Troubleshooting DHCP
Yesterday I started having some DHCP weirdness that has grown today. I'm kind of stumped and need some guidance. DHCP server is Windows Server 2008. It's also a DC and DNS server. It shows no errors relating to DHCP in Event Viewer, and there are plenty of addresses left in the scope. It can be pinged from client machines at 1 ms and no timeouts, and it can ping client machines with the same results. DNS is working fine. DC functions are working fine. DHCP, unfortunately, appears spotty. A number of clients (although apparently not all, from what I can tell) can't get leases. If you run ipconfig /renew from a command prompt, they report that they can't contact the DHCP server. If you manually assign an IP address, all works fine. So network connectivity seems okay-this seems to be strictly a DHCP issue. I'm guessing that I'm going to need a packet sniffer to further troubleshoot. I have to confess, though, that I've never in my life used one. I've just never needed to. So, can anyone recommend a free, simple packet sniffer I can run from a client machine to watch the DHCP traffic? And what, exactly, should I be looking for? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Troubleshooting DHCP
How large is the environment? Multiple subnets? Any commonalities between the clients that can't get DHCP addresses (same subnet, same OS patch level, etc...)? Any firewalls in-between the clients and the DHCP server? Firewalls turned on, on the client side? Cisco helper address issue? We use Wireshark here, and I think you'll find it well suited to what you are looking for,and it's free: http://www.wireshark.org/ I would put it on the DHCP server and a client and examine both. You need to see if the packets are getting to the DHCP server from the client. Chris Bodnar, MCSE Systems Engineer Distributed Systems Service Delivery - Intel Services Guardian Life Insurance Company of America Email: christopher_bod...@glic.com Phone: 610-807-6459 Fax: 610-807-6003 From: John Hornbuckle john.hornbuc...@taylor.k12.fl.us To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Date: 02/17/2010 09:49 AM Subject:Troubleshooting DHCP Yesterday I started having some DHCP weirdness that has grown today. I’m kind of stumped and need some guidance. DHCP server is Windows Server 2008. It’s also a DC and DNS server. It shows no errors relating to DHCP in Event Viewer, and there are plenty of addresses left in the scope. It can be pinged from client machines at 1 ms and no timeouts, and it can ping client machines with the same results. DNS is working fine. DC functions are working fine. DHCP, unfortunately, appears spotty. A number of clients (although apparently not all, from what I can tell) can’t get leases. If you run ipconfig /renew from a command prompt, they report that they can’t contact the DHCP server. If you manually assign an IP address, all works fine. So network connectivity seems okay—this seems to be strictly a DHCP issue. I’m guessing that I’m going to need a packet sniffer to further troubleshoot. I have to confess, though, that I’ve never in my life used one. I’ve just never needed to. So, can anyone recommend a free, simple packet sniffer I can run from a client machine to watch the DHCP traffic? And what, exactly, should I be looking for? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. - This message, and any attachments to it, may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient, you are notified that any use, dissemination, distribution, copying, or communication of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by return e-mail and delete the message and any attachments. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Troubleshooting DHCP
Wireshark is good and free. As is the NetMon 3.0 from MS. Sniff a good DHCP lease conversation, and then a failed one and compare the two. -sc From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, February 17, 2010 9:47 AM To: NT System Admin Issues Subject: Troubleshooting DHCP Yesterday I started having some DHCP weirdness that has grown today. I'm kind of stumped and need some guidance. DHCP server is Windows Server 2008. It's also a DC and DNS server. It shows no errors relating to DHCP in Event Viewer, and there are plenty of addresses left in the scope. It can be pinged from client machines at 1 ms and no timeouts, and it can ping client machines with the same results. DNS is working fine. DC functions are working fine. DHCP, unfortunately, appears spotty. A number of clients (although apparently not all, from what I can tell) can't get leases. If you run ipconfig /renew from a command prompt, they report that they can't contact the DHCP server. If you manually assign an IP address, all works fine. So network connectivity seems okay-this seems to be strictly a DHCP issue. I'm guessing that I'm going to need a packet sniffer to further troubleshoot. I have to confess, though, that I've never in my life used one. I've just never needed to. So, can anyone recommend a free, simple packet sniffer I can run from a client machine to watch the DHCP traffic? And what, exactly, should I be looking for? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RESOLVED: Troubleshooting DHCP
