DHCP mysterious misbehavior

[Jon Sherry]

I need to pick the brains of any DHCP and basic networking gurus about a
very bizarre issue my company is having. For the last 4-5 days laptop users
in the company have been unable to obtain a DHCP lease from our domain
controller until, at some random point during the day, it decides to work
again.

Here are the symptoms and key settings:

Laptop users come in at 8AM and can't get an IP lease.
Between 9 and 12 things mysteriously return to normal, at least until the
next day.
Laptop users connect via wired and/or wireless connections.
Laptop users who leave their computer connected overnight have no issue the
following morning.
PerfMon counters for DHCP don't show the laptop users even requesting DHCP.
Desktop clients seem to have no trouble connecting as they remain on all the
time, just with the user logged out.
Laptops are not joined to the domain (due to some global policy issues no
one has had time to iron out.)
DHCP runs normally on the domain controller.
DNS runs normally on the domain controller.
There is one scope of 192.168.6.175 - 7.255 available (6.255 excluded) but
only about 15% are used on a daily basis.
No DHCP filtering is enabled.
Test PCs (desktop) can release and renew without any trouble.
Laptop users connect to a variety of switches throughout the facility,
eliminating a faulty switch as the cause.
The only recurring error event in the event log for the server is a NetBT
failure to create a secure connection to the PDC at corporate.


We've got 2 network administrators and 2 network engineers on this and
we're all stumped. We've been unable to find a common thread that ties all
these computers together other than being laptops. But there's nothing
other than not being part of the domain that sets the laptops apart from the
desktop in terms of networking. I've theorized there might be a policy
object floating around out there that may have put time limits for
non-domain machines to connect, but the time at which the problem resolves
itself each day seems to vary widely.

Can anyone suggest anything to explain these bizarre behaviors?

 

[Phillip Windell]

"Jon Sherry" <sherry.no.spam.jonathan@pmcsg.nospam.com> wrote in message
news:%23bpQCQF0HHA.1484@TK2MSFTNGP06.phx.gbl...

I can't say I have a solution, but I have a few comments to toss out.

> There is one scope of 192.168.6.175 - 7.255 available (6.255 excluded) but
> only about 15% are used on a daily basis.

I'll come back to this.

> these computers together other than being laptops. But there's nothing
> other than not being part of the domain that sets the laptops apart from
> the desktop in terms of networking.

Domain membership has nothing to do with getting an IP Config from a DHCP
Server. You could rig your LAN Switches to get their IP Config from DHCP if
you chose to and they certainly are not domain members,..not to mention
Linux machines, Macs, etc.

> I've theorized there might be a policy object floating around out there
> that may have put time limits for non-domain machines to connect, but the
> time at which the problem resolves itself each day seems to vary widely.

There is no such ability without implementing a complex 802.1x which could
not possibly happen by accident and requires capable equipment to do it.
(hope I got my "802" numbers correct)

Now back to this:...

> There is one scope of 192.168.6.175 - 7.255 available (6.255 excluded) but
> only about 15% are used on a daily basis.

You should never let your IP Segment be over 250-300 Hosts. That is why the
/24bit mask subnet of 254 Hosts is the perfect size. If you need more
Hosts, then create a new segment. When you climb above that recommendation
the LAN effieciency degrades due to the number of Broadcasts on the wire
that are perfectly natural and normal for Ethernet. Interestingly, DHCP
works via Broadcasts. I'm not saying for sure that you are overloaded with
Broadcasts in the early part of the day that is crowding out the DHCP
queries,..but the theoretical possiblity exist.

The purpose for lower bit masks (less than /24bit) is for Supernetting
multiple IP segments over a "backbone" where they are then broken apart into
smaller IP segments (/24bit or higher) at a later downstream router. For
example you can Supernet 256 subnets over a Backbone using 10.0.0.0/16 and
then break them into 254 host segments further downstream with 10.?.?.0/24.

This is how the Internet functions and is how IP Ranges are dealt with
concerning ISPs. An ISP may own a full /8bit block of addresses 14.0.0.0/8
and then break them up for thier customers into segments of 14.?.?.0/24 of
even smaller segmets with /25, /26, etc. However the Internet Routers out
across "Internetland" only maintain the Supernetted route for 14.0.0.0/8 in
their routing tables that takes the traffic to the ISP, then it is up the
ISP to break it down and route it from there.

