Thursday 1 December 2011

Understanding Routers, Switches, and Network Hardware



routerback
Today we’re taking a look at the home networking hardware: what the individual pieces do, when you need them, and how best to deploy them. Read on to get a clearer picture of what you need to optimize your home network.
When do you need a switch? A hub? What exactly does a router do? Do you need a router if you have a single computer? Network technology can be quite an arcane area of study but armed with the right terms and a general overview of how devices function on your home network you can deploy your network with confidence.

Understanding Home Networking Through Network Diagrams

Rather than start off with a glossary of networking terms—and in the process slam you with a technical terms with no easy point of reference—let’s dive right into looking at network diagrams. Here is the simplest network configuration available: a computer linked directly to a modem which is in turn linked through a phone line/cable/fiber optic uplink to the individual’s internet service provider.
It doesn’t get less complicated than this arrangement but there is a price to pay for the ultra-simplicity of the setup. This user cannot access the internet with a Wi-Fi device (thus no access for smart phones, tablets, or other wireless devices) and they lose out on the benefits of having a router between their computer and the greater internet. Let’s introduce a router and highlight the benefits of using one.  In the diagram below we’ve introduced two elements to the network: a wireless router and a laptop connecting to the network via that wireless connection.
When should you use a router? Given the low cost of home routers and the benefits gained from installing one on your network you should always use a router (which almost always includes a firewall feature).
Home routers are actually a a combination of three networking components: a router, a firewall, and a switch. In a commercial setting the three pieces of hardware are kept separate but consumer routers are almost always a combination of both the routing and switching components with a firewall added in for good measure. First let’s look at what the router function does.
At the most basic level a router links two networks together, the network within your home (however big or small) and the network outside your home (in this case, the internet). The broadband modem provided to you by your ISP is only suited to linking a single computer to the internet and usually does not include any sort of routing or switch functionality. A router performs the following functions:
  • IP sharing: Your ISP assigns you one IP address. If you have a desktop, a laptop, a media box on your TV, and an iPad, that one IP address clearly isn’t going to cut it. A router manages those multiple connections and ensures that the right packets of information go to the right places. Without this function there would be no way for a person on the desktop and a person on the laptop to both browse the web as their would be no distinguishing between which computer was requesting what.
  • Network Address Translation (NAT): Related to the IP sharing function, NATmodifies the headers in packets of information coming into and out of your network so that they get routed to the proper device. Think of NAT like a very helpful receptionist inside your router that knows exactly where every incoming/outgoing package should go and stamps the department on them accordingly.
  • Dynamic Host Configuration: Without DHCP you would have to manually configure and add all the hosts to your network. This means every time a new computer entered the network you would have to manually assign it an address on the network. DHCP does that for you automatically so that when you plug your XBOX into your router, your friend gets on your wireless network, or you add a new computer, an address is assigned with no human interaction required.
  • Firewall: Routers act as basic firewalls in a variety of ways including automatically rejecting incoming data that is not part of an ongoing exchange between a computer within your network and the outside world. If you request a music stream from Pandora, for example, your router says “We’re expecting you, come on in” and that stream of data is directed to the device that made the request. On the other hand if a sudden burst of port probing comes in from an unknown address your router acts as a bouncer and rejects the requests, effectively cloaking your computers. Even for a user with a single computer a simple $50 router is worth it for the firewall functionality alone.
In addition to the inside-to-outside network functionality outlined above, home routers also act as a network switch. A network switch is a piece of hardware that facilitates communication between computers on an internal network. Without the switching function the devices could talk through the router to the greater internet but not to each other—something as simple as copying an MP3 from your laptop to your desktop over the network would be impossible.
Most routers have 4 Ethernet ports which allow you to plug in 4 devices and have them communicate via the switch function. If you need more than 4 Ethernet connections you’ll need to upgrade to a router with a larger port bank (a rather expensive proposition that will usually only boost you up to 8 ports) or you can pick up a dedicated switch. Note: You only need to upgrade if you’re running out of physical ports for hard line connections. If you only have one computer and one networked printer plugged into your 4 port router (and everything else on your network is Wi-Fi based) there is no need to upgrade to gain physical ports. That said, let’s take a look at a network with a dedicated switch.
Although the 4-port limit on the super majority of home routers was more than enough for most home users, the last 10 years have brought a significant increase in the number of networkable devices within the home. It isn’t uncommon to have multiple computers, multiple game consoles, media centers, printers, file servers, and more that all connect to the Ethernet LAN (while you may get away with putting your Wii on the Wi-Fi network for things like dedicated video streaming and media server access it is much preferable to have a hard line connection). Once you’ve reached that level of device saturation it’s necessary to add in a switch with 8, 16, or more ports to properly support your growing home network.
As a side note, historically people often relied on hubs because they were so much cheaper than pricey switches. A hub is a a simple network device that does not examine or manage any of the traffic that comes through it—it’s a “dumb” network device—by contrast switches actually interact with the data packets and actively direct them. Because hubs have no management component there are frequent collisions between packets which leads to an overall decrease in performance. Hubs suffer from a number of technical shortcomings which you can read about here. Consumer grade networks switches have fallen in price so steeply over the last 10 years that very few hubs are even manufactured anymore (Netgear, one of the largest manufacturers of consumer hubs, no longer even makes them). Because of the shortcomings of network hubs and the low prices of quality consumer-grade network switches we cannot recommend using a hub. When you can pick up a perfectly good high-speed 8-port switch for $25 there’s no good reason to use an outdated hub on a home network—if you’re curious why a network admin would ever deploy a hub you can read about it here.
Returning to the topic of switches: switches are an excellent and inexpensive way to increase the size of your home network. If you outgrow the bank of 4 ports on the back of your router the simplest thing you can do to expand your network is to purchase a switch with an appropriate number of ports. Unplug the devices from your router, plug all the devices into the switch, and then plug the switch into the router. Note: switches have absolutely no routing functionality and cannot take the place of a router. Your router likely has a 4-port switch built into it but that does not mean your new 8-port dedicated switch can replace your router—you still need the router to mediate between your modem and switch.

