Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Saturday, September 23, 2017 1:39 PM
Hi all,
new laptops now use Thunderbolt3/USB docking stations (ie see "dell TB15 docking station", or "HP Elite C Docking station"...).
These docking stations have their own network interface and mac address.
We need these laptops to get the same IP address whatever they are connected thru their docking station (ie. when user is working from his office) or thru their native network interface (ie. from a meeting room for example). Obviously, the user won't connect both interfaces at the same time.
What we observe is when you unplug the network interface, "ifconfig /all" won't show the ip address (it shows "media disconnected") but the IP address still remains on the interface with a deprecated status.
You can verify by disconnecting your network interface an check with the following commands :
Get-NetIPAddress -AddressState deprecated <--from PowerShell on Win8+
or
netsh interface ipv4 show address <--from cmd.exe on Win7+
The Problem :
When a user is working from a meeting room with a network cable, the laptop gets its IP address associated to the "Ethernet" physical interface. So far so good. Now meeting is finished: the user puts the laptop in sleep mode, unplugs the network cable, goes back to its office, connects to the docking station and finally wakes the laptop up -> The docking station network interface is offered the same IP address but Windows will discard the offer because the disconnected Ethernet interface has already a same (deprecated) IP. The docking station interface finally gets an APIPA address and the laptop has no LAN connectivity. Unplugging and plugging the docking station network cable doesn't change anything.
If we remove the deprecated IP address from the laptop interface with the following command (admin rights required) :
Get-NetIPAddress -IPAddress <ip_address> | Remove-NetIPAddress -confirm:$false
or
netsh interface ipv4 delete address "Ethernet" addr=<ip_address>
Unpluging/pluging the docking station network cable then restore the connectivity.
Of course, rebooting the computer also restores the connectivity as the deprecated ip address will be cleared, but this is not an option (who will accept to shut his laptop down to go to a meeting room) ?
Note : The problem also appears with OpenVPN if the same IP address is offered to the VPN client virtual network interface : the connection is established, the VPN servers offers the IP address but Windows refuses it and the virtual network interface finally gets an APIPA.
Question :
Is there a way (GPO, patch, persistent command etc...) to make Windows accept a DHCP offered IP address even if this IP is already deprecated on another network interface ?
AFAIK this problem seems to impact Windows only (Linux/MacOS seem to work as expected).
Any help greatly appreciated !
frd
All replies (13)
Sunday, September 24, 2017 1:30 AM
Hi Fred
Perhaps this can be approached another way if we know why you are trying to maintain the same address across adapters. If you are using DHCP then why must the PC always have the same IP Address regardless of adapter?
Monday, September 25, 2017 2:15 PM
Hello NoneAndOne,
thank you for your help.
This is for management reasons. We have a Linux DHCP service for Linux/Mac/Windows clients.
We systematically register mac addresses on it and we need our clients get the same ip whatever they connect with internal ethernet adapter or docking station.
This sounds a bit strange for me that Windows simply do not drop deprecated ip address if new bail is offered on another interface.
If we shut the previous interface with :
wmic path win32_networkadapter where index=<x> call disable
then
wmic path win32_networkadapter where index=<x> call enable
the ip address is cleared and the new bail is accepted on the new interface, but this command needs admin rights.
(BTW, you can use the command "wmic nic get index, name, physicalAdapter" to get the index <x> of every physical adapter on the computer).
Any ideas ? Do someone know a patch or GPO to change this behaviour ?
Thanks in advance.
Frd
Monday, September 25, 2017 9:14 PM
If you are using DHCP then why must the PC always have the same IP Address regardless of which of it's network adapters is in use?
"For management reasons" doesn't really help us to understand. The reason I ask is because your request is unusual (normally use of DHCP means you don't care what IP Address you get as long as it's in the right subnet and has the correct gateway and dns) and we may need to find another way to resolve your issue.
Tuesday, September 26, 2017 9:11 AM
Hi,
we use static DHCP and static DNS, static firewalling rules, and static registrations in our bases for multiple reasons. For example we need to manage users's computers, so they must have the same ip/dns over the time. I can't change this (and this is not my question).
My question is :
« Is there a way to make Windows do not keep its IP address after disconnecting a network interface ? »
(or « Is there a way to make it accept a DHCP offered IP address even if this IP address is on another disconnected interface (in deprecated state) ? »)
Any idea is welcome !
Tuesday, September 26, 2017 4:11 PM
We had a situation where some users were changing subnets on a vlan network when they went to a meeting room. We needed to run the command "ipconfig /release" from a script once the network interface in use becomes disconnected. So a script running on each laptop as a scheduled task to do this will take care of this issue. You could give all the laptop users a script that will do a release, pause and a renew for them if they find they aren't connected.
I suspect the lack of response is because your request is so unusual. The point of DHCP is to not care what ip address a computer is on because you can reference it by the computer's name. The added value being that you can create computer groups, allowing you to perform different tasks on different groups of computers. If you have services on your systems that require a pc to have a specific ip address you should update them so you are able to use DHCP as intended.
Thursday, October 5, 2017 9:33 AM
Hi,
thank you for your help and your suggestion, i really appreciate.
An "ipconfig /release" won't do the trick because the command is refused when media is disconnected (so it won't flush the ip from the wired interface even if connected with wireless).
