XP SP2 cannot contact DHCP after a restart

[Guest]

All PC and Servers (DHCP, DNS) were on the same network, and all clients PCs
are XP SP2.

Some users turn off their PC when they leave for the day, and when they come
back next morning, they are getting 169.254.x.x APIPA, to solve the problem,
they have to manually press the repair button in order to get back to our
network.

Some of the clients are not having the problem and some do, is there
something we can resolve? Is there a problem with my DHCP?

Thanks
vvii

 

[Chuck]

All PC and Servers (DHCP, DNS) were on the same network, and all clients PCs
are XP SP2.

Some users turn off their PC when they leave for the day, and when they come
back next morning, they are getting 169.254.x.x APIPA, to solve the problem,
they have to manually press the repair button in order to get back to our
network.

Some of the clients are not having the problem and some do, is there
something we can resolve? Is there a problem with my DHCP?

Thanks
vvii

Check the power setting on the NIC.
<http://nitecruzr.blogspot.com/2005/06/does-your-computer-lose-network.html>
http://nitecruzr.blogspot.com/2005/06/does-your-computer-lose-network.html

 

[Guest]

Now I am getting IP: 10.0.0.240/24 every once awhile after I have rebooted
the PCs.

Any other solutions?

 

[Chuck]

Now I am getting IP: 10.0.0.240/24 every once awhile after I have rebooted
the PCs.

Any other solutions?

What address are you normally getting from DHCP?

When you get the 10.0.0.240/24 address, check "ipconfig /all", and identify the
DHCP server. You probably have a rogue server somewhere, maybe a NAT router
giving out addresses.
<http://nitecruzr.blogspot.com/2005/05/reading-ipconfig-and-diagnosing.html>
http://nitecruzr.blogspot.com/2005/05/reading-ipconfig-and-diagnosing.html

 

[Guest]

we have a 192.168.1.x network with 192.168.1.2 DNS Server, 192.168.1.1
gateway, dhcp server 192.168.1.2

When I logon to the PC, and do ipconfig /all on the PC, I get the following:

Host Name: XXXXX
Primary DNS Suffix: mydomain.com
Node Type: Unknown
IP Routing Enable: NO
WINS: NO

Dhcp Enable: Yes
Autoconfiguration Enable: Yes
IP address: 10.0.0.241
Subnet mask: 255.255.255.0
Default Gateway:
DHCP Server: 10.0.0.3
Lease Obtained: Monday, April 9, 2007 12:25:19 PM
Lease Expires: Monday, April 9, 2007 12:35:19 PM

My client have to do ipconfig /release and ipconfig /renew in order to get

 

[Guest]

All our PCs, including Severs are all connected to a switch, the switch is
connected to a router and then out to the ISP.

I am kind of confuse, do you mind if you can explain a little bit more
detail.

 

[Chuck]

we have a 192.168.1.x network with 192.168.1.2 DNS Server, 192.168.1.1
gateway, dhcp server 192.168.1.2

When I logon to the PC, and do ipconfig /all on the PC, I get the following:

Host Name: XXXXX
Primary DNS Suffix: mydomain.com
Node Type: Unknown
IP Routing Enable: NO
WINS: NO

Dhcp Enable: Yes
Autoconfiguration Enable: Yes
IP address: 10.0.0.241
Subnet mask: 255.255.255.0
Default Gateway:
DHCP Server: 10.0.0.3
Lease Obtained: Monday, April 9, 2007 12:25:19 PM
Lease Expires: Monday, April 9, 2007 12:35:19 PM

My client have to do ipconfig /release and ipconfig /renew in order to get
on to the domain.

OK, find the device with IP address 10.0.0.3 - that's the problem. Someone has
an extra NAT router stashed somewhere, maybe using it as a WiFi AP.

 

[Guest]

I try to ping 10.0.0.3, but lost all 4 packets and requested timed out.

Actually, we do have couple D-Link 4-ports 10/100 fast ethernet switch on
some of our cubicle, since we only have 1 ethernet outlet per cubicle, and
sometime they have 2/3 laptops persons.

But I believe that though swtiches doesn't provide IP address.

Please advise

vvii

 

[Guest]

Now when I restart another computer, it show 10.0.0.48, and I can ping it
with time<1ms

 

[Chuck]

All our PCs, including Severs are all connected to a switch, the switch is
connected to a router and then out to the ISP.

I am kind of confuse, do you mind if you can explain a little bit more
detail.

