dhcp leases and master browser?

fimchick

OSNN Senior Addict
#1
ok, we had a very odd problem today...all of a sudden, no dhcp leases were being handed out by either of our domain controllers. a static ip would work fine, but any requests for new dynamic ip's were just not going through. stopped and restarted dhcp service on both dc's, still no dice. then i noticed that event viewer contained multiple entries (over a period of months) where a user's laptop was announcing itself as a 'master browser'. as soon as i asked that user to shut down, dhcp was back up and leasing ip's.

as far as i understand, the browser service (and servers) are for locating resources on the network. so, if the laptop won the election for domain browser and was acting as a domain browser, would that be a cause for dhcp failures?

thanks!
 

kcnychief

█▄█ ▀█▄ █
Political User
#4
Looks like the registry needs to be modified on that laptop, modify these values:

Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Services\Browser\Parameters
Name: IsDomainMaster
Data Type: REG_SZ
Value: FALSE

Hive: HKEY_LOCAL_MACHINE
Key: System\CurrentControlSet\Services\Browser\Parameters
Name: MaintainServerList
Data Type: REG_SZ
Value: Auto
that is what they SHOULD be set to, so it plays nicely on the network :)

EDIT: Do NOT Disable the local computer browser service, that will stop the problem but will also cause communication issues between the laptop and other machines on the LAN
 

fimchick

OSNN Senior Addict
#6
Thanks, already checked that earlier :)

As obvious as this may sound -- I was looking in the wrong direction the whole time. The IP addresses being doled out to clients were 192.168.x.x not APIPA. Sounds to me like someone ran a DHCP server on the network. Is there any way to track who did this with my two DC's?
 

kcnychief

█▄█ ▀█▄ █
Political User
#7
You can try to ping 192.168.1.1, if it's still out there, do a "arp -a" on the address. That should give you the MAC, which you can probably then track down.

If it's already off the network though, might be out of luck.
 

fitz

Woah.. I'm still here?
Staff member
Political User
#8
Yeah.. it sounded to me like there was a rouge DHCP server out there.

If they already turned it off, it will be harder to track down.
 

Members online

No members online now.

Latest posts

Latest profile posts

Perris Calderon wrote on Electronic Punk's profile.
Ep, glad to see you come back and tidy up...did want to ask a one day favor, I want to enhance my resume , was hoping you could make me administrator for a day, if so, take me right off since I won't be here to do anything, and don't know the slightest about the board, but it would be nice putting "served administrator osnn", if can do, THANKS

Been running around Quora lately, luv it there https://tinyurl.com/ycpxl
Electronic Punk wrote on Perris Calderon's profile.
All good still mate?
Hello, is there anybody in there? Just nod if you can hear me ...
Xie
What a long strange trip it's been. =)

Forum statistics

Threads
61,971
Messages
673,300
Members
89,016
Latest member
Poseeut