Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Thursday, May 17, 2012 8:24 PM
We are experiencing a problem since we put in a new domain at a client site. There are two DC's that are configured as DNS servers in the new domain (.160 and .162) and the new domain has a two way trust to the old (2003) domain. We recently discovered that PC's are getting the wrong DNS server info on reboot. They are getting the OLD DNS servers (.10 and .11). If you force them to do an actual DHCP broadcast via ipconfig /renew - they get the right DNS information and show the DHCP server as being the correct, new domain controller (.160).
We are not sure where the old DNS server information is coming from as the old scopes are disabled. We have even spun up a new OS, set the IP configuration to "obtain automatically", joined it to the new domain and on boot, it also gets the "old" DNS server info. Interestingly, we have shut down the DHCP service, rebooted the machine so that it has no IP addressing at all then turned the DHCP service back on and it gets the "old" info (.10 and .11). The only way to get machines to do an actual DHCP broadcast and get the new DNS server info is to perform an "ipconfig /renew".
I have turned on switchport monitoring and performed a packet capture. It would appear that the machines do not perform an actual DHCP broadcast on boot. Is it possible that the lease was set to an extreme amount of time and until that original "old" lease expires the machine will automatically use a "cached" DNS server entry?
We have run a piece of software that looks for rogue DHCP scopes and it has found nothing. I have checked every switch, router and firewall in the network as well. Any insight or help you may have would be much appreciated!
Thank you,
Curtis
All replies (18)
Friday, May 18, 2012 7:39 PM ✅Answered
Witgh Windows 7, if it will keep the current DHCP lease it had prior to reboot as long as the gateway can be pinged, so it won't look for a renewal. Here's more on this:
DHCP Client Behavior
http://blogs.technet.com/b/networking/archive/2009/01/29/dhcp-client-behavior.aspx
If the DHCP client obtained a lease from a DHCP server on a previous occasion, and the lease is still valid (not expired) at system startup, the client tries to renew its lease. If, during the renewal attempt, the client fails to locate any DHCP server, it attempts to ping the default gateway listed in the lease, and proceeds in one of the following ways:
•If the ping is successful, the DHCP client assumes that it is still located on the same network where it obtained its current lease, and continues to use the lease as long as the lease is still valid. By default the client then attempts, in the background, to renew its lease when 50 percent of its assigned lease time has expired.
•If the ping fails, the DHCP client assumes that it has been moved to a network where a DHCP server is not available. The client then auto-configures its IP address by using the settings on the Alternate Configuration tab. When the client is auto-configured, it attempts to locate a DHCP server and obtain a lease.
As a workaround, you can force a Windows Vista or Windows 7 DHCP client to keep the old DHCP lease by adding registry key “DontPingGateway” if connectivity fails, see the resolution in the KB article below:
Windows Vista does not keep its DHCP IP address if a DHCP server is not available (works for Windows 7, too):
http://support.microsoft.com/kb/958336
.
So that wouldn't be a good method to test it, but as you said, simply manually run a renewal.
.
As for the GPO, this link shows where to look:
Use DNS Servers GPO Setting:
New group policies for DNS in Windows Server 2003
http://support.microsoft.com/kb/294785
DNS Group Policy Settings
http://technet.microsoft.com/en-us/library/dd197486(v=ws.10).aspx
.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This post is provided AS-IS with no warranties or guarantees and confers no rights.
Thursday, May 17, 2012 8:33 PM
When the client gets this "old" configuration, open a command prompt and type ipconfig /all. from the output, take a look to see which DHCP server is issuing the lease. Go back to that DHCP server and validate the scope settings.
Guides and tutorials, visit ITGeared.com.
Thursday, May 17, 2012 9:38 PM
IPconfig shows .160 as the DHCP server but with two DNS servers that are *not* configured in the scope - .10 and .11. The scope options on the new DC are good - it shows itself (.160) and .162 as configured DNS servers. To add to this, we just did another packet capture. We booted a machine and verified that ipconfig showed the old DNS servers .10 and .11. We then opened a command prompt and pinged both an external and internal hostname. The packet capture showed that the machine used the new server - .160 to resolve.