The addresses that you provided above - "a 192.168.1.x network with 192.168.1.2
DNS Server, 192.168.1.1 gateway, dhcp server 192.168.1.2" suggest a private LAN
behind a NAT router - NOT a switch. You need to understand the difference.
<http://nitecruzr.blogspot.com/2006/02/set-of-simple-network-components.html>
http://nitecruzr.blogspot.com/2006/02/set-of-simple-network-components.html

Your LAN includes a DHCP server which assigns dynamic settings (including IP
address) to any computers asking for settings. That's DHCP.
<http://nitecruzr.blogspot.com/2005/05/reading-ipconfig-and-diagnosing.html>
http://nitecruzr.blogspot.com/2005/05/reading-ipconfig-and-diagnosing.html

A server providing DHCP settings only gets a DHCP request from other computers
on the subnet - DHCP requests don't pass thru routers. You can have just ONE
DHCP server on a subnet, or you can get conflicts.

Your DHCP server is 192.168.1.2, which will generally (but not always) be on a
192.168.1.0/24 network, with a 255.255.255.0 subnet mask.

Your problem computers are getting DHCP settings from 10.0.0.3, which is
generally on a 10.0.0.0/8 network, with a 255.0.0.0 subnet mask. This suggests
that you have an unknown computer / network device on your network that's
issuing DHCP for 10.0.0.0/8.

This problem has been seen here a few times. It's frequently caused by a NAT
router, connected to the network, and being used as a switch or a WiFi Access
Point. Maybe YOU connected it, maybe a coworker did.

Rogue APs are a big problem on many networks. Someone gets used to working at
home, in his bedroom without wires, so he gets to work, someone tells him "No
WiFi here", and he thinks "Why not?". She goes to Walmart, buys a WiFi router,
comes to work the next day, hooks it up, and is online in a couple minutes.

But a NAT router, with the DHCP server giving out settings, will respond to any
computer asking for settings. Computers asking for settings have no way of
knowing if the settings provided are from a legit DHCP server, or an unknown
one, carelessly connected and unknown.

Ping 10.0.0.3. If you get a response, ask why you should, on a 192.168.1.0/24
network?

 

[Guest]

We have a private LAN, which connected to a router, and it connected to the
ISP.

However, in our private LAN, we have a switch, which connected to all our
client PCs and Servers.

We also have couple D-Link 4-ports 10/100 fast ethernet switches on some of
our cubicle, since we only have 1 ethernet outlet per cubicle, and sometime
they have 2/3 laptops per person.

Here is my network breakdown:
ISP <-> router <-> firewall <-> switch <-> {Servers and PCs}

 

[Chuck]

I try to ping 10.0.0.3, but lost all 4 packets and requested timed out.

Actually, we do have couple D-Link 4-ports 10/100 fast ethernet switch on
some of our cubicle, since we only have 1 ethernet outlet per cubicle, and
sometime they have 2/3 laptops persons.

But I believe that though swtiches doesn't provide IP address.

Please advise

vvii

OK, you're on a 192.168.1.0/24 (probably) subnet. You have a DHCP server,
192.168.1.2. How does all of this connect to the Internet? Makes and model of
the network equipment would go a long way towards verifying your claim.

If you're truly connected to the Internet thru a switch (not a router), and
you're running a private IP network, you are in danger. DHCP is one problem,
but it's not the greatest threat.
1) You have a whole network of computers, exposed to the Internet.
2) You are issuing DHCP settings to any computer connected near you (on the same
side as the upstream router).
3) You are accepting DHCP settings from any DHCP server connected near you (ie
10.0.0.3).
4) You are on a broadcast domain with all computers connected near you.

I highly recommend that you verify your network setup, and take precautions,
before continuing.

 

[Chuck]

We have a private LAN, which connected to a router, and it connected to the
ISP.

However, in our private LAN, we have a switch, which connected to all our
client PCs and Servers.

We also have couple D-Link 4-ports 10/100 fast ethernet switches on some of
our cubicle, since we only have 1 ethernet outlet per cubicle, and sometime
they have 2/3 laptops per person.

Here is my network breakdown:
ISP <-> router <-> firewall <-> switch <-> {Servers and PCs}

OK, that's WAY better. 8=)

So, you're on a private LAN, 192.168.1.0/24, with a DHCP server 192.168.1.2.
Some of your computers are getting DHCP settings from 10.0.0.3. That's a rogue
DHCP server, and it's on the LAN with you, below the router.

Your problem is the rogue DHCP server. Find the rogue DHCP server.

If you have laptops, I'll lay odds someone has setup their own router, WiFi or
otherwise, and left the DHCP server on.

Get PingPlotter, and set it pinging 10.0.0.3. See how close PP shows that IP
address is. Then start unplugging cables from the switches, and watch the PP
display.
<http://nitecruzr.blogspot.com/2006/09/diagnosing-network-problems-using.html>
http://nitecruzr.blogspot.com/2006/09/diagnosing-network-problems-using.html