Guest Jon Sherry Posted July 27, 2007 Posted July 27, 2007 I need to pick the brains of any DHCP and basic networking gurus about a very bizarre issue my company is having. For the last 4-5 days laptop users in the company have been unable to obtain a DHCP lease from our domain controller until, at some random point during the day, it decides to work again. Here are the symptoms and key settings: Laptop users come in at 8AM and can't get an IP lease. Between 9 and 12 things mysteriously return to normal, at least until the next day. Laptop users connect via wired and/or wireless connections. Laptop users who leave their computer connected overnight have no issue the following morning. PerfMon counters for DHCP don't show the laptop users even requesting DHCP. Desktop clients seem to have no trouble connecting as they remain on all the time, just with the user logged out. Laptops are not joined to the domain (due to some global policy issues no one has had time to iron out.) DHCP runs normally on the domain controller. DNS runs normally on the domain controller. There is one scope of 192.168.6.175 - 7.255 available (6.255 excluded) but only about 15% are used on a daily basis. No DHCP filtering is enabled. Test PCs (desktop) can release and renew without any trouble. Laptop users connect to a variety of switches throughout the facility, eliminating a faulty switch as the cause. The only recurring error event in the event log for the server is a NetBT failure to create a secure connection to the PDC at corporate. We've got 2 network administrators and 2 network engineers on this and we're all stumped. We've been unable to find a common thread that ties all these computers together other than being laptops. But there's nothing other than not being part of the domain that sets the laptops apart from the desktop in terms of networking. I've theorized there might be a policy object floating around out there that may have put time limits for non-domain machines to connect, but the time at which the problem resolves itself each day seems to vary widely. Can anyone suggest anything to explain these bizarre behaviors?
Guest Phillip Windell Posted July 27, 2007 Posted July 27, 2007 Re: DHCP mysterious misbehavior "Jon Sherry" <sherry.no.spam.jonathan@pmcsg.nospam.com> wrote in message news:%23bpQCQF0HHA.1484@TK2MSFTNGP06.phx.gbl... I can't say I have a solution, but I have a few comments to toss out. > There is one scope of 192.168.6.175 - 7.255 available (6.255 excluded) but > only about 15% are used on a daily basis. I'll come back to this. > these computers together other than being laptops. But there's nothing > other than not being part of the domain that sets the laptops apart from > the desktop in terms of networking. Domain membership has nothing to do with getting an IP Config from a DHCP Server. You could rig your LAN Switches to get their IP Config from DHCP if you chose to and they certainly are not domain members,..not to mention Linux machines, Macs, etc. > I've theorized there might be a policy object floating around out there > that may have put time limits for non-domain machines to connect, but the > time at which the problem resolves itself each day seems to vary widely. There is no such ability without implementing a complex 802.1x which could not possibly happen by accident and requires capable equipment to do it. (hope I got my "802" numbers correct) Now back to this:... > There is one scope of 192.168.6.175 - 7.255 available (6.255 excluded) but > only about 15% are used on a daily basis. You should never let your IP Segment be over 250-300 Hosts. That is why the /24bit mask subnet of 254 Hosts is the perfect size. If you need more Hosts, then create a new segment. When you climb above that recommendation the LAN effieciency degrades due to the number of Broadcasts on the wire that are perfectly natural and normal for Ethernet. Interestingly, DHCP works via Broadcasts. I'm not saying for sure that you are overloaded with Broadcasts in the early part of the day that is crowding out the DHCP queries,..but the theoretical possiblity exist. The purpose for lower bit masks (less than /24bit) is for Supernetting multiple IP segments over a "backbone" where they are then broken apart into smaller IP segments (/24bit or higher) at a later downstream router. For example you can Supernet 256 subnets over a Backbone using 10.0.0.0/16 and then break them into 254 host segments further downstream with 10.?.?.0/24. This is how the Internet functions and is how IP Ranges are dealt with concerning ISPs. An ISP may own a full /8bit block of addresses 14.0.0.0/8 and then break them up for thier customers into segments of 14.?.?.0/24 of even smaller segmets with /25, /26, etc. However the Internet Routers out across "Internetland" only maintain the Supernetted route for 14.0.0.0/8 in their routing tables that takes the traffic to the ISP, then it is up the ISP to break it down and route it from there. Concering DHCP Scopes. The Scope should contain the Full IP range of the Subnet,..not a "piece" of it. You then control what is given (or not given) out to clients by using Exclusions. If you run low on addresses then you change the Exclusions to make more available or you can increase the Exclusions to reduce what is available if that is needed. -- Phillip Windell http://www.wandtv.com The views expressed, are my own and not those of my employer, or Microsoft, or anyone else associated with me, including my cats. -----------------------------------------------------
