dhcp leases and master browser?

Discussion in 'Windows Server Systems' started by fimchick, Mar 15, 2006.

  1. fimchick

    fimchick OSNN Senior Addict

    Messages:
    276
    Location:
    Somewhere
    ok, we had a very odd problem today...all of a sudden, no dhcp leases were being handed out by either of our domain controllers. a static ip would work fine, but any requests for new dynamic ip's were just not going through. stopped and restarted dhcp service on both dc's, still no dice. then i noticed that event viewer contained multiple entries (over a period of months) where a user's laptop was announcing itself as a 'master browser'. as soon as i asked that user to shut down, dhcp was back up and leasing ip's.

    as far as i understand, the browser service (and servers) are for locating resources on the network. so, if the laptop won the election for domain browser and was acting as a domain browser, would that be a cause for dhcp failures?

    thanks!
     
  2. madmatt

    madmatt Bow Down to the King Political User

    Messages:
    13,312
    Location:
    New York
    In AD are you trusting that notebook for delegation?
     
  3. fimchick

    fimchick OSNN Senior Addict

    Messages:
    276
    Location:
    Somewhere
    no, i'm not...
     
  4. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Looks like the registry needs to be modified on that laptop, modify these values:

    that is what they SHOULD be set to, so it plays nicely on the network :)

    EDIT: Do NOT Disable the local computer browser service, that will stop the problem but will also cause communication issues between the laptop and other machines on the LAN
     
  5. Steevo

    Steevo Spammer representing. Political User Folding Team

    Messages:
    2,566
    Also accessable through X-Setup Pro.


    Good job KCNYBRONCOS........ :D
     
  6. fimchick

    fimchick OSNN Senior Addict

    Messages:
    276
    Location:
    Somewhere
    Thanks, already checked that earlier :)

    As obvious as this may sound -- I was looking in the wrong direction the whole time. The IP addresses being doled out to clients were 192.168.x.x not APIPA. Sounds to me like someone ran a DHCP server on the network. Is there any way to track who did this with my two DC's?
     
  7. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    You can try to ping 192.168.1.1, if it's still out there, do a "arp -a" on the address. That should give you the MAC, which you can probably then track down.

    If it's already off the network though, might be out of luck.
     
    fimchick likes this.
  8. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    Yeah.. it sounded to me like there was a rouge DHCP server out there.

    If they already turned it off, it will be harder to track down.
     
  9. fimchick

    fimchick OSNN Senior Addict

    Messages:
    276
    Location:
    Somewhere
    Thanks for all the replies ladies and gentlemen!
     
  10. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Just out of curiosity - were you able to track it down or was it gone?