Conflict detection attempts Windows DHCP Server


Recommended Posts

I am confused about the "Conflict detection attempts" feature in a Windows DHCP Server. I wanted to set this to a higher value than 1, Say for example 4 or 5. This would wait 5 pings before assigning a client device a spare IP. This should stop all 99.99% of IP Conflicts appearing on Windows Client Devices. Is this right? As its pretty certain after 5 pings that address is free.

However I was told that this number is the number of Rouge DHCP Servers that are allowed on the network so it has to be set at 1 and that if it detected 1 (or more) DHCP servers on the network it shuts itself down.

Which is correct?

Well for starters something not answering ping does not mean its not there on that IP, its firewall might just prevent answering ping.

What windows dhcp server are you using 2k8r2, 2012, 2016?

https://technet.microsoft.com/en-us/library/dd183587(v=ws.10).aspx

I have never seen any sort of setting that detection of another dhcp server it would shut it self down, this seems like a self defeating sort of feature - if detect rouge dhcp server, shut yourself down and allow just the rouge?  That doesn't seem like a good idea.

  On 20/11/2015 at 15:02, BudMan said:

Well for starters something not answering ping does not mean its not there on that IP, its firewall might just prevent answering ping.

What windows dhcp server are you using 2k8r2, 2012, 2016?

https://technet.microsoft.com/en-us/library/dd183587(v=ws.10).aspx

I have never seen any sort of setting that detection of another dhcp server it would shut it self down, this seems like a self defeating sort of feature - if detect rouge dhcp server, shut yourself down and allow just the rouge?  That doesn't seem like a good idea.

Yeah sorry, I meant normal LAN stuff that does allow DHCP. Firewall isnt the issue is, More ping latency. So hence I set I would have set it to 4 or 5 rather than one. 2012 server.

setting it higher than 3 could cause for lots of issues in delays in getting a lease.  Many hosts that do dhcp have firewalls and do not answer ping..  Windows built in firewall blocks pings for example out of the gate, it might allow from same segment..  But many dhcp servers are not directly on the same segment, you use a relay/helper say on the switch to forward the dhcp request to the dhcp server.

Many clients and servers also check that nothing answers an arp for that IP, if they show that IP in use they would send back a decline for that lease to the dhcp server.  This was back in the NT4 days, like sp 2 or something when they added that dhcpdecline feature from the rfc 1541 I do believe.

To be honest duplicate IPs handed out by dhcp server is very rare these days, normally its statics where this happens because of lack of good IP management.  Or misconfiguration of dhcp servers where you have more than 1 using, etc..  Most clients wont even accept a lease for a IP they find as duplicate.  I can not recall the last time I have seen a dupe IP issue with dhcp servers.

So for example here is a sniff of dhcp transaction.  Notice right after the discover that arps are sent, server asking hey anyone have this IP 192.168.3.101...  If nothing back it sends the offer, then the request and then you see the ack, you also see right after the ack the client sends out a ARP saying hey anyone got this 192.168.3.101 address.  If the client got something back, it should then send a decline to the dhcp server and then ask for another IP.  The decline would say hey, I don't like that address since something else seems to have it.  And then do another discover process after the dhcp server should of marked that IP as bad.

dhcpprocess.thumb.png.9c2ca0a8c9a988cb35

To be honest you shouldn't even have to send out pings, like I mentioned many devices might not even answer that - but have never seen anything not answer ARP..  Even with a firewall.

If you may have guessed dhcp is one of my fun protocols ;)  Just like dns...  If your having problems with dupes -- be more than happy to track down the reason with you.

 

Edited by BudMan

Are your different DHCP servers have different scopes?

Besides a router issue I can  see both servers trying to give an IP address that is the same. One handshakes and gives it an IP address while the other DHCP server thinks it's free and reports a conflict as it is already assigned.

In addition I believe you can set your servers to use DHCP assigned to a SID during it's lease too which could stop conflicts as one hand (DHCP server) doesn't know what the other is doing. Set different scope ranges for each box and try to assign to MAC or SID during a lease. So let's say someone shut's down his or her pc before the lease is up? The system comes back and does another DHCP broadcast when the LAN is initialized. The SID is recognized and the previous IP address is assigned. That would cut this down.

  On 20/11/2015 at 15:02, BudMan said:

Well for starters something not answering ping does not mean its not there on that IP, its firewall might just prevent answering ping.

What windows dhcp server are you using 2k8r2, 2012, 2016?

https://technet.microsoft.com/en-us/library/dd183587(v=ws.10).aspx

I have never seen any sort of setting that detection of another dhcp server it would shut it self down, this seems like a self defeating sort of feature - if detect rouge dhcp server, shut yourself down and allow just the rouge?  That doesn't seem like a good idea.