So - the machines are showing that they have .10 and .11 as their DNS servers but are actually using .160. No idea on this one.
Curtis
Thursday, May 17, 2012 10:11 PM
So its sounds like one of these flaky issues that are very difficult to explain because there is no reason for this to happen. I would try this.
Ensure that i have the latest NIC driver for the computer experiencing this issue. Go to device manager, uninstall the NIC, rescan and let Windows install the NIC again. If you have newer drivers apply those drivers.
By the way, good job on the packet capture.
Guides and tutorials, visit ITGeared.com.
Thursday, May 17, 2012 11:14 PM
Are the DNS addresses hardcoded in the NIC? You can actually hardcode DNS addresses and tell the NIC to get an IP from DHCP.
You may want to also look at all interfaces in the registry on a client, (from memory): under HKLM/CCS/Services/TCP/Parameters.
Also make sure that the router's DHCP service is disabled, just in case that DHCP service is running. Make sure the old server's DHCP service is disabled, too.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This post is provided AS-IS with no warranties or guarantees and confers no rights.
Friday, May 18, 2012 1:31 PM
Jorge - yes. It is a very flaky issue and all 160+ computers on this network are experiencing it. Interestingly, and I suppose its because they are actually using correct DNS servers (as opposed to the ones shown in ipconfig), there are no actual problems being experienced. I think we are going to leave this one alone unless client machines start exhibiting a problem.
Thanks for the input!
Curtis
Friday, May 18, 2012 1:34 PM
Ace - responses.
1. No they are delivered by DHCP. With nearly 200 machines in a dynamic environment, we need DHCP.
2. HKLM/CCS/Services/TCP/Parameters - we will look there.
3. We have done that on all routers, switches (L2 and L3) and firewalls.
4. Old server's scopes were disabled prior to discovering this.
I will let you know what we find in that registry key but interestingly, we have searched the registry on client machines, removed every single reference to .10 and .11 then rebooted it. When it comes back up, all references to .10 and .11 are back.
Curtis
Friday, May 18, 2012 3:35 PM
Whenever I hear that a DHCP design was changed, migrated, new server, etc, but the DHCP clients are still getting old DHCP Options and not the new one, it leads me to believe there is still a DHCP server on the network that is handing them out.
However, you stated and verified that ONLY the new DHCP server is up and running and there are no others out there. includeing routers, switches, rougue servers, wireless routers, a rogue wireless broadband device that someone may have brought in, etc.
I also assume you've ran a packet capture capturing only DHCP packets to make sure that the new server is the ONLY one responding to DHCP requests.
And when you ran an ipconfig /all, you say you're still getting the old DNS server addresses?
Is there a WINS server in place, too, and if so, was that migrated to a new server, and the new one is being provided?
Last thing left is to look at any GPOs that may be applying with old data.
.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This post is provided AS-IS with no warranties or guarantees and confers no rights.
Friday, May 18, 2012 7:22 PM
Ace, thank you. We will also look at GPO options.
Yes we have run the packet capture. Oddly, when client machines boot up, we do not see a DHCP broadcast at all. There is no DHCP broadcast taking place on boot. The only time we see a broadcast is when we force the machine to renew its' IP addressing from the command prompt (ipconfig /renew). And then, DHCP works correctly and delivers the correct DNS servers.
There are no other DHCP servers. We have run software that snoops for them but ironically, the client machines show the new DC (.160) to be the DHCP server (but with DNS servers that are *not* in .160's configured scope). So, on boot, the client machines show .160 as the DHCP server but show the old DNS servers (.10 and .11). I do not think this is an issue with DHCP because DHCP, when the server receives a broadcast from the clients, works exactly as it is supposed to. WINS was not in place.
