cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DHCP server full with unknown and misformed MAC addresses

Terabyte
Brass Contributor

‎Jan 01 2020 02:57 PM

‎Jan 01 2020 02:57 PM

DHCP server full with unknown and misformed MAC addresses

We're seeing this across multiple customers and now for one it's causing their systems to run out of IPs.  They get dozens upon dozens of "Unique ID" registrations of something like:

 

3139322e3136382e312e31323400

 

These ONLY show up after doing a reconcile and can be deleted but can't be added to a deny filter.  They can be added to a registration but that doesn't solve the problem of them hogging IPs for devices that simply do not exist.

 

I've found a ton of other people talking about this, but no real definitive proof as to what's happening and no real solution other than PHP script found here:

https://camratus.com/2017/07/26/deal-with-dhcp-server-ip-exhausted/

I have no desire to install and maintain PHP on every Windows Server nor should we have to.  The Powershell command Export-DhcpServer  doesn't export these despite being shown in the table.  The Powershell command Get-DhcpServerv4Lease does show them, but it truncates them to have ... at the end of the normal MAC length which means I can't use Remove-DhcpServerv4Lease to remove them if I parse the output.  If I put the actual long MAC address in the Remove-DhcpServerv4Lease command it will remove it, but they change so I can't just build a list and run it as a scheduled task.

 

Given the plethora of posts and complaints about this I can't understand how 1) Microsoft has no articles I can find on it; 2) Microsoft has no guidance on how fix/stop it; 3) Microsoft hasn't updated DHCP on either Server 2016 or 2019 to resolve the issue.  This has apparently been happening since at least Server 2008 R2, though we just recently started having issues with it.

One poster here, https://social.technet.microsoft.com/Forums/ie/en-US/b5a40949-e6a0-4e9a-aa71-87b4b61d8edd/2008-r2-dh..., said they traced it to Win7 wifi miniport adapter but in all instances there are no Win7 machines on the network (they're all Win10 Pro).

 

Anyway, the bigger the network, the bigger the problem.  Small LANs with a half dozen systems will have a couple in them, while larger LANs with dozens or hundreds of PCs will have so man that the scope will down to 0% available IPs.  At this point with one client with about 140 devices on their /24, I'm going to have to convert it to a /23 just to have a DHCP range large enough to allow these registrations.  I just want them stopped.

 

BTW, the DHCP log files are logging exactly ZERO of these requests.

 

Anyway, anyone have any idea how to stop this madness without having to either do it manually or resorting to PHP?

 

Thanks!

6,709 Views
0 Likes
1 Reply
Reply
1 Reply
Dave Patrick

‎Jan 02 2020 06:38 AM

‎Jan 02 2020 06:38 AM

Re: DHCP server full with unknown and misformed MAC addresses

I'd suggest you can start a case here with product support. 

 

https://support.microsoft.com/en-us/hub/4343728/support-for-business

 

 

 

 

0 Likes
Reply