Well, we seem to have fixed the problem. I reset one of our switches, and clients started picking up IP addresses after that. This makes absolutely no sense to me. We don't have multiple subnets, DHCP relay, or anything complex. This is about as plain vanilla a design as they make. And there were no other problems being exhibited. Normally if a switch was acting crazy, I'd expect lots of symptoms. But everything other than DHCP was working fine. Still, I'm going to check out Wireshark right now. I want to be prepared in the future. John From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, February 17, 2010 9:47 AM To: NT System Admin Issues Subject: Troubleshooting DHCP Yesterday I started having some DHCP weirdness that has grown today. I'm kind of stumped and need some guidance. DHCP server is Windows Server 2008. It's also a DC and DNS server. It shows no errors relating to DHCP in Event Viewer, and there are plenty of addresses left in the scope. It can be pinged from client machines at 1 ms and no timeouts, and it can ping client machines with the same results. DNS is working fine. DC functions are working fine. DHCP, unfortunately, appears spotty. A number of clients (although apparently not all, from what I can tell) can't get leases. If you run ipconfig /renew from a command prompt, they report that they can't contact the DHCP server. If you manually assign an IP address, all works fine. So network connectivity seems okay-this seems to be strictly a DHCP issue. I'm guessing that I'm going to need a packet sniffer to further troubleshoot. I have to confess, though, that I've never in my life used one. I've just never needed to. So, can anyone recommend a free, simple packet sniffer I can run from a client machine to watch the DHCP traffic? And what, exactly, should I be looking for? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: RESOLVED: Troubleshooting DHCP
switch could have been blocking broadcast ( DHCP request from client ) across bridges but allowing directed traffic. Not completely uncommon even though it's not an every day thing. Was one of my complaints on the older 3Com switches years ago, needed to 'reboot' them after a month or so to keep them from acting intermittently flaky Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' _ From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, February 17, 2010 10:23 AM To: NT System Admin Issues Subject: RESOLVED: Troubleshooting DHCP Well, we seem to have fixed the problem. I reset one of our switches, and clients started picking up IP addresses after that. This makes absolutely no sense to me. We don't have multiple subnets, DHCP relay, or anything complex. This is about as plain vanilla a design as they make. And there were no other problems being exhibited. Normally if a switch was acting crazy, I'd expect lots of symptoms. But everything other than DHCP was working fine. Still, I'm going to check out Wireshark right now. I want to be prepared in the future. John From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, February 17, 2010 9:47 AM To: NT System Admin Issues Subject: Troubleshooting DHCP Yesterday I started having some DHCP weirdness that has grown today. I'm kind of stumped and need some guidance. DHCP server is Windows Server 2008. It's also a DC and DNS server. It shows no errors relating to DHCP in Event Viewer, and there are plenty of addresses left in the scope. It can be pinged from client machines at 1 ms and no timeouts, and it can ping client machines with the same results. DNS is working fine. DC functions are working fine. DHCP, unfortunately, appears spotty. A number of clients (although apparently not all, from what I can tell) can't get leases. If you run ipconfig /renew from a command prompt, they report that they can't contact the DHCP server. If you manually assign an IP address, all works fine. So network connectivity seems okay-this seems to be strictly a DHCP issue. I'm guessing that I'm going to need a packet sniffer to further troubleshoot. I have to confess, though, that I've never in my life used one. I've just never needed to. So, can anyone recommend a free, simple packet sniffer I can run from a client machine to watch the DHCP traffic? And what, exactly, should I be looking for? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: RESOLVED: Troubleshooting DHCP
If it happens again, this switch is headed for the dumpster... From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, February 17, 2010 10:30 AM To: NT System Admin Issues Subject: RE: RESOLVED: Troubleshooting DHCP switch could have been blocking broadcast ( DHCP request from client ) across bridges but allowing directed traffic. Not completely uncommon even though it's not an every day thing. Was one of my complaints on the older 3Com switches years ago, needed to 'reboot' them after a month or so to keep them from acting intermittently flaky Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, February 17, 2010 10:23 AM To: NT System Admin Issues Subject: RESOLVED: Troubleshooting DHCP Well, we seem to have fixed the problem. I reset one of our switches, and clients started picking up IP addresses