Even with all of this, when we get on a machine that shows .10 and .11 as the configured DNS servers, when we ping an IP address, the packet captures shows that the machine uses .160 to resolve.
Curtis
Friday, May 18, 2012 8:34 PM
Ace, thank you. We will investigate these scenarios in detail.
Curtis
Tuesday, May 22, 2012 3:07 AM
Hi Curtis,
If there is any update on this issue, please feel free to let us know.
We are looking forward to your reply.
Thanks.
Tiger Li
Tiger Li
TechNet Community Support
Friday, May 25, 2012 2:53 PM
Yes, has there been any resolution to this problem. I am experiencing the exact same thing. New DHCP server on the network, some clients have the new DNS servers, some show the old DNS servers. Doing an ipconfig /release /renew works but it seems like clients are reverting back at some point to the old DNS servers, so strange. Any update would be appreciated! Thanks
Friday, May 25, 2012 3:08 PM
There can be numerous resolutions and is unique to an installation, so there isn't one solution that applies, such as possibly another DHCP server is still up and running, maybe a GPO setting that is forcing the old DNS server addresses which gets refreshed every 90 min, +/- 30 (the GPO update update frequency), etc.
.
As was discussed in this thread:
- Check your GPO settings
- Run a packet capture for DHCP packets and see if it's the only DHCP on the network
- Double check your DHCP Option 006 (read previous posts for the GPO settings location)
- Look at the client NIC properties to see if the IP is not hardcoded.
- etc
.
Ace Fekay
MVP, MCT, MCITP EA, MCTS Windows 2008/R2, Exchange 2007 & Exchange 2010, Exchange 2010 EA, MCSE & MCSA 2003/2000, MCSA Messaging 2003
Microsoft Certified Trainer
Microsoft MVP - Directory Services
Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php
This post is provided AS-IS with no warranties or guarantees and confers no rights.
Thursday, July 26, 2012 6:22 PM | 2 votes
I have just now run into this problem, almost identically, and may have the answer. In my situation, I had recently built a new DHCP server, and migrated all of the scopes over. All of my clients look to the new DHCP server just fine. I then built two new DNS server, and migrated all the zones over. I updated all of the scopes to issue the new DNS servers to all of the clients. Most everything updated just fine, either over time or through manual pushing/updating. The weird problem is now a handful of machines on one scope keep reverting their DNS servers back to the old addresses. I can manually issue an ipconfig /renew, and the DNS servers get updated to the new addresses, but sure enough, when I double check the next day, they have reverted. Even weirder is the new DHCP server is still listed. These are all a mix of W2K, W2K3, and W2K8 servers.
I checked every DHCP log I could find, and cannot see when these are getting changed back.
One other blog post I found indicated that if you still have the old DHCP server running, even though the scopes are disabled, somehow the options were still getting picked up by the client. Sure enough, when I looked, I found that I had not finished disabling the DHCP service on the old server.
I will follow up tomorrow if this actually fixes the issue.
Friday, July 27, 2012 5:17 PM | 2 votes
Yup, that fixed it.
If anyone is having this issue, I suggest looking for any instances of the DHCP service on the network even if the scopes are not active, and make sure the service is shut all the way off.
Thursday, September 6, 2012 6:21 PM | 1 vote
Shutting down the DHCP service on the old server was I could get the correct DNS servers to be assigned to the DHCP Clients. The clients were getting everything else from the new server but not DNS Server addresses. Doesn't make any sense at all.
Thursday, October 24, 2013 11:08 PM | 1 vote
Correct, the issue can be fixed by just diable DHCP server Service on old DHCP server.
Thursday, February 21, 2019 4:07 PM
Is there a way to easily find other instances of dhcp? WHen I disable the new DHCP server it doesn't get any new IP address when I do a renew but I still have those DNS servers. If I do a renew with the new DNS server on it gets the right address for DNS.