I will go ahead and make it known that I am green when it comes to admin duties in a Windows 2000 server environment. My primary skill sets are in hardware, windows workstation environments, and *nix shops. Having said that, here is the pickle I am in....

Friend of a friend has me do a series of hardware upgrades on the workstations in their doctor's office. Grand total of 6 workstations and one W2K Server. Once the workstation upgrades are done, they ask me to have a look see at the W2K Server. It is a standard issue, vanilla Dell 400SC. It has one single hard drive partitioned in two - W2K Server OS on one slice, 80GBs of data on slice two.

I suggest, at a minimum, that they put the data on a RAID1 array and also implement nightly incrementals to a dedicated backup box as well as regular snapshot images to an off-site box as well. They agree and we proceed.

Here is where the fun begins. I bring the server home on a Monday night, clean the innards (unopened in 5 years - wow!), slap (2) x 750GB WD RE3 drives and a 3ware PCI RAID card in there and reboot. Open 3ware BIOS, set the RAID1 array, and boot into windows. Set about formatting the new volume and notice that the Windrows update utility says the box needs umpteen windows security updates and hotfixes.

I figure no problem and plug a Cat5 cable in so that I can access Windows Update during the format and do the updates. Err, no connection as the W2K Server is a Domain Controller in its office and is looking for the same configuration here at my home office. I let the format finish and then take the server back to their office so that it is online before they open for business on Tuesday. While there, and with the server back in the domain it controls, I download the umpteen security updates and hotfixes. Smooth and easy as can be. Double check all of the workstations - everyone connects and has access to the files and shares they need. I dig a little deeper on the server and it looks to also be handling DHCP and DNS for the office's domain as well, though AD does not appear to be up and functioning. Thats enough for the night, I lock the door and go to bed.

Next day everything is quiet. The day after that, I get a call at 9:00 in the morning saying one of the workstations has dropped their internet and LAN connection. Go in, check settings, and the system has defaulted to a 169.254.XXX.XXX address - yuck. After digging for a while and not having any luck, I simply manually assign the workstation an IP address within the LAN's subnet and full functionality is restored. This assignment is done at the properties for the workstation's NIC - not on the W2K Server.

24 hours later I get a call that the wireless access point one of the doctors uses is no longer able to access the network either. The AP is a converted Belkin 54G wireless router that has been set into AP mode. I check everything on the router, NAT is OFF, AP mode is ON, network settings correct - me scratches head. For kicks and giggles I put it back into wireless router mode and test on a dummy network and it functions as expected so I rule out any hardware fault. I return it to AP mode and then turn my sights onto the Netgear FVS318 VPN/Firewall/Router that it is plugged into. Only problem is no one in the office knows the username and password to login into the Netgear FVS318. I try all of the defaults and even attempt to brute-force my way in for an hour. No dice. At this point, I am certain it is a setting in the Netgear FVS318, but I cannot access the damn thing to see what it is. As I am leaving, the doctor who uses the wireless AP mentions that when his connection went down, he went into the server area, unplugged all of the cables, turned the power off, then plugged them all back into different ports before turning the power back on. You have got to be kidding me! Fortunately, he did not mix up anything obvious like WAN and LAN, but I have wonder if there are port-specific settings on the FVS318? I have never used one so I am unsure.

The last wrinkle in the pickle was the next call I received a little more than 24 hours after the last. Within minutes of each other, the remaining 5 workstations all lost their connections to the internet and the LAN. Went back and checked each one and they had defaulted to 169.254.XXX.XXX just as the first one had 48hours ago. Just as with the first one, I simply manually assign each workstation a separate IP address within the LAN's subnet and full functionality is restored. Still no dice on the wireless AP - ugh. I did check the DHCP logs of the W2K server and it had entries corresponding with each workstation's lease expiration.

So that brings me current - their network is restored, but not perfectly, and I am little lost as well due to my inexperience with W2K Server as a DC. As I understand it now, the Netgear FVS318 acts as the router while the W2K Server doles out the IP addresses and handles all DNS functionality. What I cannot figure out is the following:

1) Why would the W2K Server drop all of the DHCP leases it had with the workstations and then not renew them for another lease period?

2) What advantage is there in having the W2K Server handle DHCP versus having the Netgear FVS318 do it?

3) How might actually be able to get the wireless AP functionality restored if I cannot access the settings on the FVS318?


Help with these and any other things I am overlooking in this setup would be greatly appreciated! Thanks in advance!