Guest Jon Sherry Posted July 30, 2007 Posted July 30, 2007 Re: DHCP mysterious misbehavior Ok, so here's another wrinkle to the problem. For some reason the bug is active for only a few hours in the morning, roughly between 6:30AM and 10:30AM, give or take on both ends. It will suddenly stop allowing DHCP requests to go through, and just as suddenly resume normal function. And to make matters worse, you can put a couple machines on static IPs in the exclusion range and they STILL can't talk to one another. But what really bugs me is that the desktops have no trouble acheiving DHCP when the laptops can't, even if you delete that desktop's lease entirely. Its almost as though the system can somehow sniff out a laptop and refuse to listen to its request for DHCP. "Phillip Windell" <philwindell@hotmail.com> wrote in message news:usF8xtF0HHA.3564@TK2MSFTNGP04.phx.gbl... > "Jon Sherry" <sherry.no.spam.jonathan@pmcsg.nospam.com> wrote in message > news:%23bpQCQF0HHA.1484@TK2MSFTNGP06.phx.gbl... > > I can't say I have a solution, but I have a few comments to toss out. > >> There is one scope of 192.168.6.175 - 7.255 available (6.255 excluded) >> but only about 15% are used on a daily basis. > > I'll come back to this. > >> these computers together other than being laptops. But there's nothing >> other than not being part of the domain that sets the laptops apart from >> the desktop in terms of networking. > > Domain membership has nothing to do with getting an IP Config from a DHCP > Server. You could rig your LAN Switches to get their IP Config from DHCP > if you chose to and they certainly are not domain members,..not to mention > Linux machines, Macs, etc. > >> I've theorized there might be a policy object floating around out there >> that may have put time limits for non-domain machines to connect, but the >> time at which the problem resolves itself each day seems to vary widely. > > There is no such ability without implementing a complex 802.1x which could > not possibly happen by accident and requires capable equipment to do it. > (hope I got my "802" numbers correct) > > Now back to this:... > >> There is one scope of 192.168.6.175 - 7.255 available (6.255 excluded) >> but only about 15% are used on a daily basis. > > You should never let your IP Segment be over 250-300 Hosts. That is why > the /24bit mask subnet of 254 Hosts is the perfect size. If you need more > Hosts, then create a new segment. When you climb above that > recommendation the LAN effieciency degrades due to the number of > Broadcasts on the wire that are perfectly natural and normal for Ethernet. > Interestingly, DHCP works via Broadcasts. I'm not saying for sure that > you are overloaded with Broadcasts in the early part of the day that is > crowding out the DHCP queries,..but the theoretical possiblity exist. > > The purpose for lower bit masks (less than /24bit) is for Supernetting > multiple IP segments over a "backbone" where they are then broken apart > into smaller IP segments (/24bit or higher) at a later downstream router. > For example you can Supernet 256 subnets over a Backbone using 10.0.0.0/16 > and then break them into 254 host segments further downstream with > 10.?.?.0/24. > > This is how the Internet functions and is how IP Ranges are dealt with > concerning ISPs. An ISP may own a full /8bit block of addresses > 14.0.0.0/8 and then break them up for thier customers into segments of > 14.?.?.0/24 of even smaller segmets with /25, /26, etc. However the > Internet Routers out across "Internetland" only maintain the Supernetted > route for 14.0.0.0/8 in their routing tables that takes the traffic to > the ISP, then it is up the ISP to break it down and route it from there. > > Concering DHCP Scopes. The Scope should contain the Full IP range of the > Subnet,..not a "piece" of it. You then control what is given (or not > given) out to clients by using Exclusions. If you run low on addresses > then you change the Exclusions to make more available or you can increase > the Exclusions to reduce what is available if that is needed. > > -- > Phillip Windell > http://www.wandtv.com > > The views expressed, are my own and not those of my employer, or > Microsoft, or anyone else associated with me, including my cats. > ----------------------------------------------------- > >
Recommended Posts