after that. This makes absolutely no sense to me. We don't have multiple subnets, DHCP relay, or anything complex. This is about as plain vanilla a design as they make. And there were no other problems being exhibited. Normally if a switch was acting crazy, I'd expect lots of symptoms. But everything other than DHCP was working fine. Still, I'm going to check out Wireshark right now. I want to be prepared in the future. John From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, February 17, 2010 9:47 AM To: NT System Admin Issues Subject: Troubleshooting DHCP Yesterday I started having some DHCP weirdness that has grown today. I'm kind of stumped and need some guidance. DHCP server is Windows Server 2008. It's also a DC and DNS server. It shows no errors relating to DHCP in Event Viewer, and there are plenty of addresses left in the scope. It can be pinged from client machines at 1 ms and no timeouts, and it can ping client machines with the same results. DNS is working fine. DC functions are working fine. DHCP, unfortunately, appears spotty. A number of clients (although apparently not all, from what I can tell) can't get leases. If you run ipconfig /renew from a command prompt, they report that they can't contact the DHCP server. If you manually assign an IP address, all works fine. So network connectivity seems okay-this seems to be strictly a DHCP issue. I'm guessing that I'm going to need a packet sniffer to further troubleshoot. I have to confess, though, that I've never in my life used one. I've just never needed to. So, can anyone recommend a free, simple packet sniffer I can run from a client machine to watch the DHCP traffic? And what, exactly, should I be looking for? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: RESOLVED: Troubleshooting DHCP
just out of curiousity, what kind of switch is it ? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' _ From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, February 17, 2010 10:36 AM To: NT System Admin Issues Subject: RE: RESOLVED: Troubleshooting DHCP If it happens again, this switch is headed for the dumpster. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: RESOLVED: Troubleshooting DHCP
What kind of switch? If it's an HP, just get it replaced. Lifetime warranties are a beautiful thing... John Hornbuckle john.hornbuc...@taylor.k12.fl.us 2/17/2010 7:36 AM If it happens again, this switch is headed for the dumpster... From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, February 17, 2010 10:30 AM To: NT System Admin Issues Subject: RE: RESOLVED: Troubleshooting DHCP switch could have been blocking broadcast ( DHCP request from client ) across bridges but allowing directed traffic. Not completely uncommon even though it's not an every day thing. Was one of my complaints on the older 3Com switches years ago, needed to 'reboot' them after a month or so to keep them from acting intermittently flaky Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, February 17, 2010 10:23 AM To: NT System Admin Issues Subject: RESOLVED: Troubleshooting DHCP Well, we seem to have fixed the problem. I reset one of our switches, and clients started picking up IP addresses after that. This makes absolutely no sense to me. We don't have multiple subnets, DHCP relay, or anything complex. This is about as plain vanilla a design as they make. And there were no other problems being exhibited. Normally if a switch was acting crazy, I'd expect lots of symptoms. But everything other than DHCP was working fine. Still, I'm going to check out Wireshark right now. I want to be prepared in the future. John From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, February 17, 2010 9:47 AM To: NT System Admin Issues Subject: Troubleshooting DHCP Yesterday I started having some DHCP weirdness that has grown today. I'm kind of stumped and need some guidance. DHCP server is Windows Server 2008. It's also a DC and DNS server. It shows no errors relating to DHCP in Event Viewer, and there are plenty of addresses left in the scope. It can be pinged from client machines at 1 ms and no timeouts, and it can ping client machines with the same results. DNS is working fine. DC functions are working fine. DHCP, unfortunately, appears spotty. A number of clients (although apparently not all, from what I can tell) can't get leases. If you run ipconfig /renew from a command prompt, they report that they can't contact the DHCP server. If you manually assign an IP address, all works fine. So network connectivity seems okay-this seems to be strictly a DHCP issue. I'm guessing that I'm going to need a packet sniffer to further troubleshoot. I have to confess, though, that I've never in my life used one. I've just never needed to. So, can anyone recommend a free, simple packet sniffer I can run from a client machine to watch the DHCP traffic? And what, exactly, should I be looking for? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: RESOLVED: Troubleshooting DHCP