1. sounds to me like DHCP is either not running on the server and needs to be started (pool made live so to speak) eor the DHCP service has just not loaded at all. please check that, and if its just not running then before enabling it, you need to go round to all the machines with static IPs and set these back to automatic! otherwise, the server may issue new clients with a duplicate.

2. windows as a dhcp server is far better at handling the assignments, leases, mac to ip bindings that a netgear. although i am not familiar with that model netgear specifically.
you also, MUST use the windows server as a dhcp server, if the clients on the network wish to use file sharing by domain name. what the server will do is also DNS (so make sure that is started and running) the first dhcp dns response will be the w2k server, and the 2nd could be the isp's dns.

3. the wireless does not appear to have stopped working, but the wireless clients dhcp lease has expired, and because there is no dhcp server then the client has lost its old address and not been able to obtain another lease and therefore defaulting back to the windows issued 169.254.x.x

all of the above seem problems caused by no dhcp.

if that doctor has randomly plugged equipment back into the network and the individual ports have been configured for each device they connect, then you may have duplex mismatches but this may be a slight chance.

fix dhcp, and im pretty sure that you will have things working again. the thing about wireless is that it will authenticate and then try to get a dhcp address. if it cannot, then it will say that it cannot connect or similar.

the thing you should remember is that everything was working until you fixed the server. and the fact that the server WAS DHCP serving, and now no one can obtain a DHCP lease is the problem.
there may be a slim chance that you have not connected the server back into the LAN vlan, but if you used the same cables then i doubt it.

dhcp works by the server issueing an ip for a set amount of time. eg windows server default is 8 days. it should be just 1 day or 3 days though. so after this period the client will renew its ip again, and may or may not get re-issued the same one. it just seems to me that while you were gone, the lease times started expiring, and there was no server to issue a new ip.

also, make sure that the pool you enable is the same one. you dont want to be issueing ip's on the wrong subnet, let alone the wrong default gateway, dns addresses or anything else. (do they use VOIP phones?? if so, look for dhcp options if any)

p.s. thats some mess. if i were you, i would blame it on the windows updates, and quickly fix dhcp before anyone notices

ppe1700
Thank you for the response and detail. The last time I was sitting in front of that server, I did check the DHCP & DNS services - both were set to automatic and were started at the time.

I agree, the wireless is a symptom of the DHCP not an additional problem. The laptops can hit the AP and connect, they simply cannot get an IP address - hence, no DHCP.

What is starting to make the most sense to me now, and is thus most likely the cause, is that the W2K Server is plugged into the wrong port on the FVS318 as it does support vLANs and VPNs and is used for remote access. The only problem is, I have no f'ing idea which port is correct as the night I took the server home, the FVS318 was temporarily disconnected by the cleaning crew and randomly plugged back in. Then the doc then did his shuffle on top of it.

Since the FVS318 only has eight ports, and I am fairly certain that the W2K server was originally in one of the middle ports, would it not be possible to empty all of the ports, plug in one of the workstations PCs, that has been set to automatic DHCP, and then try the server in all of the ports until it recognizes the PC and assigns an IP as expected?

Granted, the most expedient thing would be to access the FVS318 directly, but again, no one as the FVS318 ID/Password combo to login and I really do not want to reset it back to default only to try and recreate its current state.

you need to check that although the services have started that also the pool is active in the dhcp settings and that a valid pool exists!

look, the easiest thing you can do to determine that the server is on the same vlan as the workstations, is unplug the server, and plug in your laptop into that ethernet port. give the laptop the SAME address and subnet mask of the server (since its disconnected this will be okay)
LEAVE THE DEFAULT GATEWAY EMPTY!!! and once you have done this, click ok and apply those static settings. now, firstly ping yourself to make sure the settings have taken (sometimes vista doesnt!) then, if you can, next is to ping a workstation on the lan! if that is good, then ping another. you could do a ping scan..

without knowing anything about the network, with the above settings i can say that if you CAN ping the machines with those static ip's you had already configured, and there is no gateway on your laptop, then the ping can ONLY travel the subnet you have configured on the laptop, therefore you are not using a gateway (since its not set and is blank) and that means that you are in the same vlan (or broadcast domain!)

i doubt someone has configured vlans though, i would be suprised on an 8 port switch! plus, remember if there are vlans set, then for communication between the vlans you would need some sort of router or routing device!

you need to check that although the services have started that also the pool is active in the dhcp settings and that a valid pool exists!