Decoding Network Speed Designations

Now that you’ve got a clear picture of how exactly your network should be physically configured let’s talk about network speeds. There are two primary designations we are interested in: Ethernet and Wi-Fi. Let’s take a look at Ethernet first.
Ethernet connection speeds are designated in 10BASE. The original Ethernet protocol, now 30 years old, operated as a max speed of 10 Mbit/s. Fast Ethernet, introduced in 1995, upped the speed to 100 Mbit/s. Gigabit Ethernet was introduced shortly after that in 1998 but didn’t gain much traction in the consumer market until recently. As its name suggests, Gigabit Ethernet is capable of 1000 Mbit/s. You will commonly see these designations noted on networking gear and its packaging as 10/100 or 10/100/1000 indicating which Ethernet version the device is compatible with.
In order to take full advantage of the maximum speeds all the devices in the transfer chain need to be at or above the speed rating you want. For example, let’s say you have a media server in your basement with a Gigabit Ethernet card installed and a media console in your living room with a Gigabit Ethernet card but you are connecting the two together with a 10/100 switch. Both devices will be limited by the 100 Mbit/s ceiling on the switch. In this situation upgrading the switch would boost your network performance considerably.
Outside of transferring large files and streaming HD video content across your home network there is little need to go out and upgrade all your equipment to Gigabit. If your primary computer network usage involves browsing the web and light file transfers 10/100 is more than satisfactory.

Understanding Wi-Fi Speeds

Wi-Fi speeds are designated by letter, not by number. Unlike the easy to translate number-as-network-speed designation we find with Ethernet the Wi-Fi designations actually refer to the draft versions of the IEEE 802.11 networking standard that dictates the parameters of the Wi-Fi protocol.
802.11b was the first version widely adopted by consumers. 802.11b devices operate at a maximum transmission of 11 Mbit/s but the speed is highly dependent on signal strength and quality—realistically users should expect 1-5 Mbit/s. Devices using 802.11b suffer from interference from baby monitors, bluetooth devices, cordless phones, and other 2.4GHz band devices.
802.11g was the next major consumer upgrade and boosted the max transmission to 54 Mbit/s (realistically about 22 Mbit/s accounting for error correction and signal strength). 802.11g suffers from the same kind of 2.4GHz band interference that 802.11b does.
802.11n is a significant upgrade to the Wi-Fi standards—devices use multiple-input multiple-output antennas (MIMO) to operate on both the 2.4GHz and relatively empty 5GHz bands. 802.11n has a theoretical maximum of 300 Mbit/s but accounting for error correction and less than ideal conditions you can expect speeds in 100-150 Mbit/s range.
Like Ethernet, Wi-Fi speeds are limited by the weakest link in the direct network. If you have an 802.11n capable Wi-Fi router but your netbook only has an 802.11g capable Wi-Fi module you will max out at the 802.11g speeds. In addition to the speed limitations there is a very pressing reason for abandoning the oldest popular Wi-Fi protocol 802.11b. Youmust use the same level of encryption on every device in your network and the encryption schemes available to 802.11b devices are weak and have been compromised (WEP encryption, for example, can be compromised in a matter of minutes by a moderately skilled child). Upgrading your Wi-Fi router and wireless equipment allows you to upgrade your wireless encryption as well as enjoy faster speeds. If you haven’t done anything to secure your router now would be a good time to read our guide to locking down your Wi-Fi network against intrusion.
Also like Ethernet, upgrading to the maximum speed—in this case 802.11n—is best suited for people moving large files and streaming HD video. Upgrading to 802.11n will have a negligible impact on your web browsing speed but will have an enormous impact on your ability to wirelessly stream HD content around your home.
At this point you’ve got a handle on how your home network needs to be laid out and you have an understanding of what the network speed designations mean and how they impact you and your network. It’s time to upgrade your switch, roll out some new Wi-Fi bandwidth, and enjoy a better optimized home network.
Posted by Newbie at 20:24 1 comments
Labels: ,