Following your suggestion, i could create a scheduled task triggered on the e1yexpress source, event 27 and start the following script :
@echo off
net session >nul 2>&1
IF NOT %ERRORLEVEL%==0 (
echo This program must be executed with admin rights
echo ^(right clic -^> "execute as administrator"^).
echo.
echo.
echo Press any key to quit.
pause >nul
exit 1
) ELSE (
rem Look for any physical nic interface (this includes wired, wireless, VPN virtual nics and so)
FOR /f "tokens=1" %%a IN ('"wmic nic get physicaladapter, index, name | findstr TRUE"') DO (
rem Get the index of the interface
wmic nic where index=%%a get name | findstr -v Name
rem Disable the interface - this will flush the previous ip address wmic path win32_networkadapter where index=%%a call disable >nul 2>&1
if NOT %ERRORLEVEL%==0 (
echo Error %ERRORLEVEL% when disabling interface
) ELSE (
echo Disabling interface...
)
rem Enable the interface wmic path win32_networkadapter where index=%%a call enable >nul 2>&1
if NOT %ERRORLEVEL%==0 (
echo Error %ERRORLEVEL% when enabling interface
) ELSE (
echo Enabling interface...
)
echo.
)
)
This script works on Win7/8/10, BUT i WOULDN'T DO THAT because this task/script must be executed with admin rights (network operator is not sufficient) and this is a REAL security problem.
So. Any other suggestion ? ;-)
Thursday, October 5, 2017 9:36 AM
Let me explain again the situation :
A fair amount of local networks are using the 192.168.0.0/24 private network. If i connect to my office via wired network, my laptop is offered an IP address (let's say 192.168.0.10). Then i put my laptop asleep and wake it up on another wireless network. If it is a 192.168.0.x network, then probably i will get another 192.168.0.x IP address and no trouble when i connect. But SOMETIMES (if i'm unlucky) my laptop will be offered the previous 192.168.0.10 ip address and my laptop will refuse to connect without explanation. If i had used the same networking interfaces on both networks, everything would have worked perfectly. Ever.
So after spending some time on trying to understand why it doesn't connect, someone will say : "Hey guy, did you try to reboot your computer ?". And that will do the trick. Sadly, because this kind of behavior make people feel like Windows OS is full of bugs. Maybe they're not so wrong.
**
**
**Once again users must reboot Windows computers to correct erratic bahavior of this OS. Isn't Microsoft interested in correcting this kind of problem that makes their OS unreliable ?
**
**
**
**Patch is welcome.
**
Thursday, October 5, 2017 11:02 AM
This script works on Win7/8/10, BUT i WOULDN'T DO THAT because this task/script must be executed with admin rights (network operator is not sufficient) and this is a REAL security problem.
So. Any other suggestion ? ;-)
Do the script in a PowerShell module, you can use elevated permissions without compromising security.
Also, if you are in a position to do so, changing the DHCP subnet used from one of the obvious ones (like 192.168.0.0/24) is a simple way to help improve your security.
Thursday, October 5, 2017 12:35 PM
Hi,
I won't change my DHCP subnets because actually they are not 192.168.0.0/24 (this was an example to explain why this problem can impact anyone of us). Also i don't get why changing a subnet would be "a simple way to help improve my security" (?)
About my script, thanks for your suggestion : indeed my first attempt was to make a powershell script. And it works well on Win8/10 but not on Win7 out of the box because useful commands like 'Remove-NetIPAddress -IPAddress w.x.y.z' is not accepted on the powershell provided with Win7.
Anyway : once again thank you for your help and your time (i truly really appreciate) but since beginning i'm not asking "What am i doing wrong ?". I reported what i suspect to be a bug in Windows (or at least a strange behavior that impacts a certain number of customers every day) and what i ask is :
- If this is a "feature" for Microsoft, is there an option (in AD or else) that can revert to a more predictive behavior ? (ie: force to release the deprecated ip address attached to a disconnected interface when the same ip address is offered on another interface);
- If this is effectively a bug, is someone aware of a patch from Microsoft that would correct it ?
Maybe someone from Microsoft could clarify the situation ?
Thanks in advance.
Frd.
Thursday, October 5, 2017 4:32 PM
The obvious ones are more likely to be attacked. Perhaps you already know this but you can upgrade PowerShell on Windows 7 to the latest version, it's even recommended in a domain. Good luck solving your DHCP issues and getting useful support from a Microsoft employee.
Saturday, April 21, 2018 7:00 PM
No, the point of DHCP is to allow the network administrator to automate address assignment in any way he or she desires. Whatever idea you seem to have dreamed up about its use seems to have been pulled from cloud cuckoo land, because it has nothing to do with reality. I really hope that's not what they're teaching in Microsoft classrooms - or if they are that the "teacher" has gaint red shoes and a spinning bow tie.
If YOU desire to use it in the way you describe, then fine, use it that way, but some of US have been using it in the way WE desire for 30+ years. if you don't like that, then go and rewrite the RFCs.
Otherwise, stop breaking things and start complying with standards.
As much as Microsoft keeps trying to dictate standards to the world, it doesn't work like that.
We wrote 'em, you comply with 'em. Fix it.
If I sound frustrated, it's because I am. This is badly broken behaviour and it's causing major headaches. Microsoft is proving yet again that most of its coding its on the level of kiddies in bedrooms.
Saturday, April 21, 2018 7:23 PM
ipconfig /release does work if you can convince the user to do this _before_ they unplug, but the chances of getting them to do this are low. :(
Monday, December 10, 2018 8:25 AM
Hi,
sorry for reviving this thread, in case you havent found a solution yet, you could try to use a powershell script to remove deprecated IPs, maybe use some sort of trigger/scheduled Task .
I've used this one when we faced the same Problem:
################################################
$DEPRECATED = (Get-NetIPAddress -AddressState Deprecated -ErrorAction SilentlyContinue | Where-Object AddressFamily -in "ipv4").IPAddress
foreach ($IP in $DEPRECATED ) {
Remove-NetIPAddress -IPAddress $DEPIPV4 -ErrorAction SilentlyContinue -confirm:$false
}
#################################################
Regards ,
Regards, Dominic