Windows 7 Client flooding network with DHCP requests. Not setting IP

dhcpisc-dhcpsamba4tcpipwindows 7

I have a small network, with 15 workstations, SAMBA AD, and a bunch of Virtualized linux servers. All the workstations, and servers are on the same subnet.

All workstations are running Windows 7 Pro

Both my Samba 4 DC, and ISC-DHCP-SERVER are running on the same virtualized host.

Most, if not all workstations have DHCP reservations configured.

One of my workstations will not acquire a dhcp address. When I enable the adapter, my DHCP Server's syslog reports the following: ( I have tried removing the dydns scripts, and it did not make any difference, so please disregard those messages.)

Jan  6 03:47:21 frfdc dhcpd[984]: DHCPREQUEST for 192.168.1.249         (192.168.1.19) from 00:23:24:a1:cd:80 via eth0
Jan  6 03:47:21 frfdc dhcpd[984]: DHCPACK on 192.168.1.249 to 00:23:24:a1:cd:80 via eth0
Jan  6 03:47:21 frfdc dhcpd[984]: DHCPDISCOVER from 00:23:24:a1:cd:80 via eth0
Jan  6 03:47:21 frfdc dhcpd[984]: DHCPOFFER on 192.168.1.249 to 00:23:24:a1:cd:80 via eth0
Jan  6 03:47:21 frfdc dhcpd[984]: Commit: IP: 192.168.1.249 DHCID: 1:0:23:24:a1:cd:80 Name: FRF-M014-PC
Jan  6 03:47:21 frfdc dhcpd[984]: execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns.sh
Jan  6 03:47:21 frfdc dhcpd[984]: execute_statement argv[1] = add
Jan  6 03:47:21 frfdc dhcpd[984]: execute_statement argv[2] = 192.168.1.249
Jan  6 03:47:21 frfdc dhcpd[984]: execute_statement argv[3] = 1:0:23:24:a1:cd:80
Jan  6 03:47:21 frfdc dhcpd[984]: execute_statement argv[4] = FRF-M014-PC
Jan  6 03:47:21 frfdc dhcpd: 06-01-18 03:47:21 [dyndns] : Getting new ticket, old one has expired
Jan  6 03:47:21 frfdc sh[984]: kinit: Permission denied while getting initial credentials
Jan  6 03:47:21 frfdc dhcpd: 06-01-18 03:47:21 [dyndns] : dhcpd kinit for dynamic DNS failed
Jan  6 03:47:21 frfdc dhcpd[984]: execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 256
Jan  6 03:47:21 frfdc dhcpd[984]: DHCPREQUEST for 192.168.1.249 (192.168.1.19) from 00:23:24:a1:cd:80 via eth0
Jan  6 03:47:21 frfdc dhcpd[984]: DHCPACK on 192.168.1.249 to 00:23:24:a1:cd:80 via eth0
Jan  6 03:47:21 frfdc dhcpd[984]: DHCPDISCOVER from 00:23:24:a1:cd:80 via eth0
Jan  6 03:47:21 frfdc dhcpd[984]: DHCPOFFER on 192.168.1.249 to 00:23:24:a1:cd:80 via eth0
Jan  6 03:47:21 frfdc dhcpd[984]: Commit: IP: 192.168.1.249 DHCID: 1:0:23:24:a1:cd:80 Name: FRF-M014-PC
Jan  6 03:47:21 frfdc dhcpd[984]: execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns.sh
Jan  6 03:47:21 frfdc dhcpd[984]: execute_statement argv[1] = add
Jan  6 03:47:21 frfdc dhcpd[984]: execute_statement argv[2] = 192.168.1.249
Jan  6 03:47:21 frfdc dhcpd[984]: execute_statement argv[3] = 1:0:23:24:a1:cd:80
Jan  6 03:47:21 frfdc dhcpd[984]: execute_statement argv[4] = FRF-M014-PC
Jan  6 03:47:21 frfdc dhcpd: 06-01-18 03:47:21 [dyndns] : Getting new ticket, old one has expired
Jan  6 03:47:21 frfdc sh[984]: kinit: Permission denied while getting initial credentials
Jan  6 03:47:21 frfdc dhcpd: 06-01-18 03:47:21 [dyndns] : dhcpd kinit for dynamic DNS failed
Jan  6 03:47:21 frfdc dhcpd[984]: execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 256

I appear to be getting flooded with 10 requests per second for this workstation. Eventually Windows times out, and assigns itself a 169.x.x.x address, and quits.

Any insights/suggestions would be most welcome.

On the workstation I have tried: Updating drivers. Installing bare OS. Disabling wireless NIC. Applying a registry setting "DhcpConnEnableBcastFlagToggle to 1" in HKLM-System-Current Control Set-Services-TCPIP-Parameters-interfaces-GUID.