Wednesday 30 November 2011

Small Note on SVhost.exe


Svchost.exe groups are identified in the following registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost
During system initialization, Windows 2000 creates several threads in the System process, called system worker threads that exist solely to perform work on behalf of other threads.
There are three types of system worker threads:
Delayed worker threads execute at priority 12, process work items that aren't considered time-critical, and can have their stack paged out to a paging file while they wait for work items.
Critical worker threads execute at priority 13, process time-critical work items, and on Windows 2000 Server installations have their stacks present in physical memory at all times.
A single hypercritical worker thread executes at priority 15 and also keeps its stack in memory. The process manager uses the hypercritical work item to execute the thread "reaper"
Function that frees terminated threads.
Posted by Newbie at 14:20 0 comments
Labels: , ,

Friday 25 November 2011

Quick Tip: Select files in Windows Explorer with check boxes

Takeaway: With one little tweak, you can change the behavior of Microsoft Windows Explorer to allow multiple file selection with check boxes.
In previous  we have presented several Windows Explorer tweaks that make the tool more efficient and, in some cases, just plain less frustrating. But there is one tweak we have yet to mention — the ability to select multiple files with check boxes.
While you can select multiple files in Windows Explorer by holding down the CTRL key for each mouse click, that is a two-handed procedure. However, with the check box feature turned on, you can select multiple files with one mouse-equipped hand. To turn on this feature, you will have to change a setting in the Folder and Search Options of Windows Explorer.


Change options

Open a session of Windows Explorer in a folder with numerous files, like the one shown in Figure A.

Figure A

Open Windows Explorer.
Click the Organize tab on the top menu and navigate to the Folder and Search Options menu item, as shown in Figure B.

Figure B

Navigate to the Folder and Search Options menu item.
When you get to the Folder Options screen, click on the View tab (Figure C). Notice some the changes we made to Windows Explorer before, such as showing hidden files and system files — two of my favorites.

Figure C

Click the View tab.
Scroll down the list of options and find the Use Check Boxes to Select Items entry in the list (Figure D) and check the box to activate the feature. Click OK to put it into effect.

Figure D

Check the Use Check Boxes to Select Items entry.
Now when you go back to the Windows Explorer window, you will see check boxes next to each file in the folder (Figure E). You will also see a check box that will check all the files in the folder.

Figure E

Now we have check boxes.
Stay on top of the latest Microsoft Windows tips and tricks with TechRepublic’s Windows Desktop newsletter, delivered every Monday and Thursday. Automatically sign up today!
Posted by Newbie at 12:24 0 comments
Labels: ,

