Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Saturday, November 1, 2014 9:17 AM
Hey all,
We have a Windows Server 2003 SP2 x64 machine with DHCP role. All updates and necessary hotfixes are complete. This is a large environment with many DHCP scopes, sites etc.
All IPs are distributed by DHCP normally when we check, but frequently some unknown devices get IPs with long IDs and they seem to be distributed by DHCP/BOOTP. Sometimes only 1 device, sometimes dozens of them. We can't ping them, we can't reach their location by following \(IP) route. We don't even know if such devices do really exist. They occupy so much space. When we delete them, they just come back.
I can't use MAC filtering or such, because this is a really large environment. What could be the reason for this? Some kind of by-design or ordinary thing which we can explain to our managers and can be avoided someway taking any measures? Some kind of problem that needs to be fixed? I'm looking forward to hear your thoughts and advices.
Thanks in advance.
All replies (3)
Monday, November 10, 2014 11:54 AM ✅Answered
Hi Bruce,
Please perform a network capture on DHCP server. Find unusual DHCP discover/request packets.
Check the source MAC address of these packets. Then we can trace these MAC address by checking the network equipment.
To trace the MAC address with network equipments, please consult with the vendor of these equipments.
Best Regards.
Steven Lee
TechNet Community Support
Saturday, November 1, 2014 9:29 AM
Do you see same records in DNS ?
Check if this is related to your issue : http://blogs.technet.com/b/askpfe/archive/2011/06/03/how-dns-scavenging-and-the-dhcp-lease-duration-relate.aspx
Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Saturday, November 1, 2014 11:05 AM
Thanks for the reply.
Regarding DNS, no. Also at records of DHCP address lease, under the Name column, obtained IPs are listed again. They don't have names, but only IPs.
Checked the article, but there are no duplicate IPs in our sceneraio. All the unknown DHCP/BOOTP clients (don't know why BOOTP is involved here - mobile devices, MAC OSs or something?) obtain different IPs.
We're still at a loss.