XP getting DHCP lease every login

[damienlong]

Our XP workstations are getting a new DHCP lease everytime they are turned on. We are running a NT 4.0 Domain controller and the NT machines on the network get a new lease when their current lease expires. We have the leases set to expire every 9 days, but the XP machines get a new licence everytime they are turned on.

Can anyone help?

 

[bcastner]

When your machine is turned on it makes a DHCP broadcast to obtain a new IP address. This is normal behavior. If left on constantly, it will begin making lease renewal requests beginning when 60 percent of the remaing lease period is left. In the latter case a renewal is usually granted for the same IP. In the former case it is not assured that the IP will be identical.

If you are concerned about keeping the same IP, make a reservation for the IPs by MAC address on the DHCP server.

 

[damienlong]

The problem that we are having is that when the computer is turned on it doesn't check that the lease has expired. It just re-news the lease each time. it does not wait till 60% of the remaining time is left.

 

[bcastner]

When the computer is turned on it has no "memory" of there every having been a lease.

 

[damienlong]

We have NT machines that keep their lease even when the computer is turned off. I am slightly confused on why it is always renewing the lease.

 

[bcastner]

You can set this feature at the DHCP server.

 

[damienlong]

The NT Server is setup so that the leases expire after 9 days. The NT machines do this properly but the XP machines don't. We are guessing its an XP problem, some setting or service is incorrectly configured.

 

[ubertech]

Are these "XP pc's" laptops by any chance?

What is the differnce int he way the NT pc's and the XP pc's connect to the network?

 

[damienlong]

The XP machines are both laptops and desktops and they both having the login trouble. Thye are both connected the same to the network. They go straight to cisco switches.

 

[ubertech]

Well then I am stumped. I run a DHCP server with NT machinces and XP machines and have no problems at all with IP renewal.

The reason I asked if the XP machines were laptops was the only reason I could see the IP's changing so much due to the fact if you have a laptop you normally undock and connect to a VPN or some sort of Internet connection.

 

[bcastner]

Lets ignore DHCP leases for the moment.

When you say they have difficulties logging in, what exactly are the difficulties? Very slow logons, error messages? What exactly is happening?

For if you have connectivity issues it can explain a lot.

 

[bcastner]

And,

Are you using WINS?
Are you using DNS?
Are you using LMHOSTS?

 

[damienlong]

The logging in can take up to 10 minutes to get past the "loading personal settings". I have had a look at the event log and it seems to stop before "Network Settings".

We are using WINS and DNS, but not LMHOSTS.

 

[bcastner]

You might want to read my Xp-to-Win2k Domain FAQ faq779-4017

I have thought about doing a pure XP to NT Domain FAQ, but just do not play with NT anymore.

As a rough sketch of improving XP to NT connectivity, the following seem to me important.

1. Autonegotiation issues. I covered this in the Win2k FAQ
2. SMB Signing Issues: Policy Changes Required

Source:

http://support.microsoft.com/default.aspx?scid=kb;en-us;318266

SYMPTOMS

After you join a Windows XP-based client to a Windows NT 4.0-based domain, the client may be unable to log on to the domain. You may receive the following error message:

Windows cannot connect to the domain either because the domain controller is down or otherwise unavailable or because your computer account was not found.
Event ID 5723 may also be recorded on a domain controller in the domain when the client attempts to log on:

The session setup from the computer Computername failed to authenticate. The name of the account referenced in the security database is Computername. The following error occurred: Access is denied.
You may also see the following entry in Event Viewer on the client:

Event Source: NETLOGON
Event ID: 3227
Description:
The session setup to the Windows NT or Windows 2000 domain controller \\Server for the domain Domainname failed because \\Server does not support signing or sealing the Netlogon session. Either upgrade the domain controller or set the RequireSignOrSeal registry entry on this machine to 0.

CAUSE
This behavior occurs because the Windows XP-based client tries to sign or seal the secure channel. Windows XP Professional does this by default. However, Windows NT 4.0 is not configured to do this by default.

RESOLUTION
To resolve this issue:
Click Start, and then click Control Panel.
If you are using Classic view in Control Panel, double-click Administrative Tools, and then double-click Local Security Policy.

If you are using Category view in Control Panel, click Performance and Maintenance, click Administrative Tools, and then double-click Local Security Policy.
Under the Local Policies\Security Options node, double-click the Domain Memberigitally encrypt or sign secure channel data (always) policy to open it.
Click Disabled, and then click OK.

MORE INFORMATION
For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
183859 Integrity Checking on Secure Channels with Domain Controllers

3. Node type Mismatch. This should not happen, but does. You want a Hybrid node type and may have to make a registry edit to force it. See my discussion here: Thread779-646528

4. Browser Issues.
For an NT Domain I would stop, and disable the Computer Browser on XP clients.

5. WINS issues. Make certain the entries are current, that the primary and secondary WINS server addresses are addded in UNC form and not using the Netbios naming convention.

6. DNS issues. DHCP should push out only the address for the DNS server itself. DNS configuration for internet access I covered in my discussion of the forwarder service in the FAQ I linked earlier. Dynamic registration of DNS is not relevant to an NT Domain and should be disabled in the TCP/IP Properties of the client, DNS Tab.

7. HOSTS issues. Either clean of entries other than localhost, or a single entry for the NT WINS/Server.

8. LMHOSTS should be explicitly disabled in TCP/IP Properties of the client.

9. Asynchronous Processing of Logon Commands.

You may experience extremely long delays (up to 5 minutes) when logging into domains using Windows XP Pro. This is caused by the asyncronous loading of networking during the boot up process. This speeds up the login process in a stand-alone workstation by allowing the user to log in with cached logon credentials before the network is fully ready.

To disable this "feature" and restore your domain logons to their normal speed, open the MMC on the XP client and add the group policy snap-in. Under Computer Configuration-->Administrative Templates-->System-->Logon, change "Always wait for the network at computer startup and logon" to ENABLED.

10. Start, Run, services.msc

Stop the "WebClient" service, and set its startup type to disabled.

I am sorry this is sketchy, perhaps I will write a longer piece in the future. I note one other oddity of XP in an NT Domain and that is the Time Service. This article was originally written for Win2k clients, but applies just as well to XP in an NT Domain:

http://support.microsoft.com/defaul...port/kb/articles/Q258/0/59.ASP&NoWebContent=1

The most important MS KB article to read and understand while introducing XP clients is this one:

http://support.microsoft.com/default.aspx?scid=kb;en-us;314861