Thursday 24 November 2011

Monitoring and Troubleshooting the DHCP Server


Users can use the Event Viewer tool in the Administrative Tools folder to monitor DHCP activity. Event Viewer stores events that are logged into the system log, application log, and security log. The system log contains events that are associated with the operating system. The application log stores events that pertain to applications running on the computer. Events that are associated with auditing activities are logged into the security log. All events that are DHCP-specific are logged into the System log. The DHCP system event log contains events that are associated with DHCP service and DHCP server activities, such as when the DHCP server started and stopped, when DHCP leases are close to being depleted, and when the DHCP database is corrupt.
A few DHCP system event log IDs are listed below:
  • Event ID 1037 (Information): Indicates that the DHCP server has begun to clean up the DHCP database.
  • Event ID 1038 (Information): Indicates that the DHCP server cleaned up the DHCP database for unicast addresses: 
    • 0 IP address leases were recovered.
    • 0 records were deleted.
  • Event ID 1039 (Information): Indicates that the DHCP server cleaned up the DHCP database for multicast addresses:monitoring and troubleshooting the dhcp server Monitoring and Troubleshooting the DHCP Server 
    • 0 IP address leases were recovered.
    • 0 records were deleted.
  • Event ID 1044 (Information): Indicates that the DHCP server has concluded that it is authorized to start and is currently servicing DHCP client requests for IP addresses.
  • Event ID 1042 (Warning): Indicates that the DHCP service running on the server has detected servers on the network.
  • Event ID 1056 (Warning): Indicates that the DHCP service has determined that it is running on a domain controller and no credentials are configured for DDNS registrations.
  • Event ID 1046 (Error): Indicates that the DHCP service running on the server has determined that it is not authorized to start servicing DHCP clients.

Using System Monitor to Monitor DHCP Activity

The System Monitor utility is the main tool for monitoring system performance. System Monitor can track various processes on the Windows system in real time. The utility uses a graphical display that views current data or log data. Users can specify elements or components that should be tracked on the local computer and remote computers. They can determine resource usage by monitoring trends. System Monitor can be displayed in a graph, histogram, or report format. System Monitor uses objects, counters, and instances to monitor the system.
System Monitor is a valuable tool when users need to monitor and troubleshoot DHCP traffic being passed between the DHCP server and DHCP clients. Through System Monitor, users can set counters to monitor:
  • The DHCP lease process
  • The DHCP queue length
  • Duplicate IP address discards
  • DHCP server-side conflict attempts
To start System Monitor:
  1. Click Start, Administrative Tools, and Performance.
  2. When the Performance console opens, open System Monitor.
The DHCP performance counters that track DHCP traffic are:
  • Acks/sec – indicates the rate at which the DHCP server sends DHCPACK messages.
  • Active Queue Length – indicates how many packets are in the DHCP queue for the DHCP server to process.
  • Conflict Check Queue Length – indicates how many packets are in the DHCP queue that are waiting for conflict detection.
  • Declines/sec – indicates the rate at which the DHCP server receives DHCPDECLINE messages.
  • Discovers/sec – indicates the rate at which the DHCP server receives DHCPDISCOVER messages.
  • Duplicaed Dropped/sec – indicates the rate at which the DHCP server receives duplicated packets.
  • Informs/sec – indicates the rate at which the DHCP server receives DHCPINFORM messages.
  • Milliseconds per packet (Avg.) – indicates the average time that the DHCP server takes to send a response.
  • Nacks/sec – indicates the rate at which the DHCP server sends DHCPNACK messages.
  • Packets Expired/sec – indicates the rate at which packets are expired while waiting in the DHCP server queue.
  • Packets Received/sec – indicates the rate at which the DHCP server is receiving packets.
  • Releases/sec – indicates the rate at which the DHCP server receives DHCPRELEASE messages.
  • Requests/sec – indicates the rate at which the DHCP server receives DHCPREQUEST messages.

Using Network Monitor to Monitor DHCP Lease Traffic

Network Monitor can be used to monitor network traffic and to troubleshoot network issues or problems. Network Monitor shipped with Windows Server 2003 allows users to monitor network activity and use the gathered information to manage and optimize traffic, identify unnecessary protocols, and to detect problems with network applications and services. In order to capture frames, users have to install the Network Monitor application and the Network Monitor driver on the server where Network Monitor will be run. The Network Monitor driver makes it possible for Network Monitor to receive frames from the network adapter.
The two versions of Network Monitor are:
  • The Network Monitor version included with Windows Server 2003: With this Network Monitor version, users can monitor network activity only on the local computer running Network Monitor.
  • The Network Monitor version (full) included with Microsoft Systems Management Server (SMS): With this version, users can monitor network activity on all devices on a network segment. Users can capture frames from a remote computer, resolve device names to MAC addresses, and determine the user and protocol that is consuming the most bandwidth.
Because of these features, users can use Network Monitor to monitor and troubleshoot DHCP lease traffic. The Network Monitor version included in Windows Server 2003 can be used to capture and analyze the traffic that the DHCP server receives. Before the Network Monitor can be used to monitor DHCP lease traffic, it has to be installed. The Network Monitor driver is automatically installed when Network Monitor is installed.
How to Install Network Monitor
  1. Click Start then click Control Panel.
  2. Click Add Or Remove Programs to open the Add Or Remove programs dialog box.
  3. Click Add/Remove Windows Components.
  4. Select Management and Monitoring Tools and click the Details button.
  5. On the Management and Monitoring Tools dialog box, select the Network Monitor Tools checkbox and click OK.
  6. Click Next when returned to the Windows Components Wizard.
  7. If prompted during the installation process for additional files, place the Windows Server 2003 CD-ROM into the CD-ROM drive.
  8. Click Finish on the Completing the Windows Components Wizard page.
Capture filters disregard frames that the user does not want to capture before they are stored in the capture buffer. When a capture filter is created, define settings that can be used to detect the frames that should not be captured. Capture filters can be designed in the Capture Window to only capture specific DHCP traffic by selecting Filter from the Capture menu. Users can also create a display filter after data is captured. A display filter enables users to decide what is displayed.
How to start a DHCP lease traffic capture in Network Monitor:
  1. Open Network Monitor.
  2. Use the Tools menu to click Capture then click Start.
  3. In order to examine captured data during the capture, select Stop And View from the Capture menu.

