Hi,

I'm having an issue with ip address conflict or "bad_address"

I've checked for rogue dhcp server with wireshark. One issue i'm having is that the mac address of the device getting the bad_address issue on the dhcp server is only 8 characters. There is no such device like that on my network. This would be occuring every other week. Removing it solved the problem, but how do i find the culprit of this problem?

Thanks.

Could it be a wireless handheld, phone, iPad or other tablet, etc?

Macs with an IPv6 address using DHCP that is brought into the office at those times?

Is the DHCP server multihomed?

Here are some links from my notes:

======
Bad_Address

DHCP Server Conflict Detection algorithm
http://technet.microsoft.com/en-us/library/cc958918.aspx

Thread: DHCP bad_address every 12 seconds - Scope exhausted
Scroll down to "The computer is a Vista Premium laptop with bridged LAN and wireless. IPV6 is installed. If the device is connected to the LAN via the wired port and the wireless is switched off, no problem. If the wireless is subsequently switched on, straight away I see Bad_address entries in DHCP as decribed previously."
http://www.techrepublic.com/forum/questions/101-229478
======

Ace

 

please check the link too see what i'm talking about....

http://i17.photobucket.com/albums/b61/dqb3000/MISC/Capture2.jpg

I understand what you're seeing. The discussion in that thread I posted indicated a Vista machine that had a "bridged" connection between it's wireless and wired interfaces that caused it. THis falls under the category of "multihomed" DHCP clients.  For example, if a machine has a wireless interface turned on, and it's plugged in to the network, they may both be active trying to get an address, especially if their interfaces are bridged.

What operating system is the DHCP server? Is the DHCP server multihomed? This will cause it, too.

Why are some of the addresses in the Address Leases for a given scope are marked as BAD_ADDRESS in the DHCP snap-in?
Official Microsoft blog, by anto_rocks, 22 Feb 2005 9:48 AM....
http://blogs.msdn.com/b/anto_rocks/archive/2005/02/22/378008.aspx

DHCP server gets filled with BAD_ADDRESS
http://forums.techarena.in/windows-server-help/772954.htm

 

Multihomed DHCP clients may cause "bad_address" entry on a DHCP Windows 2000 server
Feb 1, 2007 – A "bad_address" entry may be generated on a DHCP server. This problem may occur when the following conditions are true: You have one ...
(I know this is for 2000, and it says to get a hotfix, but it has a good explanation of what is happening).
http://support.microsoft.com/kb/325919

Bad_address entry on a DHCP Server
http://www.chicagotech.net/troubleshooting/badaddress.htm

Ace

Ace,

This issue been raised multiple times and always marked as answer by this reason or other but if you Google with "Windows 7 Bad_Address DHCP" then you will find that this issue is going round and round since 2 years and never was fully resolved. Not even workarounds.

Usually we admins are forced to remove Win7 machines or giving them static IP rather than wasting our time in Technet forums. Is there really no solution for this problem?

I am currently facing the same issue with one of my site where only Windows 7 machines are causing the same issue with Windows 2003 Server. While with similar configuration, I am running Windows 2003 DHCP Server successfully with Windows 7 clients at other sites. Its been weeks and had no conclusive resolution.

• Edited by Nitish2309 Saturday, March 10, 2012 4:21 PM
• Proposed as answer by Radzevelyuk Alexey Monday, February 03, 2014 11:39 AM

There are multiple reasons that causes a BAD_ADDRESS. I'm sure you've read the two links above. If it's happening at one site and not another, and they are both Windows 2003 DHCP servers, the first thing I would look at is comparing how they're configured, is the DHCP server multihomed, are they authorized in AD, are they both set to force Dynamic Updates or set to default allowing the clients to update, looking at the client machines if they are multihomed (maybe wireless stays active while plugged in), are the clients virtual machines with their MACs spoofed, things like that.

So I'm not really sure how to help without lots of config info. If the issue is causing productivity concern, then I would urge you to contact Microsoft support to get them involved. Here's their contact if you choose this option:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS 

.

Ace,

I understand that it might be triggered by a number of reasons and trust me I have gone through the links given by you or others and checked other parameters as well. Matched the configurations at both the places (except the routers/switches of course). I even tried to check the network for rouge DHCP servers as well by dhcploc.exe but no luck. I doubt Firmwares on switch\router but nothing in DHCP logs leading me to that.

Configuration details are usual Win2k3 SP2 server with simple options and symptoms are just the same as stated by others as well. 

Bring one Windows 7 machine in network and it will keep on taking address and then rejecting it with BAD_ADDRESS entries in DHCP logs. The unique ID shown in MMC console would be reverse of IP Address in Hex.

Same symptoms bee repeated multiple times and in multiple forums but no conclusive answer. 