Amer.com. Just a step or two down from Cisco. ;-) John From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, February 17, 2010 10:41 AM To: NT System Admin Issues Subject: RE: RESOLVED: Troubleshooting DHCP just out of curiousity, what kind of switch is it ? Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, February 17, 2010 10:36 AM To: NT System Admin Issues Subject: RE: RESOLVED: Troubleshooting DHCP If it happens again, this switch is headed for the dumpster... NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: RESOLVED: Troubleshooting DHCP
Same thing happened to me with an couple HP 4000M switch many years ago - random ports would just stop taking in broadcasts after a few months of uptime. A firmware update eventually solved that. Phillip Partipilo Parametric Solutions Inc. Jupiter, Florida (561) 747-6107 From: Erik Goldoff [mailto:egold...@gmail.com] Sent: Wednesday, February 17, 2010 10:30 AM To: NT System Admin Issues Subject: RE: RESOLVED: Troubleshooting DHCP switch could have been blocking broadcast ( DHCP request from client ) across bridges but allowing directed traffic. Not completely uncommon even though it's not an every day thing. Was one of my complaints on the older 3Com switches years ago, needed to 'reboot' them after a month or so to keep them from acting intermittently flaky Erik Goldoff IT Consultant Systems, Networks, Security ' Security is an ongoing process, not a one time event ! ' _ From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, February 17, 2010 10:23 AM To: NT System Admin Issues Subject: RESOLVED: Troubleshooting DHCP Well, we seem to have fixed the problem. I reset one of our switches, and clients started picking up IP addresses after that. This makes absolutely no sense to me. We don't have multiple subnets, DHCP relay, or anything complex. This is about as plain vanilla a design as they make. And there were no other problems being exhibited. Normally if a switch was acting crazy, I'd expect lots of symptoms. But everything other than DHCP was working fine. Still, I'm going to check out Wireshark right now. I want to be prepared in the future. John From: John Hornbuckle [mailto:john.hornbuc...@taylor.k12.fl.us] Sent: Wednesday, February 17, 2010 9:47 AM To: NT System Admin Issues Subject: Troubleshooting DHCP Yesterday I started having some DHCP weirdness that has grown today. I'm kind of stumped and need some guidance. DHCP server is Windows Server 2008. It's also a DC and DNS server. It shows no errors relating to DHCP in Event Viewer, and there are plenty of addresses left in the scope. It can be pinged from client machines at 1 ms and no timeouts, and it can ping client machines with the same results. DNS is working fine. DC functions are working fine. DHCP, unfortunately, appears spotty. A number of clients (although apparently not all, from what I can tell) can't get leases. If you run ipconfig /renew from a command prompt, they report that they can't contact the DHCP server. If you manually assign an IP address, all works fine. So network connectivity seems okay-this seems to be strictly a DHCP issue. I'm guessing that I'm going to need a packet sniffer to further troubleshoot. I have to confess, though, that I've never in my life used one. I've just never needed to. So, can anyone recommend a free, simple packet sniffer I can run from a client machine to watch the DHCP traffic? And what, exactly, should I be looking for? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. _ If this email is spam, report it here: http://www.onlymyemail.com/view/?action=reportSpamId=ODEzNjQ6MTA0NjUyMjg1N jpwanBAcHNuZXQuY29t http://www.OnlyMyEmail.com/ReportSpam THIS ELECTRONIC MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL AND PROPRIETARY PROPERTY OF THE SENDER. THE INFORMATION IS INTENDED FOR USE BY THE ADDRESSEE ONLY. ANY OTHER INTERCEPTION, COPYING, ACCESSING, OR DISCLOSURE OF THIS MESSAGE IS PROHIBITED. IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER AND DELETE THIS MAIL AND ALL ATTACHMENTS. DO NOT FORWARD THIS MESSAGE WITHOUT PERMISSION OF THE SENDER. THIS ELECTRONIC MESSAGE AND ANY ATTACHMENTS ARE CONFIDENTIAL AND PROPRIETARY PROPERTY OF THE SENDER. THE INFORMATION IS INTENDED FOR USE BY THE ADDRESSEE ONLY. ANY OTHER INTERCEPTION, COPYING, ACCESSING, OR DISCLOSURE OF THIS MESSAGE IS PROHIBITED. IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER AND DELETE THIS MAIL AND ALL ATTACHMENTS. DO NOT FORWARD THIS MESSAGE WITHOUT PERMISSION OF THE SENDER. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Troubleshooting DHCP
If you are sniffing on the client or at the switch, Wireshark. If you are sniffing on the server, either Wireshark or the Network Monitoring Tools that come with the OS. However, if you can get one of these machines to get an IP address, and then do an 'ipconfig /all' you'll see what it thinks is the DHCP server. Kurt On Wed, Feb 17, 2010 at 06:46, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: Yesterday I started having some DHCP weirdness that has grown today. I’m kind of stumped and need some guidance. DHCP server is Windows Server 2008. It’s also a DC and DNS server. It shows no errors relating to DHCP in Event Viewer, and there are plenty of addresses left in the scope. It can be pinged from client machines at 1 ms and no timeouts, and it can ping client machines with the same results. DNS is working fine. DC functions are working fine. DHCP, unfortunately, appears spotty. A number of clients (although apparently not all, from what I can tell) can’t get leases. If you run ipconfig /renew from a command prompt, they report that they can’t contact the DHCP server. If you manually assign an IP address, all works fine. So network connectivity seems okay—this seems to be strictly a DHCP issue. I’m guessing that I’m going to need a packet sniffer to further troubleshoot. I have to confess, though, that I’ve never in my life used one. I’ve just never needed to. So, can anyone recommend a free, simple packet sniffer I can run from a client machine to watch the DHCP traffic? And what, exactly, should I be looking for? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Troubleshooting DHCP