Understanding DHCP Server Log Files

DHCP server log files are comma-delimited text files. Each log entry represents one line of text. Through DHCP logging, many different events can be logged. A few of these events are listed below:
  • DHCP server events
  • DHCP client events
  • DHCP leasing
  • DHCP rogue server detection events
  • Active Directory authorization
The DHCP server log file format is depicted below. Each log file entry’s fields are listed below, and in this particular order as well:
  • ID: This is the DHCP server event ID code. Event codes describe information about the activity being logged.
  • Date: The date when the particular log file entry was logged on the DHCP server.
  • Time: The time when the particular log file entry was logged on the DHCP server.
  • Description: This is a description of the particular DHCP server event.
  • IP Address: This is the DHCP client’s IP address.
  • Host Name: This is the DHCP client’s host name.
  • MAC Address: This is the MAC address that the DHCP client’s network adapter uses.
DHCP server log files use reserved event ID codes. These event ID codes describe information on the activities being logged. The actual log file only describes event ID codes lower than 50.
A few common DHCP server log event ID codes are listed below:
  • 00 – indicates the log was started.
  • 01 -  indicates the log was stopped.
  • 02 -  indicates that the log was temporarily paused due to low disk space.
  • 10 – indicates that a new IP address was leased to a client.
  • 11 -  indicates that a client renewed the lease.
  • 12 -  indicates that a client released a lease.
  • 13 -  indicates that an IP address was detected to be in use on the network.
  • 14 -  indicates a lease request could not be satisfied due to the scope’s address pool being exhausted.
  • 15 – indicates that a lease was denied.
  • 16 – indicates that a lease was deleted.
  • 17 – indicates that a lease was expired.
  • 20 -  indicates that a BootP address was leased to a client.
  • 21 – indicates that a dynamic BOOTP address was leased to a client.
  • 22 – indicates that a BOOTP request could not be satisfied because the scope’s address pool for BOOTP is exhausted.
  • 23 -  indicates that a BOOTP IP address was deleted after confirming it was not being used.
  • 24 – indicates that an IP address cleanup operation has started.
  • 25 -  indicates IP address cleanup statistics.
  • 30 – indicates a DNS update request.
  • 31 – indicates that the DNS update failed.
  • 32 – indicates that the DNS update was successful.
The following DHCP server log event ID codes are not described in the DHCP log file. TheseDHCP server log event ID codes relate to the DHCP server’s Active Directory authorization status:
  • 50 – Unreachable domain: The DHCP server could not locate the applicable domain for its Active Directory installation.
  • 51 – Authorization succeeded: The DHCP server was authorized to start on the network.
  • 52 – Upgraded to a Windows Server 2003 operating system: The DHCP server was recently upgraded to a Windows Server 2003 OS, therefore, the unauthorized DHCP server detection feature (used to determine whether the server has been authorized in Active Directory) was disabled.
  • 53 – Cached authorization: The DHCP server was authorized to start using previously cached information. Active Directory was not visible at the time the server was started on the network.
  • 54 – Authorization failed: The DHCP server was not authorized to start on the network. When this occurs, it is likely followed by the server being stopped.
  • 55 – Authorization (servicing): The DHCP server was successfully authorized to start on the network.
  • 56 – Authorization failure: The DHCP server was not authorized to start on the network and Windows Server 2003 OS shut it own. Users must first authorize the server in the directory before re-starting it.
  • 57 – Server found in domain: Another DHCP server exists and is authorized for service in the same Active Directory domain.
  • 58 – Server could not find domain: The DHCP server could not locate the specified Active Directory domain.
  • 59 – Network failure: A network-related failure prevented the server from determining if it is authorized.
  • 60 – No DC is DS enabled: No Active Directory DC was located. For detecting whether the server is authorized, a domain controller that is enabled for Active Directory is needed.
  • 61 – Server found that belongs to DS domain: Another DHCP server that belongs to the Active Directory domain was found on the network.
  • 62 – Another server found: Another DHCP server was found on the network.
  • 63 – Restarting rogue detection: The DHCP server is trying once more to determine whether it is authorized to start and provide service on the network.
  • 64 – No DHCP enabled interfaces: The DHCP server has its service bindings or network connections configured so that it is not enabled to provide service.
How to Change the DHCP Log Files Location
  1. Open the DHCP console.
  2. Right-click the DHCP server node and select Properties from the shortcut menu.
  3. The DHCP Server Properties dialog box opens.
  4. Click the Advanced tab.
  5. Change the audit log file location in the Audit Log File Path text box.
  6. Click OK.
How to Disable DHCP Logging
  1. Open the DHCP console.
  2. Right-click the DHCP server node and select Properties from the shortcut menu.
  3. The DHCP Server Properties dialog box opens.
  4. On the General tab, clear the Enable DHCP Audit Logging checkbox to disable DHCP server logging.
  5. Click OK.