2000 and 2003 did from what I remember, vaguely remember them shutting down when dhcp was handed out by gateway. I haven't really played with multiple dhcp severs on 2008, but 2012 does have a load balancing feature. 

I don't recall that, but sure its  possible - not like MS doesn't do some really stupid ###### all the time..  Now I could see if dhcp server was set to non authoritative and it saw an authoritative dhcp server, maybe.. But you would normally always have your dhcp set for authoritative..  Otherwise you can have issues with devices that come from other networks and have other leases switching to your network.

Not exactly sure what John T is after here, to be honest I would just leave it at 0, it should arp and the client should arp as well looking for devices that already have that IP..  Having it "ping' is just going to slow down the handing out of leases.  Ping would be useful if the dhcp server is not on the same layer 2 as the clients, ie you relay/helper to get to your dhcp server.  Since his arp is not going to get an answer if he is on a different l2 segment.  You should be ok since the client should detect and send back decline..  But if you have lots of different devices/os'es on our network - its possible some dhcp clients don't do proper checking or use of decline, etc.

Without a better understanding of the specific network, how dhcp is deployed in the network - the issue being seen..  To just answer the generic question, if you want to use that feature and have your dhcp server ping - 1 should be enough..  I sure and the hell would not go above say 3 or your going to have issues I would think with waiting for that to come back before the offer is sent.

LOL! DHCP servers don't shut down, they just don't hand out the IP address because another DHCP server has answered the broadcast. 

If you have multiple DHCP servers on your network, you can do a 70\30 or 80\20 scope split, which then you'd use the delay option on one of the servers.

I remember the down arrow on the 03 server when a linksys was handing out addresses.  Or maybe it was 00.  I don't remember the details, I remember the troubleshooting. 

Edited by sc302
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • I had a G2 and it was a pretty good phone. I was disappointed to see LG exit the smartphone business.
    • Its a good price but the ideapads are pieces of garbage. We bought 3 for employees 2 years back. Within 6 months trackpad issues, screen issues, usb port issues and wifi issues on all machines. Lenovo's customer service basically told us with the ideapads, you are on your own and good luck. Their business computers are really good.
    • >Interestingly, the rings came off without any physical damage to the device. With a HUGE amount of effort. The video OP makes it clear he doesn't think they'd ever come off in normal use.
    • Samsung Galaxy Z Fold7 may not come with Galaxy S25 Ultra's camera rings by Sagar Naresh Bhavsar When Samsung launched the Galaxy S25 Ultra earlier this year, it remained in the news for its top-of-the-line premium features, but also for a couple of drawbacks. Firstly, it made headlines because Samsung removed the Bluetooth functionality from the S-Pen on the Galaxy S25 Ultra, removing one of the key features: taking remote pictures and videos. But then a jarring issue came to light. The Galaxy S25 Ultra drew attention for its camera rings falling off. Yes, the $1,300 phone featured thick camera rings that were simply glued on top of the cameras. Interestingly, the rings came off without any physical damage to the device. Now, some interesting details about the camera rings on the upcoming Galaxy Z Fold7 have popped up. According to reliable leaker IceUniverse, Samsung was quite keen on keeping the Galaxy S25 Ultra-like camera rings on the upcoming premium Galaxy Z Fold7. However, after facing a strong backlash, the company has supposedly decided to scrap them. In fact, the leaker added that the cheap-looking Saturn rings design was urgently removed from the Galaxy Z Fold7, and instead, the company is bringing back the cleaner look of the Galaxy Z Fold5. Recently, multiple images of the Galaxy Z Fold7 were leaked, which seemingly suggest the same. The foldable is expected to come in three colors: blue, silver, and black. This year's Galaxy Z Fold7 is expected to be much thinner and lighter as compared to last year's foldable. We are just a few days away from the official unveiling. The pre-reserve window is already open, and if you are interested, you can get $50 credit and up to $1,150 additional savings.
    • Loved my LG G6, the build quality was up there with the most expensive flagships. The fingerprint reader on the back made it very comfortable to use.
  • Recent Achievements

    • Reacting Well
      Gromvar earned a badge
      Reacting Well
    • Dedicated
      BreakingBenjamin earned a badge
      Dedicated
    • Week One Done
      Hartej earned a badge
      Week One Done
    • One Year In
      TsunadeMama earned a badge
      One Year In
    • Week One Done
      shaheen earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      544
    2. 2
      +FloatingFatMan
      182
    3. 3
      ATLien_0
      164
    4. 4
      Skyfrog
      108
    5. 5
      Som
      103
  • Tell a friend

    Love Neowin? Tell a friend!