Member Avatar for san_fran_crisko

Hello,

I've been doing network administration (quite unqualified, I might add) for my company for about 7-8 months. We have an extremely strained HP Proliant (about 5-6 years old) running Small Business Server 2003 with Exchange with about 53 users.

Over the past few weeks the DHCP server has been crashing on it. It has been complaining that a device on 192.168.100.89 is running a DHCP server and causing the issue. We checked this guy's PC out and he wasn't running anything that could disrupt the DHCP.

We did a Wireshark trace and found the MAC address was pointing to a Mac Mini next door. We disconnected it for a few days but still the same issue.

Then, the guy on .89 said he thought the problem was due to his phone. It has a DHCP setting on it and the MAC address matched it after clearing out the stacks of the DHCP. It was connected to his computer via a USB cable so traffic was going out on .89. He disconnected that but unfortunately the problem has manifested itself again.

Any ideas or input would be greatly appreciated as it's turning in to a complete mystery. Is there any way to trace or find out what is causing the issue? Please note our crappy server's DNS is not reliable so "nslookup" and "tracert" commands are usually out of date.

Thanks for your time,

Crisko.

Just making sure, you're operating under a domain right? Is the DHCP server located on your domain controller?

Member Avatar for san_fran_crisko

Just making sure, you're operating under a domain right? Is the DHCP server located on your domain controller?

Yes, the domain controller is on this server too.

It's strange that the MAC lead you to two devices, since they're supposed to be unique. Do you have any wireless gateways (linksys, netgear, etc.) that could have a DHCP service running on it?

Member Avatar for san_fran_crisko

It's strange that the MAC lead you to two devices, since they're supposed to be unique. Do you have any wireless gateways (linksys, netgear, etc.) that could have a DHCP service running on it?

We do indeed. There's 4-5 Netgear bridges, connecting to the network assigning out IP addresses.

I've ceased to be surprised by our network setup. It disobeys logic and makes my life a misery. The PTR records are completely up the left so errenous MAC addresses don't surprise me.

There's a bit of development on this issue though. My colleague was getting fed up with our lack of IP addresses so she went in to these Netgear devices and blocked all the iPods and phones that were connected to them (we had already asked politely for people not to connect them in work). This seems to have somehow solved the problem. One of these devices (perhaps the original HTC phone that was suspected of being the problem) was acting as a DHCP server in some form or another. Our strained server didn't put up much of a fight and shut the DHCP service down whenever it found anything else on the network causing an issue.

It's still a very flaky system but alas, we're stuck with this server for 2009 anyway. There's IP conflict errors all the time.

Hopefully this crashing DHCP issue can be laid to rest for now.

Glad everything is starting to smooth over. I definitely understand the frustration of inheriting someone else's incompetence :)

If it were me (and I don't know your full situation) I would disable DCHP on anything and everything (including the wireless stuff) and run DHCP solely from your server.

What are the specs of your current server, and what all functions does it perform?

Member Avatar for san_fran_crisko

Glad everything is starting to smooth over. I definitely understand the frustration of inheriting someone else's incompetence :)

If it were me (and I don't know your full situation) I would disable DCHP on anything and everything (including the wireless stuff) and run DHCP solely from your server.

What are the specs of your current server, and what all functions does it perform?

Yeah, glad to get things going (relatively) smoothly again. Thanks for your help and concern :)

The Netgear wireless devices don't give out addresses. They simply act as bridge and just "pass through" data to the server. They themselves are on static IPs that we've reserved on the DHCP from distribution.

There's so much crap going on in our company: we develop devices that transmit on IP so there's various complex tests going on including multicasting. You request R&D not to put multicasting tests on the .100 range but they do anyway and end up taking out one of the HP Procurve switches then bitch to me when it isn't working. Then you've got people who work off their laptops and have both physical and wireless connections on so their laptops have 2 IP addresses! Then there's countless iPods, phones etc...

Let's put it this way: for some very smart people, they do act like idiots.

We only have one server that acts as DC, Exchange, file & print and everything else including applications running off it. There's about 30 users logged on in the building and various remote workers synchronizing their accounts. It's very busy and under a lot of strain. There's 2 other application servers.

Specs (if I remember correctly):

-Windows Server 2003
-Intel Xeon 3.2Ghz (quad)
-3Gb RAM
-200Gb (120Gb and 80Gb)
-Linux fanboy who says we can do everything we need on an AMD Duron 1.3Ghz, 256Mb RAM if we switched

Usually people who suggest Linux don't count the cost of getting everyone trained on the platform, along with the time it takes to learn how to implement Microsoft products on the platform. I'm a fan of Linux, but like most, it's just not a cost effective solution unless your entire IT department is competent... which usually isn't the case.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.