On the Server I have tried updating the DHCP server. I am now at 3.3-5ubuntu12.7
I have investigated different delay settings, but they do not seem to help.

dhcpd.conf below: (Other reservations removed) 

default-lease-time 600;
max-lease-time 7200;

authoritative;

subnet 192.168.1.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.1.255;
  option time-offset 0;
  option routers 192.168.1.1;
  option domain-name "CHANGED.local";
  option domain-name-servers 192.168.1.19;
  option netbios-name-servers 192.168.1.19;
  option ntp-servers 192.168.1.19, 192.168.1.250;


host FRF-M014-PC.FRFCanada.local{
  hardware ethernet 00:23:24:a1:cd:80; 
  fixed-address 192.168.1.249; 
}

pool {
  max-lease-time 1800; # 30 minutes
  range 192.168.1.150 192.168.1.199;
  }
}

Update: Jan 7, 2018 12:40
I do not see anything the event logs on the client that looks relevant.
I have tried changing the reservation IP to 192.168.1.6 – The client still floods the dhcp server for about 30 seconds, but does eventually accept the IP. I am searching for a possible duplicate of 192.168.1.249 – but have not been able to find one as of yet. It's Sunday, and no-one else is in the office, so that might be part of the reason why.
I have also added the suggested registry key.

Update: Jan 7, 2018 12:40
I have celebrated too soon. I rebooted the client, and it is no longer accepting the IP

Update Jan 7, 2018 13:45
After 15 minutes of requesting an IP, the client eventually accepted the IP. Log captured below:

Jan  7 13:42:05 frfdc dhcpd[1693]: DHCPREQUEST for 192.168.1.6 (192.168.1.19) from 00:23:24:a1:cd:80 via eth0
Jan  7 13:42:05 frfdc dhcpd[1693]: DHCPACK on 192.168.1.6 to 00:23:24:a1:cd:80 via eth0
Jan  7 13:42:05 frfdc dhcpd[1693]: DHCPDISCOVER from 00:23:24:a1:cd:80 via eth0
Jan  7 13:42:05 frfdc dhcpd[1693]: DHCPOFFER on 192.168.1.6 to 00:23:24:a1:cd:80 via eth0
Jan  7 13:42:05 frfdc dhcpd[1693]: Commit: IP: 192.168.1.6 DHCID: 1:0:23:24:a1:cd:80 Name: FRF-M014-PC
Jan  7 13:42:05 frfdc dhcpd[1693]: execute_statement argv[0] = /etc/dhcp/bin/dhcp-dyndns.sh
Jan  7 13:42:05 frfdc dhcpd[1693]: execute_statement argv[1] = add
Jan  7 13:42:05 frfdc dhcpd[1693]: execute_statement argv[2] = 192.168.1.6
Jan  7 13:42:05 frfdc dhcpd[1693]: execute_statement argv[3] = 1:0:23:24:a1:cd:80
Jan  7 13:42:05 frfdc dhcpd[1693]: execute_statement argv[4] = FRF-M014-PC
Jan  7 13:42:05 frfdc dhcpd: 07-01-18 13:42:05 [dyndns] : Getting new ticket, old one has expired
Jan  7 13:42:05 frfdc sh[1693]: kinit: Permission denied while getting initial credentials
Jan  7 13:42:05 frfdc dhcpd: 07-01-18 13:42:05 [dyndns] : dhcpd kinit for dynamic DNS failed
Jan  7 13:42:05 frfdc dhcpd[1693]: execute: /etc/dhcp/bin/dhcp-dyndns.sh exit status 256
Jan  7 13:42:05 frfdc dhcpd[1693]: DHCPREQUEST for 192.168.1.6 (192.168.1.19) from 00:23:24:a1:cd:80 via eth0
Jan  7 13:42:05 frfdc dhcpd[1693]: DHCPACK on 192.168.1.6 to 00:23:24:a1:cd:80 via eth0
Jan  7 13:42:08 frfdc dhcpd[1693]: DHCPINFORM from 192.168.1.6 via eth0
Jan  7 13:42:08 frfdc dhcpd[1693]: DHCPACK to 192.168.1.6 (00:23:24:a1:cd:80) via eth0

Update Jan 7, 2018 14:45

Changed NIC, Updated reservation with new NIC's MAC.
Same result.

Update Jan 8, 2018 9:45

Wireshark screen-shot from DHCP Server capturing all traffic from client ether address.

Update Jan 9, 2018

I have acquired an outage window for Jan 13/14. No more updates until the 15'th

Update Jan 14, 2018
I tried rebooting the switch, and physical server. Still no change.
I then assigned the server it's own physical NIC / Switch port. Still no change.
I then reviewed the switch configuration, and re-applied the port settings to the port being used, and the flood seems to have stopped. I am not yet convinced, and will monitor for a couple of days.

Best Answer

Seem to me a bad NIC in the workstation.

Try a firmware update and if it still don’t work change the NIC.

Related Topic