I have a problem where Windows Server 2003 takes lots of DHCP addresses althought there is only 1 NIC in that server and with DHCP disabled (see information below).
However, as you can see, MAC address in DHCP client table on router does not match the one server NIC has.
It's a D-Link DWL-2000AP+ cheap wireless router with DHCP enabled.
DHCP Client Table
navserver 192.168.0.248 52-41-53-20-00-13 Jan/03/1970 09:12:55
navserver 192.168.0.242 52-41-53-20-00-13 Jan/03/1970 09:12:55
navserver 192.168.0.247 52-41-53-20-00-13 Jan/03/1970 09:12:55
navserver 192.168.0.246 52-41-53-20-00-13 Jan/03/1970 09:12:55
navserver 192.168.0.243 52-41-53-20-00-13 Jan/03/1970 09:12:55
navserver 192.168.0.240 52-41-53-20-00-13 Jan/03/1970 09:12:55
navserver 192.168.0.239 52-41-53-20-00-13 Jan/03/1970 09:12:55
navserver 192.168.0.244 52-41-53-20-00-13 Jan/03/1970 09:12:55
navserver 192.168.0.245 52-41-53-20-00-13 Jan/03/1970 09:12:55
navserver 192.168.0.241 52-41-53-20-00-13 Jan/03/1970 09:12:55
C:\Documents and Settings\Administrator>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : navserver
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : Yes
WINS Proxy Enabled. . . . . . . . : Yes
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC7761 Gigabit Server Adapter
Physical Address. . . . . . . . . : 00-13-21-1C-EB-50
DHCP Enabled. . . . . . . . . . . : No
IP Address. . . . . . . . . . . . : 192.168.0.90
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.100
DNS Servers . . . . . . . . . . . : 195.122.1.59
195.2.96.2
I have no idea how to solve this issue. Could you help me please?
As it appears, RRAS service is enabled. However i`m afraid to disable it. Could it be that fax/modem is using it? I don't administer the server but not long ago someone set up fax/modem to that server. Not sure if it works, but they want it to work.
I see many warnings like this:
The user navserver connected from 192.168.0.90 but failed an authentication attempt due to the following reason: Authentication was not successful because an unknown user name or incorrect password was used.
And errors:
A Demand Dial connection to the remote interface Remote Router on port VPN4-4 was successfully initiated but failed to complete successfully because of the following error: Access was denied because the username and/or password was invalid on the domain.
associated to remote access.
Could these issues somehow be linked?
Or maybe i just block that mac address from dhcp server and live happily ever after?
Thank you.
Are you running RRAS (Routing and Remote Access Services) on the server? Maybe this forums thread can help: Windows 2003 DHCP issuing RAS addresses.
The fact that you see 10 IP addresses is cuased by the fact, that RAS obtains, by default, 10 IP addresses to lease to clients. If all 10 IP addresses are used, RAS obtains 10 more.
And read this article about the DHCP relay agent and this Microsoft Support article.
UPDATE:
If the modem is only used for sending and receiving fax, RRAS is not needed. But you should check/ask, if this server is also used as a network router and/or for accounts which connect from remote.
If you wish to disable RRAS without un-installing, you could go to the Windows Services panel and change the "Routing and Remote Access Service" to disabled.
If you are sure you won't use RRAS, open the RRAS console, right click on the server name and choose "Disable RRAS". If you later want to enable it again, you'll have to reconfigure RRAS.
The first thing to do would be to find out what device has that MAC address. It's not the server.
If you have 50 devices and "most" already have static addresses, could you do away with DHCP altogether and use only static addresses?
I'm not very familiar with DLink routers, but if I had a Win2003 server around, I'd use that as a DHCP server instead of the router.
In case you need it, here are a couple links on setting up a DHCP Server on Windows 2003:
Microsoft Tecnhet: Configuring a DHCP Server
WindowsNetworking.com step by step overview of setting up a DHCP server
Just a random thought. maybe you have RRAS (Routing and Remote Access Service) running on this 2003 box which while take addresses from DHCP server. Worth checking though.
Just because the hostname in your DHCP client table matches the hostname of your server does not mean its the same machine. The first thing I would do is block the MAC address taking all those IPs on your DHCP server to figure out what machine is requesting them.
It could be a misconfigured machine on your network or a rogue machine trying to spoof your server. In any case it needs to be fixed.
Also fix the date on your DHCP server.
Additional things to think about
According to the IEEE the MAC Address (assuming you have not modified it) listed in your DHCP server logs is most likely spoofed as it has no real manufacture associated with it. Your MAC Address on your server however is associated to HP.
Replacing your DHCP server will not fix the issue. You need to find the device that is requesting the address. Based on the fact this is a wireless router I would assume its your next door neighbor or the guy with the big antenna on the back of his car parked outside your house.
Silly question - someone hasn't been playing with VPNs somewhere on the network have they? A VPN server will grab a block of DHCP addresses just like that.
You might try the arp ping tool to see what responds when you try searching for the allocated IP addresses.