Definitely, I can open a ticket with Microsoft, but it will remain a question for rest of community that why this issue is not closed since 2 years.

• Edited by Nitish2309 Saturday, March 10, 2012 4:21 PM

I haven't been able to reproduce it in my lab, probably because the way I have DHCP setup or the client setup to turn off wireless when plugged in. I believe it still indicates that something on the client side is causing it, if not the server (is the DHCP server multihomed?). If not the wireless turned on, maybe there's an active VPN connection on the client? So there's lots of questions, and many depend on the DHCP config (forcing or not forcing DHCP to register, DHCP credentials, etc), owner on the BAD records, the client config, ipconfigs from the client and DHCP, etc, etc.

.

Instead of posting all your config data from both of your sites or customers, all in all, it may be easier to contact Microosft. And if you do contact Microsoft, if you can, it would really benefit others if you post the solution Microsoft Support gives you. Then it would more than likely "close" the question for others with your same scenario.

.

OK Will do that. Though would like to mention that its happening with even new machines with only ONE ethernet card, disabled wireless and no VPN. I have unauthorize and then re-Authorize DHCP as well, credentials are fine, DHCP DB is consistent, the server has only one Ethernet card active means not MultiHomed..

Would like to again mention that NO Issue with Windows XP  machines.

• Edited by Nitish2309 Saturday, March 10, 2012 5:34 PM

What confuses me, is that it works fine at one site with all of your Windows 7 machines, but not the other. So something up with the DHCP Server? As I asked before, is it multihomed? If RRAS is installe on it, that constitutes multihoming, too.

.

OTH, Windows 7/Vista's DHCP Lease behavior is a bit different than XP. And keep in mind, we can't discount server side issues, yet, or we can look at this as a combo of the facts. In addition, if anything is on a VLAN, then that's another layer of "something" else that we need to look at.

.

Anyway, here are my notes on Windwos 7/Vista DHCP lease behavior differences:

Windows 7 DHCP Lease Behavior is different than Windows XP upon startup

DHCP Client Behavior
http://blogs.technet.com/b/networking/archive/2009/01/29/dhcp-client-behavior.aspx

If the DHCP client obtained a lease from a DHCP server on a previous occasion, and the lease is still valid (not expired) at system startup, the client tries to renew its lease. 

If, during the renewal attempt, the client fails to locate any DHCP server, it attempts to ping the default gateway listed in the lease, and proceeds in one of the following ways:

If the ping is successful, the DHCP client assumes that it is still located on the same network where it obtained its current lease, and continues to use the lease as long as the lease is still valid.  By default the client then attempts, in the background, to renew its lease when 50 percent of its assigned lease time has expired.
If the ping fails, the DHCP client assumes that it has been moved to a network where a DHCP server is not available.  The client then auto-configures its IP address by using the settings on the Alternate Configuration tab.  When the client is auto-configured, it attempts to locate a DHCP server and obtain a lease.

As a workaround, you can force a Windows Vista or Windows 7 DHCP client to keep the old DHCP lease by adding registry key DontPingGateway if connectivity fails, see the resolution in the KB article below:

Windows Vista does not keep its DHCP IP address if a DHCP server is not available (works for Windows 7, too):
http://support.microsoft.com/kb/958336

.

I can try the same but the case is not of loosing the IP when rebooted, but it doesn't hold an ip for more than 2 seconds (shown in logs as well). Anyway, have planned for replacing the server with other by monday as its critical. If that also doesn't resolves then will be forced to use Linux based DHCP. 

Nitish - any update on your issue?  We just started experiencing the same problem last week. (3/22)  We have been through DHCP and DNS with a fine toothed comb.  We can watch the DHCP server send an offer and then the client Nacks.  We thought it was the Arp table on the core switch, so we rebooted it, then we upgraded the code and the problem continues. 

The infrastructure is Win 2008 R2, no SPs and about 2100 mixed XP, Win7, IOS clients, and Avaya switches.

Ace - thanks for your blog articles, very good stuff!

Tom

@Nitish, I don't think blaming Microsoft DHCP for this is a resolution. You have to find why it's occuring. From past experience, it's usually at the switch or some sort of devices, such as a wireless AP. I would contact the hardware vendor for their insight on it.

@TatPion - Let us know what you find if you contact your vendor.

Thanks!

when you see this issue look at the dhcp log there will be the name and mac address of the culprid.

if the issue is that same day stop the dhcp server for a while open the log or copy it and start the service again

Most definitely look at your switches.  Someone plugged a network cable into two drops that spanned across two switches creating a loop. The switches were reporting the same mac addie on 2 ports. This took out two DHCP servers in regard to the affected vlan. The scopes were at 100% utilization with every entry listed as BAD_ADDRESS.

Delete the scope and re-create with right values!

1. subnet (very important)

2. range

3 options

This did the trick for me.!