John are you using IPSec in the network? There was a discussion within the last month where there was a bug of sorts with using IPSec and 2008 DHCP the fix looked easy but if you are not using IPSec then it is not going to help much. I personally never saw an issue with a mix of XP and Vista clients but I had a flat IP space. Jon On Wed, Feb 17, 2010 at 11:39 AM, Kurt Buff kurt.b...@gmail.com wrote: If you are sniffing on the client or at the switch, Wireshark. If you are sniffing on the server, either Wireshark or the Network Monitoring Tools that come with the OS. However, if you can get one of these machines to get an IP address, and then do an 'ipconfig /all' you'll see what it thinks is the DHCP server. Kurt On Wed, Feb 17, 2010 at 06:46, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: Yesterday I started having some DHCP weirdness that has grown today. I’m kind of stumped and need some guidance. DHCP server is Windows Server 2008. It’s also a DC and DNS server. It shows no errors relating to DHCP in Event Viewer, and there are plenty of addresses left in the scope. It can be pinged from client machines at 1 ms and no timeouts, and it can ping client machines with the same results. DNS is working fine. DC functions are working fine. DHCP, unfortunately, appears spotty. A number of clients (although apparently not all, from what I can tell) can’t get leases. If you run ipconfig /renew from a command prompt, they report that they can’t contact the DHCP server. If you manually assign an IP address, all works fine. So network connectivity seems okay—this seems to be strictly a DHCP issue. I’m guessing that I’m going to need a packet sniffer to further troubleshoot. I have to confess, though, that I’ve never in my life used one. I’ve just never needed to. So, can anyone recommend a free, simple packet sniffer I can run from a client machine to watch the DHCP traffic? And what, exactly, should I be looking for? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Troubleshooting DHCP
Sorry I just saw you fixed the issue. Jon On Wed, Feb 17, 2010 at 12:17 PM, Jon Harris jk.har...@gmail.com wrote: John are you using IPSec in the network? There was a discussion within the last month where there was a bug of sorts with using IPSec and 2008 DHCP the fix looked easy but if you are not using IPSec then it is not going to help much. I personally never saw an issue with a mix of XP and Vista clients but I had a flat IP space. Jon On Wed, Feb 17, 2010 at 11:39 AM, Kurt Buff kurt.b...@gmail.com wrote: If you are sniffing on the client or at the switch, Wireshark. If you are sniffing on the server, either Wireshark or the Network Monitoring Tools that come with the OS. However, if you can get one of these machines to get an IP address, and then do an 'ipconfig /all' you'll see what it thinks is the DHCP server. Kurt On Wed, Feb 17, 2010 at 06:46, John Hornbuckle john.hornbuc...@taylor.k12.fl.us wrote: Yesterday I started having some DHCP weirdness that has grown today. I’m kind of stumped and need some guidance. DHCP server is Windows Server 2008. It’s also a DC and DNS server. It shows no errors relating to DHCP in Event Viewer, and there are plenty of addresses left in the scope. It can be pinged from client machines at 1 ms and no timeouts, and it can ping client machines with the same results. DNS is working fine. DC functions are working fine. DHCP, unfortunately, appears spotty. A number of clients (although apparently not all, from what I can tell) can’t get leases. If you run ipconfig /renew from a command prompt, they report that they can’t contact the DHCP server. If you manually assign an IP address, all works fine. So network connectivity seems okay—this seems to be strictly a DHCP issue. I’m guessing that I’m going to need a packet sniffer to further troubleshoot. I have to confess, though, that I’ve never in my life used one. I’ve just never needed to. So, can anyone recommend a free, simple packet sniffer I can run from a client machine to watch the DHCP traffic? And what, exactly, should I be looking for? John Hornbuckle MIS Department Taylor County School District www.taylor.k12.fl.us NOTICE: Florida has a broad public records law. Most written communications to or from this entity are public records that will be disclosed to the public and the media upon request. E-mail communications may be subject to public disclosure. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