Troubleshooting the DHCP Client Configuration

A DHCP failure usually exists when the following events occur:
  • A DHCP client cannot contact the DHCP server
  • A DHCP client loses connectivity
When these events occur, one of the first things to do is determine whether the connectivity issues occurred because of the actual DHCP client configuration or whether it occurred because of some other network issue. Do this by determining the DHCP client’s IP address type.
To determine the address type:
  1. Use the Ipconfig command to determine if the client received an IP addresses lease from the DHCP server.
  2. The client received an IP address from the DHCP server if the Ipconfig /all output displays: 
    • The DHCP server as being enabled.
    • The IP address is displayed as IP Address. It should not be displayed as Autoconfiguration IP Address.
  3. Users can also use the network connection’s status dialog box to determine the client’s IP address type.
  4. To view this information, double-click the appropriate network connection in the Network Connections dialog box.
  5. Click the Support tab.
  6. The IP address type should be displayed as being Assigned By DHCP.
If after the above checks it can be concluded that the DHCP server assigned the IP address to the client, some other network issue is the cause of the DHCP server connectivity issues being experienced. The issue is not due to an IP addressing issue on the client.
When clients have the incorrect IP address, it is probably due to the computer not being able to contact the DHCP server. When this occurs, the computer assigns its own IP address through Automatic Private IP Addressing (APIPA).
Computers could be unable to contact the DHCP server for a number of reasons:
  • A problem might exist with the DHCP server’s hardware or software.
  • A data link protocol issue could be preventing the computer from communicating with the network.
  • The DHCP server and the client are on different LANs and there is no DHCP Relay Agent. A DHCP Relay Agent enables a DHCP server to handle IP address requests of clients that are located on a different LAN.
When a DHCP client is assigned an IP address that another client is currently using, anaddress conflict has occurred.
The process that detects duplicate IP addresses is illustrated below:
  1. When the computer starts, the system checks for any duplicate IP addresses.
  2. The TCP/IP protocol stack is disabled on the computer when the system detects duplicate IP addresses.
  3. An error message is shown that indicates the other system’s hardware address that this computer is in conflict with.
  4. The computer that initially owned the duplicate IP address experiences no interruptions and operates normally.
  5. Reconfigure the conflicting computer with a unique IP address so that the TCP/IP protocol stack can be enabled on that particular computer again.
When address conflicts exist, a warning message is displayed:
  • A warning is displayed in the system tray.
  • A warning message is displayed in the System log, which can be viewed in Event Viewer.
Address conflicts usually occur under the following circumstances:
  • There are competing DHCP servers in one’s environment: One can use the Dhcploc.exe utility to locate any rogue DHCP servers. The Dhcploc.exe utility is included with the Windows Support Tools. To solve the competing DHCP server issue, locate the rogue DHCP servers, remove the necessary rogue DHCP servers, then check that no two DHCP servers can allocate IP address leases from the same IP address range.
  • scope redeploymenthas occurred: recover from a scope redeployment through the following strategy: 
    • Increase the conflict attempts on the DHCP server.
    • Renew the DHCP client leases.
One of the following methods can be used to renew the DHCP client leases:
    • Use the Ipconfig /renew command.
    • The Repair button of the status dialog box (Support tab) of the connection can be used to renew the DHCP client lease.
When the Repair button of the status dialog box (Support tab) of the connection is clicked to renew the DHCP client lease, the following process occurs:
  1. A DHCPREQUEST message is broadcast on the network to renew the DHCP clients’ IP address leases.
  2. The ARP cache is flushed.
  3. The NetBIOS cache is flushed.
  4. The DNS cache is flushed.
  5. The NetBIOS name and the client’s IP address is registered again with the WINS server.
  6. The client’s computer name and IP address are registered again with the DNS server.
Enable server-side conflict detection through the following process:
  1. Open the DHCP console.
  2. Right-click the DHCP server in the console tree and select Properties from the shortcut menu.
  3. When the Server Properties dialog box opens, click the Advanced tab.
  4. Set the number of times that the DHCP server should run conflict detection prior to it leasing an IP address to a client.
  5. Click OK.
A few troubleshooting strategies that can be used when a DHCP client cannot obtain an IP address from the DHCP server are summarized below:
  • Use the Ipconfig /renew command or the Repair button of the status dialog box (Support tab) of the connection to refresh the client’s IP configuration.
  • Verify that the DHCP server is enabled and that a configured DHCP Relay Agent exists in the broadcast range.
  • If the client still cannot obtain an IP address from the DHCP server, check that the actual physical connection to the DHCP server or DHCP Relay Agent is operating correctly and is not broken.
  • Verify the status of the DHCP server and DHCP Relay Agent.
  • If the issue still persists after all the above checks have been performed, there might be an issue at the DHCP server or a scope issue might exist.
  • When troubleshooting the DHCP server: 
    • Check that the DHCP server is installed and enabled.
    • Check that the DHCP server is correctly configured.
    • Verify that the DHCP server is authorized.
  • When troubleshooting the scope configured for the DHCP server: 
    • Check that the scope is enabled.
    • Check whether all the available IP leases have already been assigned to clients.
A few troubleshooting strategies to use when a DHCP client obtains an IP address from the incorrect scope are summarized below:
  • First determine whether competing DHCP servers exist on the network. Use the Dhcploc.exe utility included with the Windows Support Tools to locate rogue DHCP servers that are allocating IP addresses to clients.
  • If no rogue DHCP servers are located through the Dhcploc.exe utility, verify that each DHCP server is allocating IP address leases from unique scopes. There should be no overlapping of the address space.
  • If there are multiple scopes on the DHCP server and the DHCP server is assigning IP addresses to clients on remote subnets, verify that a DHCP Relay Agent that is used to enable communication with the DHCP server has the correct address.