look, the easiest thing you can do to determine that the server is on the same vlan as the workstations, is unplug the server, and plug in your laptop into that ethernet port. give the laptop the SAME address and subnet mask of the server (since its disconnected this will be okay)
LEAVE THE DEFAULT GATEWAY EMPTY!!! and once you have done this, click ok and apply those static settings. now, firstly ping yourself to make sure the settings have taken (sometimes vista doesnt!) then, if you can, next is to ping a workstation on the lan! if that is good, then ping another. you could do a ping scan..

without knowing anything about the network, with the above settings i can say that if you CAN ping the machines with those static ip's you had already configured, and there is no gateway on your laptop, then the ping can ONLY travel the subnet you have configured on the laptop, therefore you are not using a gateway (since its not set and is blank) and that means that you are in the same vlan (or broadcast domain!)

i doubt someone has configured vlans though, i would be suprised on an 8 port switch! plus, remember if there are vlans set, then for communication between the vlans you would need some sort of router or routing device!


Here is the setup as they currently have it:

The DHCP Pool in W2K Server is set for the range of 192.168.0.100 to 192.168.0.150. It appears valid, but I am not sure how to test if it is active. It is the only pool listed. How do I check that it is active?

The workstations were pulling IPs within this range prior to the mixup, i.e. 192.168.0.101, 192.168.0.102, etc. The W2k Server has a static IP of 192.168.0.1

The current configuration of the workstations is as follows (manually entered)

IP Address: Static now (192.168.0.3/4/5/6/7/8), was issued by DHCP before the f'up
Subnet: 255.255.255.0
Gateway: 192.168.0.254
Primary DNS: 192.168.0.1
Secondary DNS: blank on workstations (ISP's DNS on the W2K Server)

That Gateway address is the IP address of the FVS318 VPN/Firewall/Router...the box that I cannot log into due the lack of info on ID/password.

Right now, everything works fine, except the Access Points are not issuing valid IPs so no wireless connections. But the workstations can hit their shares on the servers and get on the net so everyone is happy as can be.

Lastly, I agree about the VLANs on an 8-port box, possible, but doubtful. If they were not set, could there still be some sort of port-specific functionality defined on the FVS318 that would require the W2K Server be plugged into a specific port?

hm, you shouldnt really need to specially configure a port for a server. speed and duplex should be auto.
if you bring up the dhcp config box on windows, there should be something to start or stop the dhcp..
EDIT: i launched my virtual server at home and found this out for you: go to dhcp, click and expand your scope, check the pool is correct, and valid. then highlight your scope in the left panel, and on the top bar there will be a green up arrow or red down arrow depending on if its running or not.
whatever the colour, i would deactivate and then re-activate the scope, and then stop and restart the dhcp service.

the only other thing i will mention, is that on some switches ports you can configure them to drop dhcp reply packets! i seriously doubt this has been configured though.

while you are there, you should modify the dhcp pool to issue a 2nd dns address, eg 4.2.2.2 so that if the server goes BANG then people can still get out to the internet and resolve dns names. with their current setup, if you unplug their server they will all lose internet.

ppe1700
HUGE Help - thank you. That is exactly what I was looking at the other night - the scope is/was correct and valid, but the arrow was red and down! I will go around to the workstations and set all to auto DHCP, then I will go back and deactivate and then re-activate the scope, and then stop and restart the dhcp service as you suggest.

I know about the 2nd DNS - that is on my list of todo's when I return. I will give them one of the OpenDNS entries - just safer that way.

Thanks again!

the red arrow pointing down on the scope in the left means it is currently deactivated. the green arrow pointing upwards along the top, means its giving me the option to activate it from a deactivated state.

out of interest, how many nic ports does the server have?

anyways, even if the dhcp service is active, and started i would restart all to be on the safe side as either the broadcasts are not reaching the server OR the server is not replying to them.

the red arrow pointing down on the scope in the left means it is currently deactivated. the green arrow pointing upwards along the top, means its giving me the option to activate it from a deactivated state.

out of interest, how many nic ports does the server have?

anyways, even if the dhcp service is active, and started i would restart all to be on the safe side as either the broadcasts are not reaching the server OR the server is not replying to them.

The server has a single NIC - integrated into the mobo, not a separate card.

Thanks again!

The server has a single NIC - integrated into the mobo, not a separate card.

Thanks again!

ok, good luck!

In the end, it was the perpeptual hunt for f'ing rogue servers:

http://support.microsoft.com/kb/299363

One little reg hack and everything is back as it should be!