin1]

There are a variety of factors, but clients will take an IP address from the first DHCP server that answers. Clients do look back to that server for renewals, and only search for other DHCP servers if that first one doesn't respond by the time the client hits something like 85% of its lease time.

 

[djtech2k]

Thats what I thought would happen, but I am trying to cover all bases. My main problem is still that my 2003 server will NOT hand out IP's. Like I said, the old server that this office was migrating away from is now back online doing DHCP because the new one will not work. The server seems fine, but its as if the clients do not know the server is DHCP or the server does not know there are clients wanting an IP. I have tried all tricks I can think of, but nothing has worked. As I said in my original post, for a short time I did have about 80 IP's handed out, but then the clients could not find the DHCP server again. Meanwhile the old 2000 junk is working fine.

Are there any possible GPO's/Local policies that could cause DHCP problems? I have a custom unattend build that is used that I created, but it has worked numerous times in the past.

 

[TheLad]

I was under the impression that, even though the switch is running 1 VLAN, you still needed iphelper configured on it. I would check with your network guys to see whether the IP Address of the old server is configured in the iphelper section of the switch config.

--------------------------------------
"Insert funny comment in here!"
--------------------------------------

 

[WhoKilledKenny]

Just to verify, your custom unattended authorizes the DCHP server and activates the scope?

You would need the IP Helper address to allow DHCP broadcasts to traverse the router. So if you were using DCHP (on VLAN1) to service both VLAN1 and VLAN2, your network guys would have to allow the broadcast. If DCHP is on VLAN1 and only servicing VLAN1 then you would not need an IP Helper address. VLAN1 would be its own broacast domain. This is not to say that an ACL could not be placed on the switch port to stop DHCP traffic, but this would not be the case with the issue at hand as the 2000 DHCP server seems to be working.

I would set up a packet capture on the DHCP interface to see if the 2k3 DHCP server is seeing requests. Try using something like Ethereal or Network Monitor from Microsoft.

 

[djtech2k]

My unattend does not do anything with DHCP. It is just the core OS load. As for the VLAN ?, there is only 1 VLAN that contains multiple subnets. The DHCP server needs to have 3 scopes in 3 different subnets.

The server that I need to get DHCP running on serves as a few other functions, so if I run packet captures it will get many hits from different apps. What should I look for to see if it is getting IP requests from DHCP clients?

 

[WhoKilledKenny]

Protocol: DHCP
Packets: DCHP Discover, OFFER, Request, ACK.

Sorry for my ingnorance on this subject, can you have multiple subnets on one VLAN? Usually I see one subnet per VLAN, but then again I am not a cisco guy. If you can, my guess would be that the DHCP server wouldn't know which subnet the Discover packet is comming from, therefore would not no which scope to send in the offer packet.

But even so... You would think that the win2000 DHCP would not work.

Try the packet capture and see if you are getting Discover Packets - this will tell you that the DHCP server is receiving a client's initial request.
Open any Offer Packets and see which IP address is being Offered to the client, is it the right subnet?
In the ACK packet you should see all the scope options and the Lease Time information, Renewal, and the DHCP server's IP address the provided the lease.

To make sure action is happening on the network, temporarily set a short lease time; say one hour.