Concering DHCP Scopes. The Scope should contain the Full IP range of the
Subnet,..not a "piece" of it. You then control what is given (or not given)
out to clients by using Exclusions. If you run low on addresses then you
change the Exclusions to make more available or you can increase the
Exclusions to reduce what is available if that is needed.

--
Phillip Windell
www.wandtv.com

The views expressed, are my own and not those of my employer, or Microsoft,
or anyone else associated with me, including my cats.
-----------------------------------------------------

 

[Jon Sherry]

Ok, so here's another wrinkle to the problem. For some reason the bug
is active for only a few hours in the morning, roughly between 6:30AM and
10:30AM, give or take on both ends. It will suddenly stop allowing DHCP
requests to go through, and just as suddenly resume normal function. And to
make matters worse, you can put a couple machines on static IPs in the
exclusion range and they STILL can't talk to one another.
But what really bugs me is that the desktops have no trouble acheiving
DHCP when the laptops can't, even if you delete that desktop's lease
entirely. Its almost as though the system can somehow sniff out a laptop
and refuse to listen to its request for DHCP.

"Phillip Windell" <philwindell@hotmail.com> wrote in message
news:usF8xtF0HHA.3564@TK2MSFTNGP04.phx.gbl...
> "Jon Sherry" <sherry.no.spam.jonathan@pmcsg.nospam.com> wrote in message
> news:%23bpQCQF0HHA.1484@TK2MSFTNGP06.phx.gbl...
>
> I can't say I have a solution, but I have a few comments to toss out.
>
>> There is one scope of 192.168.6.175 - 7.255 available (6.255 excluded)
>> but only about 15% are used on a daily basis.
>
> I'll come back to this.
>
>> these computers together other than being laptops. But there's nothing
>> other than not being part of the domain that sets the laptops apart from
>> the desktop in terms of networking.
>
> Domain membership has nothing to do with getting an IP Config from a DHCP
> Server. You could rig your LAN Switches to get their IP Config from DHCP
> if you chose to and they certainly are not domain members,..not to mention
> Linux machines, Macs, etc.
>
>> I've theorized there might be a policy object floating around out there
>> that may have put time limits for non-domain machines to connect, but the
>> time at which the problem resolves itself each day seems to vary widely.
>
> There is no such ability without implementing a complex 802.1x which could
> not possibly happen by accident and requires capable equipment to do it.
> (hope I got my "802" numbers correct)
>
> Now back to this:...
>
>> There is one scope of 192.168.6.175 - 7.255 available (6.255 excluded)
>> but only about 15% are used on a daily basis.
>
> You should never let your IP Segment be over 250-300 Hosts. That is why
> the /24bit mask subnet of 254 Hosts is the perfect size. If you need more
> Hosts, then create a new segment. When you climb above that
> recommendation the LAN effieciency degrades due to the number of
> Broadcasts on the wire that are perfectly natural and normal for Ethernet.
> Interestingly, DHCP works via Broadcasts. I'm not saying for sure that
> you are overloaded with Broadcasts in the early part of the day that is
> crowding out the DHCP queries,..but the theoretical possiblity exist.
>
> The purpose for lower bit masks (less than /24bit) is for Supernetting
> multiple IP segments over a "backbone" where they are then broken apart
> into smaller IP segments (/24bit or higher) at a later downstream router.
> For example you can Supernet 256 subnets over a Backbone using 10.0.0.0/16
> and then break them into 254 host segments further downstream with
> 10.?.?.0/24.
>
> This is how the Internet functions and is how IP Ranges are dealt with
> concerning ISPs. An ISP may own a full /8bit block of addresses
> 14.0.0.0/8 and then break them up for thier customers into segments of
> 14.?.?.0/24 of even smaller segmets with /25, /26, etc. However the
> Internet Routers out across "Internetland" only maintain the Supernetted
> route for 14.0.0.0/8 in their routing tables that takes the traffic to
> the ISP, then it is up the ISP to break it down and route it from there.
>
> Concering DHCP Scopes. The Scope should contain the Full IP range of the
> Subnet,..not a "piece" of it. You then control what is given (or not
> given) out to clients by using Exclusions. If you run low on addresses
> then you change the Exclusions to make more available or you can increase
> the Exclusions to reduce what is available if that is needed.
>
> --
> Phillip Windell
> www.wandtv.com
>
> The views expressed, are my own and not those of my employer, or
> Microsoft, or anyone else associated with me, including my cats.
> -----------------------------------------------------
>
>