Troubleshooting the DHCP Server Configuration

If users have clients that cannot obtain IP addresses from the DHCP server even though they can contact the DHCP server, do the following:
  • Verify that the DHCP Server service is running on the particular server.
  • Check the actual TCP/IP configuration settings on the DHCP server.
  • If using the Active Directory directory service, verify that the DHCP server is authorized.
  • The DHCP server could be configured with the incorrect scope. Check that the scope is correct on the DHCP server and verify that it is active.
To verify the DHCP server’s configuration, use the following process:
  • First check that the DHCP server is configured with the correct IP address. The network ID of the address being used must be the same for the subnet for which the DHCP server is expected to assign IP addresses to the client.
  • Verify the DHCP server’s network bindings. The DHCP server must be bound to the particular subnet. To check this: 
    1. Open the DHCP console.
    2. Right-click the DHCP server in the console tree and select Properties from the shortcut menu.
    3. When the Server Properties dialog box opens, click the Advanced tab.
    4. Click the Bindings button.
  • Check that the DHCP server is authorized in Active Directory. The DHCP server has to be authorized in Active Directory so that it can provide IP addresses to the DHCP clients. To authorize the DHCP server: 
    1. Open the DHCP console.
    2. In the console tree, expand the DHCP server node.
    3. Click the DHCP server to be authorized.
    4. Click the action menu then select Authorize.
  • Verify the scope configuration associated with the DHCP server:
  • Check that the scope is activated. To activate a scope: 
    1. Open the DHCP console.
    2. Right-click the scope in the console tree and select Activate from the shortcut menu.
  • Verify that the scope is configured with the correct IP address range.
  • Verify that there are available IP address leases that can be assigned to the DHCP clients.
  • Verify the exclusions specified in the address pool. Confirm that all exclusions are valid and necessary. Verify that no IP addresses are being unnecessarily excluded.
  • Verify the reservations specified. If there is a client that cannot obtain a reserved IP address, check whether the same address is also defined as an exclusion in the address pool. All reserved IP addresses must fall within the scope’s address range. Also, check that the MAC addresses were successfully registered for all IP addresses that are reserved.
  • If you there are DHCP servers that contain multiple scopes, check that each scope is configured correctly.

Troubleshooting DHCP Database Issues

The DHCP service uses a number of database files to maintain DHCP specific data or information on IP addresses leases, scopes, superscopes, and DHCP options. The DHCP database files that are located in the systemrootSystem32DHCP folder are listed below. These files remain open while the DHCP service is running on the server. Therefore, do not change any of these files while the DHCP service is running.
  • Dhcp.mdb: This is considered the main DHCP database file because it contains all scope information.
  • Dhcp.tmp: This file contains a backup copy of the database file created during DHCP database re-indexing.
  • J50.log: This log file contains changes prior to it being written to the DHCP database.
  • J50.chk: This checkpoint file informs DHCP on those log files that still have to be recovered.
To change the DHCP server’s role and move its functions to another server, it is recommended that the DHCP database be migrated to the new DHCP server. This strategy prevents errors that occur when someone manually attempts to recreate information in the destination DHCP server’s DHCP database.
To migrate an existing DHCP database to a new DHCP server:
  1. Open the DHCP console.
  2. Right-click the DHCP server whose database will be moved to a different server and select Backup from the shortcut menu.
  3. When the Browse For Folder dialog box opens, select the folder to which the DHCP database should be backed up. Click OK.
  4. To prevent the DHCP server from allocating new IP addresses to clients once the DHCP server database is backed up, stop the DHCP server.
  5. Open the Services console.
  6. Double-click the DHCP server.
  7. When the DHCP Server Properties dialog box opens, select Disable from the Startup Type drop down list.
  8. Copy the folder that contains the backup to the new DHCP server. Restore the DHCP backup at the destination DHCP server.
  9. Open the DHCP console.
  10. Right-click the destination DHCP server for which the DHCP database will be restored and select Restore from the shortcut menu.
  11. When the Browse For Folder dialog box opens, select the folder that contains the back up of the database to be restored. Click OK.
  12. Click Yes when prompted to restore the database and to stop and restart the DHCP service.
If the lease information in the DHCP database does not correspond with the actual IP addresses leased to clients on the network, delete the existing database files and commence with a clean (new) database. To do this:
  1. Stop the DHCP service.
  2. Remove all the DHCP database files from the systemrootsystem32DHCP folder.
  3. Restart the DHCP service.
  4. Rebuild the database’s contents by reconciling the DHCP scopes. The DHCP console is used for this.
When DHCP database information is inconsistent with what is on the network, corrupt, or when information is missing, reconcile DHCP data for the scopes to recover the database. The DHCP service stores IP addresses lease data as follows:
  • Detailed IP address lease information is stored in the DHCP database.
  • Summary IP address lease information is stored in the DHCP database.
These sets of information are compared when scopes are reconciled. Before reconciling the DHCP server’s scopes, stop the DHCP service running on the server. Repair any inconsistencies that the comparison between the DHCP database and the Registry contents detects.

How to Reconcile the DHCP Database

  1. Open the DHCP console.
  2. Right-click the DHCP server for which the DHCP database should be reconciled, then select Reconcile All Scopes from the shortcut menu. The Reconcile All Scopes command also appears as an Action menu item.
  3. When the Reconcile All Scopes dialog box opens, click Verify to start the DHCP database reconciliation process.
  4. When no inconsistencies are reported, click OK.
  5. When inconsistencies are detected, select the addresses that need to be reconciled then click Reconcile.
  6. The inconsistencies are repaired.

How to Reconcile a Single Scope

  1. Open the DHCP console.
  2. In the console tree, expand the DHCP server node that contains the scope to be reconciled.
  3. Right-click the scope then select Reconcile from the shortcut menu.
  4. When the Reconcile All Scopes dialog box opens, click Verify to start the scope reconciliation process.
  5. When no inconsistencies are detected, click OK.
  6. When inconsistencies are detected, select the addresses that need to be reconciled then click Reconcile.
  7. The inconsistencies are repaired.
Posted by Newbie at 20:42 0 comments
Labels: , ,
Subscribe to: Posts (Atom)
Browser Name:
Browser Version:
Browser Code Name:
User-Agent: